Disclosure
Cryptocurrency trading is speculative and your capital is at risk when you trade. We may earn affiliate commissions from some of the products on this page - at no extra cost to you.
Velocore Decentralized Exchange Addresses $7 Million Hack, Offers Hacker Bounty

Highlights:

  • Velocore’s $7 million token loss due to smart contract vulnerability was swiftly addressed with a bug bounty offer.
  • After the hack, Velocore promptly deactivated the flawed logic, preventing further attacks on its liquidity pools.
  • The Linea blockchain halted operations temporarily to safeguard against further asset losses, resuming shortly after.

In a recent incident, the decentralized exchange Velocore was hacked for approximately $7 million in tokens. A user exploited a vulnerability in the exchange’s smart contracts, causing significant disruptions. 

Consequently, the Linea blockchain team halted block production, which has now resumed. Velocore has responded by offering a 10% bug bounty to the hacker, who has yet to reply.

Exploit Details and Immediate Response

Velocore operates on the Telos, zkSync Era, and Linea blockchains. The exploit targeted a vulnerability in the smart contracts governing its liquidity pools, leading to a loss of about $6.8 million in tokens. 

The hacker manipulated an overflow logic flaw to turn a small withdrawal into a large deposit, using a flash loan to drain the “volatile pools” on zkSync Era and Linea. However, Velocore managed to secure its assets on Telos, and the “stable pools” remained unaffected.

Despite undergoing multiple audits and implementing preventive measures, Velocore acknowledged the incident in a post-mortem, expressing regret to its users. The team has since disabled the logic flaw to prevent similar attacks in the future.

Linea Network’s Temporary Halt

The ConsenSys-built Linea Ethereum Layer 2 network temporarily paused its block production to mitigate losses from the attack. “Because other avenues of handling this exploit closed, our team halted the sequencer to prevent additional funds from bridging out,” the protocol stated on X. 

Although Linea aims to achieve significant decentralization and remove the ability to halt the network from its team, the protocol defended its decision to pause the chain, emphasizing the need to protect ecosystem participants.

Bug Bounty and Future Measures

In a bid to recover the stolen funds, Velocore has reached out to the hacker, offering a 10% white hat bounty for the return of the remaining assets by June 3, 8:00 UTC. So far, the hacker has not responded. However, they have deposited approximately 1700 ETH, worth around $7 million, into the cryptocurrency mixer Tornado Cash.

In its post-mortem, Velocore promised,

For those affected, we have taken a snapshot of the blockchain state prior to the incident. Once operations resume, we will implement an appropriate compensation plan to address the losses incurred by our users.

Hacks Drain Millions from Crypto in May

May 2024 witnessed significant security breaches in the cryptocurrency sector, with losses totaling $347.3 million. Crypto2Community reports these losses stemmed from a variety of illicit activities, each contributing to the substantial total. The majority of the funds, $324.7 million, vanished due to exploits. Additionally, attackers executed flash loan schemes, siphoning off $20.7 million. 

Moreover, exit scams accounted for $1.8 million of the lost assets. The report underscores the persistent vulnerabilities that plague various crypto enterprises, spotlighting the urgent need for enhanced security measures across the industry.

Read More:

Disclaimer: Cryptocurrency is a high-risk asset class. This article is provided for informational purposes and does not constitute investment advice. You could lose all of your capital.

Buy Cryptos on eToro banner