Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Mycelium, a perpetual agreement, tweeted that due to the oracle feeding problem of the ETH-USD trading pair, MLP suffered a loss of 4~6% from robot arbitrage (the current pool size is about $6.6 million, and the estimated loss is about $300,000), but the team has fixed the loophole and resumed trading. The reason for this is that due to the fact that Binance began blocking US IPs in late December, one of Mycelium's three oracle data vendors went offline, and the other vendor also seemed to have gone wrong overnight, resulting in prices relying only on Coinbase and Bitfinex. Coinciding with about 4 pm yesterday, Bitfinex's ETH-USD feed price fluctuated significantly, and the spread was extremely large, perhaps the arbitrage robot detected the spread and began to arbitrage at a higher than usual amount, resulting in a loss of MLP. Attack method (per SlowMist): Oracle Attack. Reported loss: $ 300,000.
- chain
- —
- protocol
- Mycelium
- bug_class
- oracle
- date_occurred
- 2023-01-07
- loss_usd
- $300,000
- source_id
- sm:mycelium::2023-01-07