Main navigation

Crypto Hack: New Polygon (MATIC) DeFi Exploited for $2 Million, Here's How

Advertisement
Sat, 29/04/2023 - 13:12
Crypto Hack: New Polygon (MATIC) DeFi Exploited for $2 Million, Here's How
Cover image via stock.adobe.com
Read U.TODAY on
Google News
Advertisement

Malefactors managed to manipulate the price of one asset that was a cornerstone element of 0VIX's lending module. The team addressed the hacker with a message, but they remain silent.

Polygon-based lending protocol 0VIX targeted by flash loan attack, here's scenario

According to a statement shared by the team of 0VIX, a decentralized lending protocol that works on Polygon's (MATIC) main chain and its novel network Polygon zkEVM, its oracles mechanism was exploited yesterday, April 28, 2023.

Leading Web3 cybersecurity expert Peckshield revealed that the attack became possible due to a flaw in the oracles mechanism of 0VIX. In order to start the manipulation, the attacker deposited $24.5 million in USD Coins (USDC) as collateral and borrowed $5.4 million in U.S. Dollar Tether (USDT) and 720,000 USDC.

Advertisement

Then, they started a series of leveraged borrowings of vGHST, a 0VIX token based on Aavegotchi's GHST asset. As a low-liquid coin, vGHST saw its price rocket: vulnerable VGHSTOracle failed to mitigate the manipulation. As a result, the borrowing position of the hacker was liquidated and the collateral returned to their pocket.

In total, the attackers made approximately $2 million in crypto equivalent as a result of this hack.

Related

As covered by U.Today previously, this vector is a common one for attacks in DeFi. In 2022, a number of eight-digit attacks with oracles manipulations happened on Ethereum (ETH), Polygon (MATIC), Solana (SOL) and BNB Chain (BSC).

Hacker rejects $125,000 bug bounty reward

The team of 0VIX paused all operations on Polygon (MATIC) and zkEVM networks; however, the latter was not affected by the attack. The protocol sent a message to the attacker urging them to return the stolen money.

However, the malefactors do not seem to be interested in paying the debt: The term of the ultimatum expired and there is no update from the attackers' side.

As such, the victims will likely be sharing information about the hack with law enforcement bodies to find the owners of wallets involved in the attack.

Related articles

Advertisement
TopCryptoNewsinYourMailbox
TopCryptoNewsinYourMailbox
Advertisement
Advertisement

Recommended articles

Latest Press Releases

Our social media
There's a lot to see there, too

Popular articles

Advertisement
AD