Illuvium takes measures to protect staked funds post discovery of vulnerability

Over the past year, Decentralised Finance (DeFi) has experienced exponential growth with more than 4.3 million users at the time of writing. Needless to say, it doesn’t show any signs of slowing down, given the current demand. That said, hacks, scams, and similar illicit activities played a role as well. As unfortunate as it sounds, some security risks are involved.

Drastic step(s)

Multi-billion dollar blockchain gaming giant Illuvium is currently the topic of discussion after it fell prey to illicit activity. Although, no funds have been compromised so far.

Illuvium is an open-world fantasy battle sport that’s constructed on the Ethereum network and has the aim of turning into the primary AAA-rated blockchain-based sport that includes elements of decentralized finance (DeFi) and nonfungible tokens (NFT).

Here’s the interesting part. Post-detection of a vulnerability in staking contracts, Illuvium drained entire funds from a Uniswap pool. Thereby, preventing an attacker from cashing out. The team tweeted:

The said precaution doesn’t really come as a surprise. Especially given the increase in the number of hacks, exploits and attacks in the DeFi world. But the obstacle was fixed. At least that’s what the team stated. It update stated,

“The vulnerability has been fixed within the staking V2 contracts and we expect to have them launched shortly. $ILV holders will have time before the Land Sale to claim their $sILV. We’re very sorry for the inconvenience. Ensuring the DAO is protected is our main priority.”

Here’s the significance of the aforementioned action. The sILV/ETH Uniswap V3 pool was drained of all funds in a series of large transactions. It even shorted the trading price of sILV to $0, although temporarily.

Further analysis

On further analysis, the team along with the co-founder of the network Aaron Warwick made a couple of observations.

Firstly, users were advised to not buy into any liquidity. Also, attackers were able to steal some of the funds. But it’s currently unclear how much sILV the attacker was able to cash out as ETH before the team managed to drain the pool entirely.

Furthermore, the team added a few insights to alert users of next steps.

As part of the latest warning, the team shed light on an important aspect. Something to think about before acting upon it.

Overall, a detailed post-mortem would provide the necessary information for the aforementioned hack. For now, ILV, Illuvium’s governance token did take a major hit. It was trading at the $990 mark with a 4% correction in 24 hours.

Source: https://ambcrypto.com/illuvium-takes-measures-to-protect-staked-funds-post-discovery-of-vulnerability/