Hackers Looted $1 Million from Blockchain-based Levana Protocol

The blockchain-based Levana protocol suffered a major loss due to exploitation. The administrators of the protocol posted on X, formerly Twitter, that the exploit had drained about 10% of the reserves. The seven wallets attached to the oracle are affected. These wallets are attached to an oracle that connects to external systems, permitting them to trigger baked-on real-world inputs.

The administrators said reports on the attack suggest the attacker took advantage of congestion on the Osmosis blockchain when the market was under high stress created artificially by an exploit. It permits the hackers to make changes with prices which allows the exploit.

Reason Behind the Crypto Hack on Levana Protocol

As per Levana, a bug in the Osmosis fee market code meant that during the time of congestion, “the provided gas price was generally insufficient for making trades or performing ongoing bot maintenance activities.”

Levana said that the crypto attack took place between December 13 and December 26. During this time the congestion was high which denied normal customers the ability to transact and also the protocol bots were not able to interact with its oracle named Pyth. It enabled the attackers to perform the attack and drain out the liquidity pools.

The team highlighted that Pyth was the main part of the attack but there is no known vulnerability in it. The team said, “It behaved exactly as expected.” The team also emphasizes that from December 17 till December 26, the protocol suffered a distributed denial-of-service attack. That specifies a notable portion of the Levana engineering team was dedicated to dealing with that attack, which was generating instability on the platform.

“It’s unclear if there’s any relationship between the congestion attack and this string of DDoS attacks,” the team said. “It’s common practice for DDoS attackers to use the DDoS attack as a distraction from a more insidious attack.”

However, Levana said – the vulnerability has been fixed and the team is testing it. They also confirmed that liquidity providers, who have been impacted by the exploit during that attack window, will be refunded as well.

Levana also said, “Our main focus now is to get the protocol back online as soon as safely possible with significant learnings from the multistage sequence of the exploit.” 

Levana is a blockchain-based financial market that permits users to trade derivative future assets “perpetually”. They allow trading to speculate the future prices of the assets without expiration date. The perpetual futures can be held indefinitely.

Summary

The blockchain-based Levana protocol is exploited with $1.1 Million crypto and it’s a huge disappointment for them as they have lost 10% of the total reserve. However, the team confirmed that they had solved the issue. The existing trader position and profits remain unaffected. Modifying or opening the existing positions is halted till the next update. They mentioned that the existing deposits are not at risk.

Source: https://www.thecoinrepublic.com/2023/12/29/hackers-looted-1-million-from-blockchain-based-levana-protocol/