The decentralized finance (DeFi) ecosystem was hit by yet another hack, as decentralized perpetual market Level Finance was hacked for $1.1 million by an unknown attacker.
The incident adds to a growing list of crypto and DeFi exploits that have taken place so far in 2023.
Yet Another Attack On DeFi
Level Finance disclosed the news of the attack to its followers on Twitter. According to the team at the perpetual marketplace, the attacker manipulated a “claim multiple” bug in one of Level Finance’s smart contracts. This allowed them to siphon off over 214,000 LVL tokens from the exchange, which they then swapped into BNB tokens. The exploit resulted in the loss of over $1 million to Level Finance. However, the team assured users that other smart contracts were unaffected and were isolated from the exploit in question.
The Level Finance team also stated that the liquidity pools and the DAO treasury were also unaffected and deployed a patch only 12 hours after the attack. Level Finance will be conducting a thorough post-mortem of the attack and hope to offer some insight into how the attack was executed.
“An exploit targeted our Referral Controller Contract. – 214k LVL tokens drained to exploiters’ address. – Attacker swapped LVL to 3,345 BNB – Exploit was isolated from other contracts. – Fix to be deployed in 12 Hrs. – LP’s and DAO treasury UNAFFECTED.”
Level Finance is a decentralized and non-custodial perpetual market created on the BNB Chain. Currently, its Total Value Locked (TVL) is around $32 million, a sharp drop from the $41 million before the attack.
PeckShield Dissects The Attack
Blockchain security firm PeckShield revealed that the smart contract “LevelReferralControllerV2” had a bug that allowed the hacker to make repeated referral claims during the same epoch. Level Finance later confirmed this in an updated statement on Discord. According to data from BSC Scan, Level Finance’s v2 controller contract reported multiple calls of the “claim multiple” function registered over the past 48 hours.
“It seems the @Level__Finance’s LevelReferralControllerV2 contract has a bug that allows for repeated referral claims from the same epoch. So far, 214k LVLs have been drained and swapped into 3,345 BNB (~1M).”
Level Finance has temporarily suspended the referral program in an effort to contain the exploit.
DeFi Exploits On The Up
2023 has seen a considerable increase in the number of hacks, with several having taken place over the first four months of the year. While not as bad as 2022, this could change with a couple of large exploits, which could leave DeFi reeling again. According to crypto security and auditing firm CertiK, crypto scams, exploits, flash loan attacks, and exit scams have cost the crypto space a staggering $103 million in April alone. According to CertiK, the total loss during the ongoing year stands at $429 million, a figure which could continue rising.
Among the most significant hacks of 2023 are those of Sentiment and Euler Finance. Euler Finance’s hack saw the attacker siphon off $197 million, while sentiment reported that hackers managed to steal $1 million. However, both protocols successfully negotiated with the hackers and recovered most of their funds.
Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.
Source: https://cryptodaily.co.uk/2023/05/level-finance-loses-over-1m-as-defi-hit-by-yet-another-hack