Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Osmosis, the decentralized exchange (DEX) built on the Cosmos network, was shut down just before 3 a.m. ET on Wednesday after attackers exploited a liquidity provider (LP) vulnerability to steal around 5 million Dollar. About an hour after Osmosis tweeted about the attack, 4 hackers accounted for 95% of the total, according to a tweet from Osmosis, Cosmos ecosystem validator FireStake admitted on Twitter, A "momentary error of judgement" led to two members of their team who exploited the vulnerability for roughly $2 million, and they decided to voluntarily return the funds and "fix the problem." Attack method (per SlowMist): LP vulnerability. Reported loss: $ 3,000,000.
- chain
- —
- protocol
- Osmosis
- bug_class
- unknown
- date_occurred
- 2022-06-09
- loss_usd
- $3,000,000
- source_id
- sm:osmosis::2022-06-09