Access the research, insights & education you need to navigate the crypto space confidently
Blockchain

Osmosis Network breached, faces loss of $5M until now

09 Jun 2022 : 11:35
2 min read
  • Osmosis Network has been breached, and the losses amount to $5 million.
  • A Reddit user pointed out that anyone who deposits funds in the pool would gain an extra 50%.
  • The Osmosis DEX and its native wallet remain inoperative, and a recovery plan will be revealed soon.

Decentralized financial (DeFi) protocol based on Cosmos, Osmosis Network, has been breached, with the losses amounting to at least $5 million. 

The Osmosis Network hack

There was a bug in the Osmosis Network, and a Reddit user pointed out in a post that anyone who deposits funds in the pool would gain an extra 50% when they remove the funds. Notably, the post has now been deleted. 

The users began stealing the funds rapidly, taking advantage of the situation. In one such scenario, a user provided liquidity of 101,230 OSMO and made a 50% profit from the same, exiting his position with 151,084 OSMO tokens. This process was repeated almost 30 times. 

Validators of the Osmosis Network decided to report issues on Discord following the v9 Nitrogen upgrade, and the blockchain was halted to save the remaining liquidity on the decentralized exchange. 

Response

For the time being, the Osmosis DEX and its native wallet remain inoperative. According to the network’s official Twitter handle, “the software error that led to the chain halt was introduced in the latest Osmosis v9.0 update that went live yesterday.”

“Thankfully, the swift and decisive action taken by Osmosis validators and community members allowed the scope of exploitation to be relatively small. While the detailed calculation is still in progress, the total amount overdrawn is estimated at around $5M,” the network revealed.

Around one hour after Osmosis’ statement on the assault, FireStake, a validator in the Cosmos ecosystem, tweeted a Twitter thread revealing that two members of its staff exploited the vulnerability to the extent of $2 million. Furthermore, all losses will be covered, and information on the recovery plan will be revealed soon. The Twitter post added that “the bug itself was simple, and involved the incorrect calculation of LP shares when adding and removing liquidity from pools. It should have been caught. It was painfully overlooked in internal testing that was focused on more advanced functionality related to the upgrade.”


About Author

Anisha Pandey

More articles by this author

A writer, an artist, an engineer, and a girl with a colorful mind, Anisha believes in achieving results smartly and diligently. She is a previous journalist at Cryptonary.

Post a Comment