Lodestar Finance, a lending platform built on layer-2 Arbitrum technology, experienced a security breach that resulted in a $6.9 million loss. On December 10, Lodestar Finance was the target of a flash loan attack. According to Lodestar, the attacker inflated the value of PlutusDAO’s plvGLP token before using it to borrow the entire available platform liquidity.

When the collateralization ratio mechanism prevented the plvGLP from being completely liquidated, the attacker provided Lodestar with plvGLP collateral and borrowed all of the remaining liquidity. On December 10, the team reported that a “collateralization ratio mechanism prevented them from fully cashing out the plvGLP.”

How Did the Hack Happen?

On December 11, Lodestar discussed the attack flow on Twitter. According to the company, the attacker initially manipulated the plvGLP contract’s exchange rate to 1.83 GLP for each plvGLP, “an exploit that would be unprofitable on its own.” The attacker may have made his first $5.8 million.

Lodestar later stated that approximately 2.8 million GLP (worth $2.4 million at the time) had been recovered and would be returned to affected customers. Using DeBank, the team is attempting to negotiate a bug bounty with the hacker. The network is attempting to negotiate with the hackers, stating that they will be rewarded if they refund them, and has provided the hackers with a contact address.

This security breach is similar to what occurred at Mango Markets in October, when fraudsters gained access to the project in order to extract money by manipulating the market, causing up to 114 million USD in damages.

Flash Loan Attacks

The attack involved the abuse of short-term loans. A flash loan is a method of borrowing digital assets and repaying them quickly (with the same signature). Smart contracts were used by attackers to construct transactions that achieve quick arbitrage. Attackers obtained large amounts of plvGLP collateral through flash loans and quickly changed the price by pumping GLP into plvGLP contracts.

They carry on with the procedure, borrowing more money than they should be able to influence the pricing of the plvGLP oracle. An Oracle vulnerability, according to the Lodestar team, necessitated a redesign of Oracle’s design. To avoid future misuse, the price oracle should not change immediately within the same block.

LOGE is Dopping

Members of the Lodestar team announced their intention to halt borrowing and liquidation operations on the team’s Discord channel. According to defillama.com data, the total value locked (TVL) in Lodestar has dropped from around $7 million to just $11.06.

The project’s native cryptocurrency, Lodestar (LODE), has lost 12.0% of its value against the dollar in the last 24 hours. The current value of a LODE coin is $0.153906. LODE hit an all-time high of $0.718 per unit on November 23. On December 11, Lodestar hit an all-time low of $0.130323.


Dash 2 Trade - New Gate.io Listing

Our Rating

Dash 2 Trade
  • Also Listed on Bitmart, Changelly, LBank, Uniswap
  • Collaborative Trading Platform Token
  • Featured in Bitcoinist, Cointelegraph
  • Solid Proof Audited, CoinSniper KYC Verified
  • Trading Community of 70,000+ Members
Dash 2 Trade