Perpetuals trading protocol Levana has fallen victim to an oracle attack, resulting in a loss of $1.14 million.
According to a report from the Levana team, the exploitation happened between December 13th and December 26th, with the assailants siphoning off 10% of Levana’s liquidity pools.
The perpetrators exploited a congestion attack on the Osmosis chain, disrupting the capability of Levana users to engage with the markets.
This was further exacerbated by a flaw in Osmosis’ fee market code and the presence of “price staleness” in Levana’s integration with the Pyth oracle. These vulnerabilities enabled the attackers to manipulate prices and deplete the pools.
“A bug in the Osmosis fee market code meant that during times of congestion, the provided gas price was generally insufficient for making trades or performing ongoing bot maintenance activities,” Levana wrote.
The team noted that there was no known vulnerability in the Pyth oracle despite the attack.
“Though the Pyth oracle is a key part of the attack, there is no known vulnerability in the Pyth oracle,” the team wrote. “It behaved exactly as expected.”
Hackers carry out oracle attacks by manipulating the information provided by an external data source, known as an oracle, with the intention of deceiving smart contracts or blockchain protocols. This manipulation of data from the oracle can lead to incorrect or unintended outcomes in smart contract executions, resulting in financial losses or unauthorized transactions.
The team pinpointed several markets affected by 7 “suspected malicious actors.” It remains uncertain whether additional accounts were involved in the exploit, and if these accounts acted independently or collaboratively.
The amount stolen could have been more
Read more on cryptonews.com