Arabic AR Chinese (Simplified) ZH-CN English EN French FR German DE Japanese JA Portuguese PT Russian RU Spanish ES Turkish TR
Connect with us

Hi, what are you looking for?

DeFi

Sovryn DeFi platform loses over $1M in a hack

Sovryn, a decentralized finance protocol on the Bitcoin network, has lost more than $1 million in an exploit. The hackers used a price manipulation technique to exploit the proto

The exploit in question happened earlier this week, where the culprit stole more than $1 million worth of cryptocurrencies from the protocol. The stolen funds comprise 211,045 USDT and 44.93 RBTC.

A blog post from the DeFi platform on the matter said that the attacks targeted the Sovryn Borrow/Lend protocol, which affected the RBTC and USDT lending pools.

RBTC is a stablecoin like Tether (USDT). However, while USDT’s price is pegged to the US dollar, RBTC’s price is pegged to Bitcoin. The DeFi platform runs on Rootstock (RSK), a Bitcoin sidechain seeking to expand Bitcoin’s smart contract, decentralized application (DApp), and scaling capabilities.

The attackers withdrew part of the funds through the Sovryn AMM swap feature. Through this feature, the attacker managed to steal several tokens from the platform, with the recovery process for these funds still underway.

A spokesperson from Sovryn, Edan Yago, said this was the first successful exploit against the platform despite being in operation for two years. He also added that Sovryn was focused on security by being among the most audited DeFi platforms.

The attackers conducted this exploit by manipulating the price of iToken. iToken is an interest-bearing token representing the share of cryptocurrency a user holds within a lending pool. The price of the token is updated each time there is interaction with a lending pool position.

How the attackers stole the funds

The attackers stole the funds from the protocol using a price manipulation technique. Under this technique, the attacker purchased wrapped RBTC (WRBTC) through a flash swap in RskSwap. The attacker borrowed additional WRBTC from the Sovryn lending contract using XUSD. XUSD, also a stablecoin, was used as collateral during the transaction.

The attacker later provided liquidity to the RBTC lending contract and closed their loan using a swap with XUSD as the collateral. They later redeemed and burned their iRBTC token and sent the WRBTC back to RskSwap to complete the flash swap transaction.

The attack involved manipulating the price of iToken so that the attacker could withdraw more RBTC from the lending platform than their initial deposit. Sovryn also said that the funds belonging to users were not affected by the attack. The Sovryn Treasury will also reimburse the missing funds within the lending pools to guarantee the safety of user funds.

Featured

Technology

The company unveiled a new stylish hardware wallet designed by a former Apple engineer at a Paris event today Bitcoin and cryptocurrency hardware wallet...

Bitcoin Mining

According to a Coindesk report, “The industry has found itself in a fight with the local grid operator provider, Ande, and some members of the...

Finance

People in Nigeria, Kenya and Ghana can now receive instant, low-cost remittance payments in local currency through Bitcoin’s Lightning Network. Bitcoin payments app Strike...

Finance

Although the crypto winter of 2022 has disrupted the entire crypto industry, traditional banking giants are showing confidence in the sector. Japanese banking giant...