This DeFi Protocol Just Got Hacked for $6.9 Million – Here’s What Happened
Lodestar Finance, a DeFi protocol built on Ethereum’s Arbitrum network, lost $6.9m in an exploit over the weekend where an attacker was able to manipulate a price oracle.
In a statement published on Sunday, the team behind Lodestar admitted that the hack has created “a bad situation” and that “options are limited.”
The team said in the statement that the hack was made possible by manipulation of a price oracle in the protocol, which caused an “instantaneous change in the price.” This ultimately allowed the attacker to “borrow more than they should have been allowed,” resulting in a profit for the person or group behind the attack.
Going forward, the Lodestar team said the main priority is to work on recovering what they believe is recoverable, and then try to establish communications with the attacker.
“The Lodestar team is going to base our recovery plan off the approximately 2,720,000 GLP that is recoverable from the plvGLP contract,” the statement said, adding that further details about this recovery will be provided as they become available.
“In the meantime we will continue to try to reach out to the hacker and see if we can reach an agreement to return more of the user’s funds,” the team added in the statement.
The Lodestar Twitter account then went on to reach out directly to the attacker, offering to “find a white-hat agreement and move on.
“Recovering the funds of our users is the main priority and we will generously reward your collaboration,” the tweet said.
The statement from the Lodestar team came after a team member earlier in the weekend wrote in a user forum that the team is “working through what appears to be a potential exploit.”
He added that withdrawals “remain open, but are likely not able to be processed right now,” as liquidity on the protocol has come under pressure.
The case was also commented on by several community members on twitter, with one popular crypto Twitter user and developer sharing the entire process of how the hacker went about the attack.
The same user explained that there is now essentially nothing of value left in Lodestar. “It’s all bad debt,” he said.
LODE token crashes
As a result of the hack, the price of Lodestar’s own token, LODE, went into a nosedive. At the time of writing on Monday, the price of LODE stood at $0.1535, down 7.7% for the past 24 hours and down almost 60% in the past 7 days.
The LODE token has a tiny market capitalization of just $181k, and can only be traded on the Uniswap decentralized exchange, according to data from CoinGecko.
The Lodestar protocol is built on Arbitrum, a major second-layer scaling network for Ethereum.