Connect with us

Hi, what are you looking for?


Sovryn DeFi platform loses over $1M in a hack

Sovryn, a decentralized finance protocol on the Bitcoin network, has lost more than $1 million in an exploit. The hackers used a price manipulation technique to exploit the proto

The exploit in question happened earlier this week, where the culprit stole more than $1 million worth of cryptocurrencies from the protocol. The stolen funds comprise 211,045 USDT and 44.93 RBTC.

A blog post from the DeFi platform on the matter said that the attacks targeted the Sovryn Borrow/Lend protocol, which affected the RBTC and USDT lending pools.

RBTC is a stablecoin like Tether (USDT). However, while USDT’s price is pegged to the US dollar, RBTC’s price is pegged to Bitcoin. The DeFi platform runs on Rootstock (RSK), a Bitcoin sidechain seeking to expand Bitcoin’s smart contract, decentralized application (DApp), and scaling capabilities.

The attackers withdrew part of the funds through the Sovryn AMM swap feature. Through this feature, the attacker managed to steal several tokens from the platform, with the recovery process for these funds still underway.

A spokesperson from Sovryn, Edan Yago, said this was the first successful exploit against the platform despite being in operation for two years. He also added that Sovryn was focused on security by being among the most audited DeFi platforms.

The attackers conducted this exploit by manipulating the price of iToken. iToken is an interest-bearing token representing the share of cryptocurrency a user holds within a lending pool. The price of the token is updated each time there is interaction with a lending pool position.

How the attackers stole the funds

The attackers stole the funds from the protocol using a price manipulation technique. Under this technique, the attacker purchased wrapped RBTC (WRBTC) through a flash swap in RskSwap. The attacker borrowed additional WRBTC from the Sovryn lending contract using XUSD. XUSD, also a stablecoin, was used as collateral during the transaction.

The attacker later provided liquidity to the RBTC lending contract and closed their loan using a swap with XUSD as the collateral. They later redeemed and burned their iRBTC token and sent the WRBTC back to RskSwap to complete the flash swap transaction.

The attack involved manipulating the price of iToken so that the attacker could withdraw more RBTC from the lending platform than their initial deposit. Sovryn also said that the funds belonging to users were not affected by the attack. The Sovryn Treasury will also reimburse the missing funds within the lending pools to guarantee the safety of user funds.


Bitcoin Mining

Despite a $72 million rescue offer from creditors, concerns have been raised about the general viability of the Bitcoin trading community amid a protracted...


Ripple is attempting an upside break above the $0.365 resistance zone against the US Dollar. XRP price could fail to gain pace if it...


Bitcoin price is facing resistance near $17,000. BTC could start another decline unless there is a strong move above the $17,000 resistance zone. Bitcoin...


Ethereum started a fresh decline from the $1,320 resistance against the US Dollar. ETH is struggling and remains at a risk of a move...