OVIX, a Polygon-based lending protocol, recently suffered a major setback after being hit by an exploit that cost the platform at least $2 million.
In response, OVIX temporarily halted its POS and zkEVM operations while it worked to address the issue and minimize the impact on its users.
The intrusion was initially reported by blockchain security company CertiK, and was later substantiated by Arkham Intelligence.
The OVIX protocol allows borrowing against a variety of stablecoins, including Ethereum derivatives and Polygon’s native MATIC token, as well as Aavegotchi’s staked token, vGHST.
Arkham claims that the exploiter deliberately raised the price of vGHST in order to obtain substantial USDC in loans. Once on the Ethereum (ETH) mainnet, the hacker exchanged the stablecoins for 757 ETH.
The intruder utilized the borrowed stablecoins to gain access to the vGHST lending pool and the OVIX lending platform.
Pumping The Price Of GHST
Blockchain data from CoinMarketCap shows that they borrowed substantial amounts of vGHST, driving up the price of the native currency $GHST by as much as 25% in just half an hour.
The perpetrator made off with the collateral and later traded it in for more tokens.
The Aavegotchi blockchain gaming project uses vGHST as its staking token. It serves as the share token for the native Aavegotchi token, $GHST.
Blocksec, a security and auditing organization, has verified that the value of vGHST was increased artificially, and that the pricing oracle was tampered with.
The hacker had used the vGHST token to exploit the protocol, according to the findings of a study by blockchain security firm PeckShield.
0VIX is working with its security partners to look into the current situation that seems to be related to vGHST.
As a result, POS and zkEVM markets have been paused this includes pausing oToken transfers, minting, and liquidations.
Only POS has been currently affected but zkEVM…
— 0VIX | live on zkEVM (@0vixProtocol) April 28, 2023
In a statement released on April 28th, OVIX acknowledged the issue and said it was investigating the matter with its security partners.
According to CoinGecko, the value of GHST increased from $1.13 to $1.41.
OVIX Suspends Trading
OVIX has suspended trading in POS and zkEVM because of the breach. In addition, it was stated that this would have consequences for oToken issuance, transfer, and liquidation.
Such attacks, known in the DeFi community as “price oracle manipulation hacks,” are widespread.
When discussing vulnerabilities in decentralized finance (DeFi) systems, the term “price oracle manipulation hacks” is commonly used.
DeFi platforms can get real-time data on the value of multiple cryptocurrencies and other assets via price oracles, which are external services.
Manipulating the prices reported by the oracle or compromising the oracle’s data feed are both methods of manipulating pricing oracles.
To facilitate other attacks, such as flash loans or liquidity pool exploits, attackers might utilize this phony information to artificially inflate or deflate the value of assets.
The term “flash loan attack” is used to describe a specific kind of hack used to manipulate pricing oracles. An attacker in this scenario would borrow heavily from a DeFi platform, inflate the asset’s actual value with fabricated data, and then sell it at the inflated price.
Once the loan is paid back, the attacker keeps the proceeds.
Total market cap of cryptocurrencies as of Sunday unchanged at $1.16 trillion. Chart by TradingView.com
The Challenge In Detection
Because of the interconnected nature of many DeFi platforms and price oracles, it can be challenging to detect and prevent manipulation attacks on these systems.
Security procedures, such as multi-signature authentication and data verification methods, should be implemented by DeFi platforms and pricing oracle providers to reduce the likelihood of these attacks.
Official message to the attacker:
At 8am UTC 1 May 2023 the law enforcement process is scheduled to begin in the absence of any funds being returned.
We will take the leads we’ve gotten so far (thank you to the public for these), combine it with our tracing we’ve already done on…
— 0VIX | live on zkEVM (@0vixProtocol) April 29, 2023
Meanwhile, the OVIX protocol has released a statement, which warns the perpetrators that authorities will get involved if they don’t respond.
-Featured image from Crypto Daily