Latest news about Bitcoin and all cryptocurrencies. Your daily crypto news habit.
Decentralized exchange Velocore has addressed its recent hack in a postmortem. The exchange suffered an exploit that led to the loss of about $7 million.Â
The exchange has offered the hacker a 10% bug bounty but has yet to receive a response.Â
Details Of The HackÂ
The hack was orchestrated after the hacker exploited a vulnerability in the smart contracts controlling the decentralized exchangeâs liquidity pools. The hacker was able to exploit the vulnerability in overflow logic. This allowed them to trick Velocore into turning a small withdrawal into a large deposit. The hacker then used a flash loan attack to drain the decentralized exchangeâs âvolatile poolsâ on zkSync Era and Linea. The Velocore team was able to safeguard its assets on Telos, and âstable poolsâ were not impacted. In a post on X, Velocore stated,Â
âWeâve identified the exploit mechanism and are setting up an on-chain negotiation process. A post-mortem article is in the works. Tracking the exploiter with clues left behind. More updates soon. Velocore on the Telos mainnet has not been affected, and we are working with the foundation while functionalities are frozen. We will provide guidance on safely withdrawing all funds in the future.â
Exploit PostmortemÂ
In response to the hack, Velocore initiated an investigation and set up an on-chain negotiation process to retrieve the funds from the hacker. The decentralized exchange also shared an emergency notice after the hack, urging users to be cautious. It also halted all operations on the exchange and froze the stolen funds. However, despite these measures, the hacker was able to transfer a portion of the funds across chains to the Ethereum mainnet. Velocore wrote in its postmortem of the incident,Â
âDespite undergoing multiple audits and implementing preventive features to ensure security, this unexpected incident happened swiftly. We are deeply saddened and sincerely apologize to our users who have trusted us. Velocore has also disabled the logic flaw used in the exploit, eliminating the chance of a copycat attack.â
The team promised users it would provide another update on the incident soon. The hack also resulted in the Linea Layer2 network temporarily pausing block production to mitigate losses.Â
âBecause other avenues of handling this exploit closed, our team halted the sequencer to prevent additional funds bridging out.âÂ
Linea defended its decision to halt the chain, adding that its eventual goal was to remove the teamâs ability to halt the network via decentralization.Â
âMost L2s, including Linea, still rely on centralized technical operations, which can be leveraged to protect ecosystem participants. Lineaâs core value is a permissionless, censorship-resistant environment, so it was not a decision we took lightly.â
Velocore Reaches Out To HackerÂ
Meanwhile, Velocore has offered the hacker a 10% white hat bounty if the remainder of the stolen funds are returned by June 3, 8:00 UTC. While the hacker has yet to respond to the offer, they have already deposited 1700 ETH, worth around $7 million, into Tornado Cash, a cryptocurrency mixer. The decentralized exchange added that it had taken a snapshot of the blockchain prior to the incident and would come up with a compensation plan for its users.Â
âFor those affected, we have taken a snapshot of the blockchain state prior to the incident. Once operations resume, we will implement an appropriate compensation plan to address the losses incurred to our users.â
Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.
Disclaimer
The views and opinions expressed in this article are solely those of the authors and do not reflect the views of Bitcoin Insider. Every investment and trading move involves risk - this is especially true for cryptocurrencies given their volatility. We strongly advise our readers to conduct their own research when making a decision.