Sovryn, a Bitcoin-based decentralized financial protocol, was taken from over $1 million using a price manipulation exploit.
The attacker was able to steal more than $1 million of crypto from the protocol including 44.93 RBTC, 211,045 USDT, and 211,045 USDT.
Sovryn’s first hack
Sovryn’s blog entry on the subject states that the attacks targeted the Sovryn Borrow/Lend legacy protocol. It impacted the USDT and RBTC lending pools.
RBTC, USDT and USDT are crypto assets that are priced in Bitcoin and US dollars. They circulate on Rootstock, which is a Bitcoin sidechain that aims to increase Bitcoin’s smart contracts, dapp and scaling capabilities. Sovryn, a Defi protocol, is built on RSK.
Some funds were allegedly withdrawn via Sovryn’s AMM swap function. This means that the attacker had several tokens. Still, efforts to recover funds are ongoing.
The post states that “Devs were able identify and recover funds while the attacker attempted to withdraw them funds due to the multi-layered security strategy taken.” “Devs have now managed to recover approximately half of the exploit’s value through a combined effort.”
Edan Yago, spokesperson for Sovryn, stated that this exploit was the first against the protocol in two years of operation. Edan Yago, Sovryn spokesperson, stated that Sovryn “is one of the most heavily audited Defi system,” with valuable and active bugs bounties.
This exploit was achieved by manipulating Sovryn’s iToken prices – interest-bearing tokens that represent the percentage of cryptocurrency a user has in a lending pool. The price of this token is updated each time a position in a lending pool is accessed.
How the Funds were Drained
The attacker first bought WRBTC (wrapped RBTC), using a flash trade in RskSwap. He then borrowed additional WRBTC through Sovryn’s loan contract, using his own XUSD (another stablecoin), as collateral.
The attacker provided liquidity to the RBTC loan contract, closed the loan using a swap using their XUSD collateral and redeemed (burnt) their iRBTC token. He then sent the WRBTC back at RskSwap for the flash swap.” the post continued.
The whole process manipulated iToken prices so that the attacker could withdraw more RBTC from lending pools than was originally deposited.
Sovryn stated that hacking did not affect user funds. Exchequer, the Sovryn Treasury, will reinvest any value that is missing from the lending pools.
CryptoPotato’s first post, Bitcoin Defi Protocol Sovryn Hacked for More Than $1 Million, appeared first on CryptoPotato.
Marla Brooks – Financial Analysis
My name is Marla Brooks, and I am the mainstream behind the”observednews.com” for the powerful and most delicate insights into the latest activities in the financial analysis category. I started my journey as an independent financial consultant. I had approximately nine years of experience in this field. I am free soul so; my passion for exploring the world has taken me to the nations across the globe and given me the chance to report for a portion of the best news associations. Currently, I am a full-time editor as experienced in finance and started to use my abilities.