Highlights:
- Velocore’s $7 million token loss due to smart contract vulnerability was swiftly addressed with a bug bounty offer.
- After the hack, Velocore promptly deactivated the flawed logic, preventing further attacks on its liquidity pools.
- The Linea blockchain halted operations temporarily to safeguard against further asset losses, resuming shortly after.
In a recent incident, the decentralized exchange Velocore was hacked for approximately $7 million in tokens. A user exploited a vulnerability in the exchange’s smart contracts, causing significant disruptions.
Emergency Notice
Velocore has been exploited, resulting in the loss of most of the liquidity. Our CPMM pools have been affected, but the stable pools have not been impacted, so funds can be withdrawn on our stable pools.We are working with security teams and foundations, and…
— Velocore | veDEX on zkSync Era / Linea ▪️ (@velocorexyz) June 2, 2024
Consequently, the Linea blockchain team halted block production, which has now resumed. Velocore has responded by offering a 10% bug bounty to the hacker, who has yet to reply.
Exploit Details and Immediate Response
Velocore operates on the Telos, zkSync Era, and Linea blockchains. The exploit targeted a vulnerability in the smart contracts governing its liquidity pools, leading to a loss of about $6.8 million in tokens.
The hacker manipulated an overflow logic flaw to turn a small withdrawal into a large deposit, using a flash loan to drain the “volatile pools” on zkSync Era and Linea. However, Velocore managed to secure its assets on Telos, and the “stable pools” remained unaffected.
Despite undergoing multiple audits and implementing preventive measures, Velocore acknowledged the incident in a post-mortem, expressing regret to its users. The team has since disabled the logic flaw to prevent similar attacks in the future.
Linea Network’s Temporary Halt
The ConsenSys-built Linea Ethereum Layer 2 network temporarily paused its block production to mitigate losses from the attack. “Because other avenues of handling this exploit closed, our team halted the sequencer to prevent additional funds from bridging out,” the protocol stated on X.
Linea’s team made a decision to halt block production by pausing the sequencer and censor attacker addresses to protect the users and builders in our ecosystem. Like other L2s, we are still in the “training wheels” phase of existence, giving us safeguards to use.
— Linea (@LineaBuild) June 2, 2024
Although Linea aims to achieve significant decentralization and remove the ability to halt the network from its team, the protocol defended its decision to pause the chain, emphasizing the need to protect ecosystem participants.
Bug Bounty and Future Measures
In a bid to recover the stolen funds, Velocore has reached out to the hacker, offering a 10% white hat bounty for the return of the remaining assets by June 3, 8:00 UTC. So far, the hacker has not responded. However, they have deposited approximately 1700 ETH, worth around $7 million, into the cryptocurrency mixer Tornado Cash.
In its post-mortem, Velocore promised,
For those affected, we have taken a snapshot of the blockchain state prior to the incident. Once operations resume, we will implement an appropriate compensation plan to address the losses incurred by our users.
Hacks Drain Millions from Crypto in May
May 2024 witnessed significant security breaches in the cryptocurrency sector, with losses totaling $347.3 million. Crypto2Community reports these losses stemmed from a variety of illicit activities, each contributing to the substantial total. The majority of the funds, $324.7 million, vanished due to exploits. Additionally, attackers executed flash loan schemes, siphoning off $20.7 million.
Moreover, exit scams accounted for $1.8 million of the lost assets. The report underscores the persistent vulnerabilities that plague various crypto enterprises, spotlighting the urgent need for enhanced security measures across the industry.
Read More:
- Trump Accepts Bitcoin Lightning Network Donations for 2024 Campaign
- Galxe Launches Gravity Blockchain for Web3 Enhancements
- Toncoin Price Rebounds After Supply FUD Clarification, Eyes $6.534 Resistance
- PayPal’s PYUSD Now on Solana for Faster, Low-Cost Payments
- Bitcoin Price Steady Amid Mt. Gox FUD: Breakout to $73K Expected
Disclaimer: Cryptocurrency is a high-risk asset class. This article is provided for informational purposes and does not constitute investment advice. You could lose all of your capital.