The attacker withdrew more than $2 million worth of digital assets from the 0VIX DeFi protocol, allegedly as a result of a flash loan attack.
We are currently investigating a #flashloan exploit on 0VIX.
It appears an attacker exploited the protocol via flash loan for ~$2million.
More details to follow pic.twitter.com/XVgb6EZ5oB
— CertiKAlert (@CertiKAlert) April 28, 2023
According to on-chain data, the hacker’s prey was:
~1.45 million USD Coin (USDC); ~0.58 million Tether (USDT); ~9566 Aavegotchi tokens (GHST).
An unknown person transferred assets from the Polygon network to Ethereum via the Stargate Finance cross-chain bridge and converted them into ETH.
The 0VIX team confirmed the incident without details and suspended the markets on Polygon and zkEVM. The latter were not affected by the attack and the actions became a precautionary measure.
0VIX is working with its security partners to look into the current situation that seems to be related to vGHST. As a result, POS and zkEVM markets have been paused this includes pausing oToken transfers, minting, and liquidations. Only POS has been currently affected but zkEVM…
— 0VIX | live on zkEVM (@0vixProtocol) April 28, 2023
According to the developers, the attack vector is associated with GHST.
— Hacken
Amid the attack, the amount of funds blocked in 0VIX fell from $6.42 million to $1.78, according to DeFi Llama.
On April 26, the Merlin decentralized exchange based on zkSync lost about $2 million as a result of the attack. The project team said that the incident was not an exploit, but the fraudulent actions of a group of technical specialists.
Source: bitcoinlinux.com
