Hackers Strike: About $1 Million Stolen From Bitcoin DeFi Protocol Sovryn via iToken Price Manipulation

Hackers Strike: About $1 Million Stolen From Bitcoin DeFi Protocol Sovryn via iToken Price Manipulation

Sovryn, a bitcoin-based DeFi protocol, loses about $1 million worth of crypto to cyber attackers in a price manipulation hack. The attacker(s) achieved this by exploiting a vulnerability discovered in the legacy Sovryn Lend/Borrow protocol. 

Sovryn Loses $ 1 Million to Hackers

Hackers seem to be on a rampage, and crypto-based accounts are their targets. Since the beginning of this year, we have recorded attacks on crypto establishments in large numbers. Last month, the crypto community witnessed several attacks, one of the largest being the $160 Million Wintermute hack. Just recently, on the 3rd of this month, we read of TransitSwap’s $21 Million loss to cybercriminals. Unfortunately, Sovryn is the most recent target of cyber attackers. 

In the early hours of the 4th of this month, Sovryn, Bitcoin-based decentralized finance (DeFi) provider, announced the breach of its platform by a cyber attacker. By exploiting loopholes in Sovryn’s payment system, the hacker stole about $1 million worth of cryptocurrency, including 44.93 RBTC and 211,045 USDT.

How It Happened

According to a press release on Sovryn’s website providing updates on the hack, the hacker used manipulation of the iToken price. The token price is updated every time it interacts with one of its lending pool’s positions.

First, the hackers purchased WRBTC with a flash swap from RskSwap, then using their own XUSD as collateral, the attackers were able to borrow WRBTC from the RBTC Sovryn lending contract. The hacker then provided liquidity to the RBTC lending contract, closed their loan with a swap with their XUSD collateral, redeemed their iRBTC token, and then sent the WRBTC back to RskSwap to complete the flash swap. 

The hacker withdrew some of the stolen funds using the AMM swap function, ending up with several different tokens.

All of these activities manipulated the iRBTC price, making it possible for the hacker to be able to take out much more RBTC than they originally deposited.

Half the Stolen Amount Recovered

According to Sovryn, the series of unusual activities were detected by Sovryn devs and the system was immediately placed in maintenance mode, thereby restricting further transactions. This gave the developers time to investigate the issue. 

As a result of the multi-layered security approach taken, developers were able to identify and redeem funds as the hacker was trying to withdraw the stolen funds. 

As of the 4th of September, Sovryn stated that “efforts to recover funds are ongoing. At this point, through a combined effort, devs have managed to recover about half the value of the exploit. Fund recovery efforts are still ongoing”.

On its Twitter page, yesterday, Sovryn stated that they are working on gradually restoring the system functionality, starting with the AMM, FastBTC and Zero.

Moving Forward

In its press release, Sovryn has assured that user funds are not at risk and that the exchequer will “reinject any missing value to the lending pools”

Going forward, Sovryn has outlined several activities succeeding the attack. Asset recovery efforts will continue, and a full investigation of the exploit will be concluded. Also, a plan is being formulated by Sovryn to return the system to full functionality, but maintenance mode will only be removed once there is confidence in system safety. A full post-mortem will be published, and findings will be documented for future improvement.

Follow Us on Google News