Main navigation

Polygon-Based Lending Protocol Hacked With Losses in USDC, USDT

Fri, 04/28/2023 - 14:57
article image
Tomiwabold Olajide
Root cause has been identified
Polygon-Based Lending Protocol Hacked With Losses in USDC, USDT
Cover image via

Disclaimer: The opinions expressed by our writers are their own and do not represent the views of U.Today. The financial and market information provided on U.Today is intended for informational purposes only. U.Today is not liable for any financial losses incurred while trading cryptocurrencies. Conduct your own research by contacting financial experts before making any investment decisions. We believe that all content is accurate as of the date of publication, but certain offers mentioned may no longer be available.

Read U.TODAY on
Google News

Wu Blockchain has reported that Polygon's POS-based multichain lending protocol 0VIX has been hacked with a total loss of about $2 million.

This includes 1.45 million USDC; 58,400 USDT and 9500 GHST. The hacker has started moving the funds, bridging them to Ethereum, and has converted 1,070 ETH.

Blockchain security firm PeckShield has confirmed the incident and unveiled the root cause following a joint investigation with the affected 0vixProtocol. The root cause was determined to be the introduction of a vulnerable "VGHSTOracle," which was deployed on March 17, 2023. The VGHSTOracle suffers from what it described as "donation-based price manipulation."

Explaining further details, the hack involved a flash loan deposit of over 24.5 million USDC as collateral to borrow 5.4 million USDT and 720,000 USDC.

The exploit involved a series of leveraged borrowings from the vulnerable vGHST oracle, which made the hacker's borrowing position liquidatable. The borrow position was then liquidated to take back the original USDC collateral.

Flash loans allow users of DeFi to borrow millions of dollars with zero collateral. Attackers sometimes use them to gain funds to carry out exploits on decentralized systems.

Polygon Co-founder Confirms Date for Ethereum Scaling Solution Mainnet Launch

In March, an attacker used a flash loan to conduct an exploit on DeFi lending protocol Euler Finance, which resulted in losses of almost $200 million. This includes Dai (DAI), wrapped Bitcoin (WBTC) staked Ether (sETH), and USDC.

In a happy ending, the exploiter apparently apologized in a message attached to one of the blockchain transactions and returned the majority of the stolen funds to the protocol.

OVIX gives update

In a tweet, 0VIX confirmed the incident and said it was working with its security partners to look into the current situation that seems to be related to vGHST.

As a result, it says it is pausing POS and zkEVM markets; this includes pausing oToken transfers, minting and liquidations.

Only POS has been affected currently, but zkEVM has been paused as a precaution and will likely be enabled again shortly.

article image
About the author

Tomiwabold is a cryptocurrency analyst and an experienced technical analyst. He pays close attention to cryptocurrency research, conducting comprehensive price analysis and exchanging predictions of estimated market trends. Tomiwabold earned his degree at the University of Lagos.