Blockchain, ‘decentralized’ exchange taken offline after hacker steals millions
Hacking. Misinformation. Surveillance. CYBER is Motherboard’s podcast and reporting on the dark abdomen on the internet.
Developers and networkers took a blockchain offline Tuesday night, rendering the “decentralized” cryptocurrency exchange that runs on top of it useless, after an error caused a hacker to steal around $ 5 million.
A few hours earlier, a Reddit user called Straight-Hat3855 warned of the existence of the error about the Osmosis blockchain in a post on the subreddit of Cosmos Network, the ecosystem that hosts the vulnerable blockchain. The primary function of the Osmosis chain is to operate its decentralized crypto exchange, which is an exchange that uses smart contracts and algorithms to enable token exchange and set prices.
“It’s a serious problem with osmosis. If you add liquidity to a pool and then remove it, it grows by 50%! How can we fix this!?!?” Straight-Hat3855 wrote in a now deleted post.
“The osmosis chain has been stopped for emergency maintenance,” a Discord moderator for the project announced at 10:57 p.m. EST. “This will take some time to resolve, and we do not expect the chain to be live again until at least a few hours. During this time, you will not be able to interact with DEX or with your Osmosis wallet.” According to a later post from the moderator, blockchain validators – users who have “bet” tokens to become miners – coordinated the “emergency stop” in 12 minutes after discovering the problem.
On Twitter, Osmosis’ Twitter account announced that “developers are fixing the bug.” About six hours later, Osmosis publicly announced on its official Twitter account that the error was identified and corrected. The project estimated that the losses were around $ 5 million, but that it “worked on recovery.”
“More testing is underway before validators are advised to coordinate a reboot,” the project wrote.
Do you have information about other cryptocurrencies? Are you researching vulnerabilities in cryptocurrencies and their networks? We would love to hear from you. You can contact Lorenzo Franceschi-Bicchierai safely at Signal on +1 917 257 1382, Wickr / Telegram / Wire @lorenzofb, or email [email protected]
Osmosis did not respond to a request for comment sent via Twitter DM.
The hack comes only days later hackers stole around $ 113 million from another decentralized exchange (DEX) called Maiar. In that case, the developers also took the stock exchange offline to deal with the hack, and later claimed that they were able to patch the bug and recover the stolen funds.
Although $ 5 million is not a high amount given the severity of other cryptocurrencies, it shows once again that many crypto projects run on very vulnerable code that hackers are quick to exploit, causing serious damage. During the first three months of this year, hackers and fraudsters stole about $ 1.6 billion in crypto. according to blockchain cybersecurity company CertiK.
Subscribe to our podcast, CYBER. Subscribe to our new Twitch channel.
