Hackers withdrew $1,1 million from the Levana protocol’s liquidity pools in 13 days

The developers have committed to reimburse the losses to the liquidity providers

28.12.2023 - 14:35

134

2 min

What’s new? Levana, a perpetual swap trading protocol based on the Osmosis blockchain, was exploited for 13 days. Between December 13 and December 26, hackers withdrew 10% of the project’s liquidity pool reserves worth over $1,1 million. The Levana team pledged to compensate liquidity providers for the losses and suspended the ability to edit and create new positions.

Levana’s report

What else is known? As Levana developers reported in the findings, the attackers exploited a vulnerability that occurred during a period of high load on the Osmosis network, preventing Levana users from interacting with the markets because the price of gas was insufficient for transactions.

It also caused prices to be incorrectly displayed in Levana’s integrated Pyth oracle, as users were unable to update their contracts. Combined, this allowed attackers to manipulate prices and deplete pools. However, no vulnerability was found in Pyth itself; the oracle “behaved exactly as expected,” the developers write.

Existing trading positions and profits remained intact despite the exploit. The team is working on a bug fix that will be implemented when the code is updated on the networks where Levana operates: Osmosis, Sei, and Injective.

Osmosis is a Layer 1 (L1) blockchain built in the Cosmos ecosystem using the Cosmos SDK application programming toolkit and the Tendermint consensus mechanism.

What is Cosmos (ATOM)

We explain the structure of the ecosystem for creating blockchains

Levana writes that many of the problems the project has encountered with Osmosis are not the result of flaws in the blockchain. But rather relate to the limitations of the Cosmos SDK and Tendermint in scaling and implementing efforts to meet the needs of an active user base.

Author: