0VIX, decentralized lending/borrowing protocol on Polygon’s PoS and zkEVM networks focused by flash mortgage assault
Read U.TODAY on
Malefactors managed to govern the value of 1 asset that was a cornerstone ingredient of 0VIX’s lending module. The workforce addressed the hacker with a message, however they continue to be silent.
Polygon-based lending protocol 0VIX focused by flash mortgage assault, here is situation
In line with an announcement shared by the workforce of 0VIX, a decentralized lending protocol that works on Polygon’s (MATIC) important chain and its novel community Polygon zkEVM, its oracles mechanism was exploited yesterday, April 28, 2023.
Main Web3 cybersecurity skilled Peckshield revealed that the assault turned potential on account of a flaw within the oracles mechanism of 0VIX. With the intention to begin the manipulation, the attacker deposited $24.5 million in USD Cash (USDC) as collateral and borrowed $5.4 million in U.S. Greenback Tether (USDT) and 720,000 USDC.
Then, they began a sequence of leveraged borrowings of vGHST, a 0VIX token based mostly on Aavegotchi’s GHST asset. As a low-liquid coin, vGHST noticed its worth rocket: susceptible VGHSTOracle didn’t mitigate the manipulation. In consequence, the borrowing place of the hacker was liquidated and the collateral returned to their pocket.
In complete, the attackers made roughly $2 million in crypto equal on account of this hack.
As coated by U.At present beforehand, this vector is a typical one for assaults in DeFi. In 2022, plenty of eight-digit assaults with oracles manipulations occurred on Ethereum (ETH), Polygon (MATIC), Solana (SOL) and BNB Chain (BSC).
Hacker rejects $125,000 bug bounty reward
The workforce of 0VIX paused all operations on Polygon (MATIC) and zkEVM networks; nevertheless, the latter was not affected by the assault. The protocol despatched a message to the attacker urging them to return the stolen cash.
Nonetheless, the malefactors don’t appear to be eager about paying the debt: The time period of the ultimatum expired and there’s no replace from the attackers’ facet.
As such, the victims will possible be sharing details about the hack with legislation enforcement our bodies to seek out the homeowners of wallets concerned within the assault.