An individual exploited a flaw in the protocol to steal 44 RBTC from one of the lending pools.
An individual exploited a flaw in the protocol to steal 44 RBTC from one of the lending pools. The exploit took advantage of a price manipulation technique.
Sovryn, a Bitcoin-based decentralized finance protocol, was drained of over $1 million in funds on Tuesday using a price manipulation exploit. The protocol, which is still in its early stages of development, was targeted by a group of unknown attackers who used a sophisticated technique to manipulate the prices of its native tokens.
It is absolutely outrageous that someone was able to successfully attack and drain over $1 million worth of crypto from the protocol. This just goes to show how vulnerable these systems can be, and how important it is to always be on the lookout for potential threats.
Sovryn's First Hack
The Sovryn team has released an update on the recent exploit that impacted the RBTC and USDT lending pools. According to their blog post, the attacks specifically targeted the legacy Sovryn Borrow/Lend protocol. The team is currently working on a fix and we will provide more updates as they become available.
I believe that RBTC and USDT have great potential as crypto assets. They are price pegged to Bitcoin and US dollars, respectively, and circulate on Rootstock (RSK), a Bitcoin sidechain. RSK is designed to expand Bitcoin's smart contract, dapp, and scaling capabilities. Sovryn is a Defi protocol built on RSK. I think these protocols have the potential to revolutionize the way we use cryptocurrencies.
The attack on Sovryn appears to have been successful in withdrawing funds from the platform. However, the team is still working hard to recover the lost funds. This incident highlights the need for improved security measures on decentralized exchanges.
“Due to the multi-layered security approach taken, devs were able to identify and recover funds as the attacker was attempting to withdraw the funds,” reads the post. “At this point, through a combined effort, devs have managed to recover about half the value of the exploit.”
This is the first successful exploit against the Sovryn protocol after two years of operation. Edan Yago, spokesperson for Sovryn, said that the protocol is one of the most heavily audited Defi systems with valuable and active bug bounties. He maintained that Sovryn is "one of the most heavily audited Defi systems," with valuable and active bug bounties.
The exploit worked by manipulating Sovryn's iToken price - interest-bearing tokens representing the share of cryptocurrency a user holds in a lending pool. This token's price is updated every time a lending pool position is interacted with. By manipulating the price, the attacker was able to profit from the difference in the iToken's price.
How the Funds Were Drained: A Look at the Madoff Scandal
The attacker's actions show a clever use of the DeFi protocols available on the Ethereum blockchain. By first buying WRBTC using a flash swap on RskSwap, and then borrowing additional WRBTC from Sovryn's lending contract using XUSD as collateral, he was able to quickly amass a large amount of WRBTC. This demonstrates the potential for DeFi protocols to be used for nefarious purposes, and highlights the need for greater security and scrutiny in the space.
“The attacker then provided liquidity to the RBTC lending contract, closed their loan with a swap using their XUSD collateral, redeemed (burned) their iRBTC token, and sent the WRBTC back to RskSwap to complete the flash swap,” the post continued.
It's alarming that an attacker was able to manipulate the iToken price in order to withdraw more RBTC from the lending pool than what was originally deposited. This type of activity could jeopardize the stability of the lending pool and lead to serious financial losses for users. We hope that the team behind the pool will take measures to improve security and prevent this from happening again.
It is good to know that Sovryn has clarified that user funds have not been affected by the hack. Any missing value from the lending pools will be reinjected by Exchequer – the Sovryn treasury. This shows that the team is committed to ensuring that users are not adversely affected by this incident.
The Bitcoin Defi Protocol Sovryn has been hacked for over $1 million. This is a major setback for the protocol and its users.
