0VIX is working with its security partners to look into the current situation that seems to be related to vGHST.
As a result, POS and zkEVM markets have been paused this includes pausing oToken transfers, minting, and liquidations.
Only POS has been currently affected but zkEVM…
— 0VIX | live on zkEVM (@0vixProtocol) April 28, 2023
. vGHST is the staking token of the blockchain gaming project Aavegotchi. It is also the share token for $GHST, Aavegotchi’s native token.
Blocksec, another security and audit firm, and its price oracle manipulated. The attacker had initially borrowed stablecoins which they used to open up lending on 0VIX and enabled them access to the vGHST lending pool. They then borrowed large amounts of vGHST. This caused the value of the native token $GHST to shoot up by as much as 24.7% in less than half an hour, as from CoinMarketCap reveals. The attacker then ran off with the collateral and subsequently exchanged their loot for other tokens.
Attacks like these are commonly called oracle manipulation hacks. The crypto space has seen its fair share of these attacks, most recently hack last October 2022 where the attacker had made off with a whopping $117 million.
As for 0VIX’s response, the protocol is not giving up as their joint investigation with PeckShield and Chainalysis has yielded significant results by managing to identify the attacker. An ultimatum was then switfly issued to the attacker via an on-chain message which 0VIX subsequently publicized . It states that the protocol is willing to give the attacker $125,000 as bug bounty in return for the rest. Should the attacker not respond, 0VIX has warned that it will share information with law enforcement agencies.
Official message to the attacker:
At 8am UTC 1 May 2023 the law enforcement process is scheduled to begin in the absence of any funds being returned.
We will take the leads we’ve gotten so far (thank you to the public for these), combine it with our tracing we’ve already done on…— 0VIX | live on zkEVM (@0vixProtocol) April 29, 2023
Source: https://cryptodaily.co.uk/2023/04/0vix-protocol-drained-for-2m-in-oracle-manipulation-exploit-update