Attackers drain $5 million from Osmosis; FireStake Validator admits to exploiting LP bug

? Want to work with us? CryptoSlate is hiring for a handful of positions!

On June 7, someone posted a Reddit thread that was later deleted by the forum’s moderator. The thread contained a serious claim — the Osmosis network had a bug that allowed liquidity providers to earn an extra 50% when adding and withdrawing liquidity.

Osmosis (OSMO) is a blockchain in the Cosmos ecosystem that offers a decentralized exchange and wallet.

The claim appeared improbable until the network was halted for emergency maintenance.

Although the Osmosis team did not acknowledge an exploit at the time, the halt came about after a few attackers drained around $5 million.

The Osmosis team has identified the bug and developed a patch that is being tested before deployment. Developers are still working on restarting the network.

So this is how the attackers managed to exploit the network, as shown by on-chain activity:

A Twitter user pointed out in a thread that one of the attackers added liquidity in the form of USD Coin (USDC) and OSMO. The attacker then received GAMM LP tokens in return, which represented their share in the pool. These perpetrators immediately withdrew the GAMM LP tokens, thereby gaining 50% extra than the amount of USDC and OSMO that had been added as liquidity.

The perpetrator then swapped the OSMO tokens for ATOM and sent them to other wallets. This same process was repeated over and over again — each time the attacker gained 50% more tokens.

Most of the proceeds in OSMO were swapped for ATOM and transferred to a wallet that contains $9 million worth of ATOM tokens, the Twitter thread said. However, this wallet did not include the USDC tokens the attacker gained by exploiting the bug — the USDC tokens were neither swapped nor transferred, the thread added.

Osmosis identifies attackers; FireStake comes forth

Four attackers have been identified as the key perpetrators who stole over 95% of the exploited amount, according to a Twitter thread by Osmosis. Two out of the four attackers have volunteered to return the complete stolen funds. The other two have transactions to and from centralized exchanges, which have been alerted to identify the perpetrators and recover the funds.

Barely an hour after Osmosis’ Tweet regarding the attackers, FireStake — a validator in the Cosmos ecosystem — came forward in a Tweet and admitted to exploiting the LP bug but noted that they are trying to “set things right” and working with the Osmosis team to return the exploited funds.

Source: https://cryptoslate.com/attackers-drain-5-million-from-osmosis-firestake-validator-admits-to-exploiting-lp-bug/