A few days ago, decentralized crypto exchange platform Osmosis was hacked and lost $5 M as a result. Attackers found a bug on Liquidity Pools, and were able to move funds.
Related: Hacker Stole 20 M Optimism OP Tokens, Transferred 1 M to Buterin
Osmosis was launched in June 2021 on the Cosmos blockchain. According to data from DeFi Llama, currently the Total Value Locked on the network stands at above $212 M.
The Osmosis team announced that currently the code patch and emergency upgrade are in the process of testing. The restart of the chain is expected this weekend.
First, the error was noted in a Reddit post on the Cosmos Network page by a user named Straight-Hat3855. He described how the bug enabled users to increase LP by 50% by adding and removing liquidity. The post was deleted soon, but the attackers were able to exploit a bug that removed about $5 M.
After the attack, the Osmosis platform stopped activities. The team began investigations and worked on resuming transactions. Later, Osmosis tweeted that 2 out of 4 hackers have been identified that account for more than 95% of the sum. They expressed their intent to return the taken amount completely.
About an hour later, FireStake, a validator in the Cosmos blockchain, revealed that two members started testing to see whether the vulnerability was real. Then, testing led to a temporary lapse in good judgment and they managed to change $226 to $2M. Then, FireStake thought about how to correct the situation. The team announced working with Osmosis to help get the funds back fast.