Main navigation

Polygon-Based Lending Protocol Hacked With Losses in USDC, USDT

Advertisement
Fri, 28/04/2023 - 14:57
Polygon-Based Lending Protocol Hacked With Losses in USDC, USDT
Cover image via stock.adobe.com

Disclaimer: The opinions expressed by our writers are their own and do not represent the views of U.Today. The financial and market information provided on U.Today is intended for informational purposes only. U.Today is not liable for any financial losses incurred while trading cryptocurrencies. Conduct your own research by contacting financial experts before making any investment decisions. We believe that all content is accurate as of the date of publication, but certain offers mentioned may no longer be available.

Read U.TODAY on
Google News

Wu Blockchain has reported that Polygon's POS-based multichain lending protocol 0VIX has been hacked with a total loss of about $2 million.

This includes 1.45 million USDC; 58,400 USDT and 9500 GHST. The hacker has started moving the funds, bridging them to Ethereum, and has converted 1,070 ETH.

Blockchain security firm PeckShield has confirmed the incident and unveiled the root cause following a joint investigation with the affected 0vixProtocol. The root cause was determined to be the introduction of a vulnerable "VGHSTOracle," which was deployed on March 17, 2023. The VGHSTOracle suffers from what it described as "donation-based price manipulation."

Advertisement

Explaining further details, the hack involved a flash loan deposit of over 24.5 million USDC as collateral to borrow 5.4 million USDT and 720,000 USDC.

The exploit involved a series of leveraged borrowings from the vulnerable vGHST oracle, which made the hacker's borrowing position liquidatable. The borrow position was then liquidated to take back the original USDC collateral.

Flash loans allow users of DeFi to borrow millions of dollars with zero collateral. Attackers sometimes use them to gain funds to carry out exploits on decentralized systems.

Related

In March, an attacker used a flash loan to conduct an exploit on DeFi lending protocol Euler Finance, which resulted in losses of almost $200 million. This includes Dai (DAI), wrapped Bitcoin (WBTC) staked Ether (sETH), and USDC.

In a happy ending, the exploiter apparently apologized in a message attached to one of the blockchain transactions and returned the majority of the stolen funds to the protocol.

OVIX gives update

In a tweet, 0VIX confirmed the incident and said it was working with its security partners to look into the current situation that seems to be related to vGHST.

As a result, it says it is pausing POS and zkEVM markets; this includes pausing oToken transfers, minting and liquidations.

Only POS has been affected currently, but zkEVM has been paused as a precaution and will likely be enabled again shortly.

Related articles

Advertisement
TopCryptoNewsinYourMailbox
TopCryptoNewsinYourMailbox
Advertisement
Advertisement

Recommended articles

Latest Press Releases

Our social media
There's a lot to see there, too

Popular articles

Advertisement
AD