ETH

Linea-Based Velocore DEX Loses $6.8M in Hack

by BSCN

June 3, 2024

chain

Linea stopped block production for an hour and censored the hacker's wallet to contain the threat.

Velocore, a decentralized exchange (DEX) platform on Linea and zkSync, recently faced a significant security breach, resulting in the loss of over $6.8 million. 

The attacker, identified by the address …..86ACaca3716bF, successfully exploited vulnerabilities in the platform's smart contract. 

"700ETH moved off Linea via a 3rd party bridge. It was the middle of the night, Velocore was still vulnerable, and we could not get ahold of their team," stated the Linea team on X.

 

After gaining access to the funds, the hacker transferred them to the Ethereum network through bridges. The stolen funds were converted to ETH on the Ethereum network and then transferred to Tornado.Cash, an anonymous payment protocol that hides both the sender and the recipient of cryptocurrency transactions.

Exploit Details

The Velocore team confirmed that the breach led to a loss of approximately $6.8 million worth of ether. Specifically, the attacker exploited vulnerabilities in the Velocore protocol's "Balancer-style CPMM pool contract." 

 

It is crucial to note that this exploit was limited to volatile pools, leaving all stable pools unaffected. Based on this specificity, it is evident that the attacker had a thorough understanding of Velocore's infrastructure and targeted a known weak point within it.

Linea's Response

Upon receiving the alert about the hack, the Linea team deployed a series of ecosystem security measures to mitigate further damage. One of the primary steps included halting the blockchain sequencer. This action was crucial in preventing additional funds from being bridged out by the hacker.

Linea stopped producing blocks for about an hour, specifically between block 5081800 and 5081801. During this critical period, the hacker’s wallet address was censored, effectively preventing the attacker from selling large amounts of ether. 

Velocore's Immediate and Long-Term Plans

In the aftermath of the attack, Velocore is reportedly working on tracking down the exploiter. The team plans to reimburse affected users once operations resume. They have already established the method used by the hacker and are now devising an on-chain negotiation strategy to address the issue. 

Despite the breach, Velocore assures users that activities on the Telos mainnet remain unaffected. Team members continue to work closely with the Telos Foundation to ensure the platform's security and integrity. 

 

While all functionalities are currently suspended, Velocore says it will resume operations soon. 

Disclaimer

Disclaimer: The views expressed in this article do not necessarily represent the views of BSCN. The information provided in this article is for educational and entertainment purposes only and should not be construed as investment advice, or advice of any kind. BSCN assumes no responsibility for any investment decisions made based on the information provided in this article. If you believe that the article should be amended, please reach out to the BSCN team by emailing [email protected].

;