Osmosis decentralized exchange succumbed to a breach losing about $5 million from its liquidity pool. According to the update, the hackers were able to discover a bug in the LP, using it to breach the platform. The bug was first discovered by a user on Reddit who brought it to the whole group’s attention. In his post, users could remove liquidity on the platform, which will cause their LO to surge by 50%.
Hackers breached through a bug on Osmosis LP
According to the report, the group’s admin deleted the report but was not quick enough to patch the breach as hackers had already taken advantage of the bug. Following the breach, the development team swiftly discovered the area, stopping block production on the platform.
In a full statement on how the hackers were able to carry out this dastardly act, one of the top executives of the platform mentioned that the hackers added liquidity and immediately extracted returns going to the tune of 150% on one of their pools. The report said that for every ten shares a user deposits in the LP, they would automatically get a reward of 15 shares on the platform. The executive also mentioned that some of their users knowingly exploited the flaw while others inadvertently did it.
FireStake returned $2 million
In a thread where Osmosis explained the whole scenario in detail, it mentioned that it had already identified four individuals responsible for the biggest loss. However, the platform noted that two of them returned the funds they got from the exploit. After some minutes of Osmosis’ tweet, one of the biggest validators on the platform, FireStake, released a statement that two of its members were involved in the process, claiming up to $2 million from the breach. In their report, FireStake mentioned that they knew their family’s safety was at stake should they pull off the crime and hide it.
However, after serious considerations, they decided it was best to return all the funds from the exploit. In the statement by the Osmosis boss, the two attackers who are still at large sent their funds to centralized exchanges. He believes the rookie move will enable its team to trace the funds and apprehend the criminals. The project supervisor on the Osmosis group also told users that they had alerted the police about the theft and would do all in their power to apprehend the criminals. He also urged the exploiters to return the funds so they would not be faced with an aggressive approach.
Source: https://www.cryptopolitan.com/osmosis-lp-breached-in-a-5-million-hack/