Hackers withdrew $1,1 million from the Levana protocol’s liquidity pools in 13 days
The developers have committed to reimburse the losses to the liquidity providers
28.12.2023 - 14:35
672
2 min
0
Last updated on Aug 5, 2024
What’s new? Levana, a perpetual swap trading protocol based on the Osmosis blockchain, was exploited for 13 days. Between December 13 and December 26, hackers withdrew 10% of the project’s liquidity pool reserves worth over $1,1 million. The Levana team pledged to compensate liquidity providers for the losses and suspended the ability to edit and create new positions.
What else is known? As Levana developers reported in the findings, the attackers exploited a vulnerability that occurred during a period of high load on the Osmosis network, preventing Levana users from interacting with the markets because the price of gas was insufficient for transactions.
It also caused prices to be incorrectly displayed in Levana’s integrated Pyth oracle, as users were unable to update their contracts. Combined, this allowed attackers to manipulate prices and deplete pools. However, no vulnerability was found in Pyth itself; the oracle “behaved exactly as expected,” the developers write.
Existing trading positions and profits remained intact despite the exploit. The team is working on a bug fix that will be implemented when the code is updated on the networks where Levana operates: Osmosis, Sei, and Injective.
Osmosis is a Layer 1 (L1) blockchain built in the Cosmos ecosystem using the Cosmos SDK application programming toolkit and the Tendermint consensus mechanism.
Levana writes that many of the problems the project has encountered with Osmosis are not the result of flaws in the blockchain. But rather relate to the limitations of the Cosmos SDK and Tendermint in scaling and implementing efforts to meet the needs of an active user base.
Useful material?
Telegram 
Twitter Incidents
The company is linking the incident to a compromised private key on a service wallet, rather than a smart contract exploit
May 22, 2026
Incidents
Following the incident, the project temporarily halted trading operations and node activity.
May 15, 2026
Incidents
The user spent weeks unsuccessfully trying to guess the password until Claude helped find an old wallet backup file
May 14, 2026
Crypto regulations
Authorities are introducing mandatory registration for companies handling cross-border crypto transactions
May 8, 2026
Incidents
According to Blockaid, the attack may have been carried out by the same hacker behind the 1inch Fusion V1 exploit.
May 7, 2026
Incidents
The attacker gained administrative access and altered contracts to drain user funds
Apr 30, 2026
Cryptocurrency rates
-
Bitcoin
$63 929
BTC
-4.91%
-
Ethereum
$2 551.16
ETH
+3.56%
-
BNB Smart Chain
$579.4
BSC
+1.23%
-
Ripple
$1.19
XRP
-3.2%
-
Dogecoin
$0.09004
DOGE
-3.91%
-
TRON
$0.160134
TRX
-1.59%
-
Zcash
$604.7
ZEC
-1.68%
-
Cardano
$0.196746
ADA
-8.32%
-
Stellar XLM
$0.21004
XLM
-6.82%
-
Polkadot
$3.32
DOT
+5.27%