Hackers withdrew $1,1 million from the Levana protocol’s liquidity pools in 13 days
The developers have committed to reimburse the losses to the liquidity providers
28.12.2023 - 14:35
134
2 min
0
What’s new? Levana, a perpetual swap trading protocol based on the Osmosis blockchain, was exploited for 13 days. Between December 13 and December 26, hackers withdrew 10% of the project’s liquidity pool reserves worth over $1,1 million. The Levana team pledged to compensate liquidity providers for the losses and suspended the ability to edit and create new positions.
What else is known? As Levana developers reported in the findings, the attackers exploited a vulnerability that occurred during a period of high load on the Osmosis network, preventing Levana users from interacting with the markets because the price of gas was insufficient for transactions.
It also caused prices to be incorrectly displayed in Levana’s integrated Pyth oracle, as users were unable to update their contracts. Combined, this allowed attackers to manipulate prices and deplete pools. However, no vulnerability was found in Pyth itself; the oracle “behaved exactly as expected,” the developers write.
Existing trading positions and profits remained intact despite the exploit. The team is working on a bug fix that will be implemented when the code is updated on the networks where Levana operates: Osmosis, Sei, and Injective.
Osmosis is a Layer 1 (L1) blockchain built in the Cosmos ecosystem using the Cosmos SDK application programming toolkit and the Tendermint consensus mechanism.
Levana writes that many of the problems the project has encountered with Osmosis are not the result of flaws in the blockchain. But rather relate to the limitations of the Cosmos SDK and Tendermint in scaling and implementing efforts to meet the needs of an active user base.
Useful material?
Incidents
Roger Ver has been accused of not paying taxes
May 1, 2024
Mining
After the publication of the financial report, the company’s shares added 5%
Apr 30, 2024
Market
The commission had previously warned the developer of potential enforcement actions
Apr 29, 2024
Market
Funds can be seized by law enforcers due to links to illegal activity
Apr 26, 2024
Market
Tether Finance division will be responsible for the issuance and redemption of USDT stablecoins
Apr 18, 2024
Trends
The first project introduced on the platform will be BounceBit (BB)
Apr 18, 2024