Gamma Protocol Reportedly Suffers $3.4M Exploit

by BSC News

January 4, 2024


Security analysts PeckShield and BlockSec confirmed the incident, attributing it to a critical vulnerability in Gamma's accounting mechanism.

Decentralized finance (DeFi) protocol Gamma Strategies finds itself in the spotlight as security analysts report a significant exploit leading to losses of approximately $3.4 million. 

Both PeckShield and BlockSec, reputable security firms, have confirmed the incident, highlighting a breach that allowed a hacker to abscond with 1500 ether.

"The root cause stems from the inconsistency between the accounting mechanisms for depositing and withdrawing used by Gamma Strategies, which results in a discrepancy between the liquidity and the shares," explained BlockSec founder Yajin Zhou to The Block. "Exploiting this, the attacker could withdraw an excessive amount of tokens."

Root Cause and Remediation Plan

Gamma Strategies, in a recent update, outlined the root cause of the exploit and detailed steps to prevent a recurrence. 

The vulnerability lay in the price change threshold setting, allowing for a significant manipulation of prices in certain vaults. A third-party code review before reopening deposits was identified as one of the corrective measures, as well as a commitment to maximize recovery for affected users.

The breach's severity is underscored by the insights from BlockSec, which identified a critical vulnerability in Gamma's "accounting mechanism."

Amidst the unfolding drama, a fraudulent social media account with verified status impersonated Gamma, directing investors to a phishing website. Notably, this imposter account garnered more attention than Gamma's cautionary message about the breach.

A Troubled Landscape

The Gamma Protocol exploit adds to the grim tally of cryptocurrency sector hacks. In 2023, the industry suffered losses nearing $1.8 billion, with major incidents concentrated in the latter half of the year. 

The Mixin platform, in September, grappled with a $200 million loss, unable to identify the attacker or retrieve the funds. Despite challenges, Mixin pledged to compensate users for half of their lost holdings.

Notable breaches in 2023 also included a security incident at Poloniex, initially reported at $33 million but later adjusted to over $120 million. The crypto gambling platform Stake faced a $41 million theft in September, contributing to the industry's growing concerns about security.


Disclaimer: The views expressed in this article do not necessarily represent the views of BSCNews. The information provided in this article is for educational and informational purposes only and should not be construed as investment advice. BSCNews assumes no responsibility for any investment decisions made based on the information provided in this article