Osmosis is the latest crypto project to encounter an unexpected attack, as the looters made away with $5 million. The past few weeks haven’t been easy for crypto projects, especially exchanges.
Not only is the larger bearish market discouraging for them, but several cryptocurrency exchanges have also been in the eye of attacks and exploitations. The Cosmo-based decentralized exchange (DEX), Osmosis, is the latest crypto exchange to face a hack.
The Osmosis Exploitation
Established in 2021, Osmosis is a decentralized exchange built and hosted on Cosmo blockchain. It has a native utility token called “OSMO” deployed last October.
Related Reading | Cardano Founder Says Ethereum Merge Not Coming Until 2023
While relatively young and new, Osmosis has gained fame in the DeFi ecosystem, which is quite impressive. Within this short period, the DEX has accrued over $212 million in TVL (total value locked) on the network.
The Cosmo-based DEX, Osmosis exchange experienced an attack on Wednesday 8th June at midnight (3:00 am EST). What occurred was that some anonymous attackers exploited a bug of a Liquidity Provider to loot $5 million.
Though robust, secure, and full of liquidity and products, the extensive network is still prone to bugs, as was the case on Wednesday. Due to this, it fell prey to on-chain exploitation.
The attack occurred only two blocks before the developing team temporarily shut down the exchange to avoid further damage.
How It All Happened?
A Reddit user noted the bug on the DEX. He observed that if a user deposits some funds to an LP and withdraws it, they will receive 50% more than the amount they deposited. Also, he explained that if users continuously deposit and withdraw their coins, they could drain all assets in the blockchain’s LPs.
Only 12 minutes after that post was updated, the development team froze the network, only to realize the $5 million loss within that short span. This was reported by RoboMcGobo, an Osmosis community analyst on Discord.
Blockchain data reveal one OSMO user continuously looting this bug. The user had begun the attack with only 26 OSMO tokens and received 13 extra OSMO coins after their first transaction. Another transaction revealed how a user deposited over 101,230 OSMO tokens and got away with over 151,084 OSMO coins in half a minute.
From the exploitation, six users looted precisely $5 million. While two of them unintentionally made about $2 million and promised to return it in full, the remaining four have been silent and played anonymously to the looting.
Related Reading | Jim Cramer Says You Shouldn’t Borrow Money To Buy Bitcoin, Here’s Why
Osmosis took to Twitter, explaining to users that the LPs weren’t “completely drained” and assuring developers were working on the weakness. Only a day before the exploitation, the DEX had accumulated over $11.8 million in its daily trade volume. As a result of the attack, the OSMO token, Osmosis DEX’s native coin, also declined by about 6%.
Featured image from Pexels, chart from TradingView.com