Mycelium DeFi Exploited Due to Price Feed Issues
Mycelium, a multi-product Web3 ecosystem, unveiled that one of its liquidity pools suffered losses due to issues with the price feed. Also, the protocol's IP address was blocked by the Binance API module.
Mycelium ETH/USD pool exploited
As per a statement from the team of Mycelium, today, on Jan. 7, 2023, the platform suffered from an exploit by an arbitrage bot. The bot detected a discrepancy of the Ether (ETH) price on the platform (too high spread) and started abusing it with a large amount of liquidity.
The team want to address the situation occurring around the ETH-USD price feed that impacted MLP.
It appears that an issue developed overnight via 1 of the 3 data providers. While another data provider was down due to IP blocking. Causing a discrepancy in median price.
1/7— Mycelium (@mycelium_xyz) January 7, 2023'Rich Dad Poor Dad' Author Says Bitcoin About to Surpass $100,000: ‘Hang On Tight’MicroStrategy Completes $3 Billion Debt OfferingShiba Inu (SHIB) Rocket Fuel Pattern Here, Bitcoin (BTC) Ready for Fundamental Shift at $100,000, Solana's (SOL) Road to $300 ContinuesRipple CEO Reacts to Gensler’s Resignation
The discrepancy should be attributed to the Bitfinex API, which started broadcasting highly volatile prices for the ETH/USDT pair at about 02:45 a.m. AEST. Meanwhile, the other price feed provider, Binance, was down as it blocked the U.S.-associated IP used by Mycelium.
As such, the system was unable to rebalance the price via an independent price feed. Mycelium only utilized data from Bitfinex and Coinbase as a result of the Binance outage that "was not widely communicated," the Mycelium team highlights.
Once the problem was detected, the team launched an internal investigation and stopped the trading. The pool was unavailable for 2.5 hours in total, the postmortem goes.
Net TVL declined by 4-6%
Mycelium experts unveiled that the issues "led to degradation of MLP of somewhere between 4-6%." As the 24-hour trading volume for this pool exceeded $218 million in equivalent, the losses might be sensitive.
The protocol decided to implement stronger monitoring of feeds, enhanced alerts and faster communication in order to prevent such incidents from happening again.
As covered by U.Today, Balancer (BAL) DeFi asked its users yesterday to withdraw money from five pools on four blockchains.