Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Lever, a decentralized margin trading protocol based on AMM, was attacked by lightning loans. According to the official statement, Lever attacked contract A to borrow 2,100 BNB from PancakeSwap and deposit 2,000 BNB into Lever’s BNB vault. Then borrowed 1500 BNB from Lever’s BNB vault and transferred it to Lever Attack Contract B. Lever Attack Contract B deposited 1500 BNB and used it to consume 32.78 ETH, 1,068.05 BAKE, 167.25 XVS, 1,042.89 DAI, 674,360 USDT. BTC , 1,930.01 CAKE, 463.0078 DOT and 332.9184 WBNB. (Calculated at the current market price, the total loss is equal to US$652,941.949.) Attack method (per SlowMist): Flash Loan Attack. Reported loss: $ 652941.949.
- chain
- —
- protocol
- Lever
- bug_class
- flashloan
- date_occurred
- 2021-11-27
- loss_usd
- $652,942
- source_id
- sm:lever::2021-11-27