{"id":459934,"date":"2022-06-09T10:44:01","date_gmt":"2022-06-09T07:44:01","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/attackers-loot-5m-from-osmosis-in-lp-exploit-2m-returned-soon-after\/"},"modified":"2022-06-09T10:44:01","modified_gmt":"2022-06-09T07:44:01","slug":"attackers-loot-5m-from-osmosis-in-lp-exploit-2m-returned-soon-after","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/attackers-loot-5m-from-osmosis-in-lp-exploit-2m-returned-soon-after\/","title":{"rendered":"# Attackers loot $5M from Osmosis in LP exploit, $2M returned soon after"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_84 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a29a05b4a1d3\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a29a05b4a1d3\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-1'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/attackers-loot-5m-from-osmosis-in-lp-exploit-2m-returned-soon-after\/#%E2%80%9D_Attackers_loot_5M_from_Osmosis_in_LP_exploit_2M_returned_soon_after_%E2%80%9C\" >&#8221; Attackers loot $5M from Osmosis in LP exploit, $2M returned soon after &#8220;<\/a><\/li><\/ul><\/nav><\/div>\n<h1><span class=\"ez-toc-section\" id=\"%E2%80%9D_Attackers_loot_5M_from_Osmosis_in_LP_exploit_2M_returned_soon_after_%E2%80%9C\"><\/span>&#8221; Attackers loot $5M from Osmosis in LP exploit, $2M returned soon after &#8220;<span class=\"ez-toc-section-end\"><\/span><\/h1>\n<p><img decoding=\"async\" src=\"https:\/\/images.cointelegraph.com\/images\/840_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjItMDYvOGMwZjNkYTktMDE2NC00MDJmLWI4YTAtYzA5ZWIzNWQ0YjA0LmpwZw==.jpg\" \/><\/p>\n<div class=\"post-content\" data-v-2a0745c6>Osmosis, a decentralized exchange (DEX) built on the Cosmos network, was halted just before 3:00 am EST on Wednesday after attackers exploited a liquidity provider (LP) bug to the tune of roughly $5 million.<\/p>\n<p>The bug was first\u00a0<a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/TheJunonaut\/status\/1534402698556190726\">identified<\/a>\u00a0in a <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/social-mediaa\/\" data-internallinksmanager029f6b8e52c=\"1\" title=\"Social Media\" target=\"_blank\" rel=\"noopener\">Reddit<\/a> post on the official Cosmos Network page. The user, Straight-Hat3855, brought attention to a \u201cserious problem\u201d with Osmosis (OSMO) that allowed users to arbitrarily grow LPs by 50% simply by adding and removing liquidity.\u00a0The Reddit post was quickly removed, but not before malicious actors took advantage of the bug, which saw <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>roximately $5 million removed from liquidity pools on the Osmosis exchange.<\/p>\n<p>Following the exploit and the identification of the LP bug, the Osmosis exchange was halted at a block height of 4,713,064, <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/notice.mintscan.io\/osmosis\/218\">according<\/a> to an announcement from Osmosis block explorer Mintscan.<\/p>\n<p>Explaining how the bug worked in a <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/watch-movies-tv-seriess\/\" data-internallinksmanager029f6b8e52c=\"8\" title=\"Watch Movies &amp; TV Series\" target=\"_blank\" rel=\"noopener\">series<\/a> of posts in the Osmosis Discord was project moderator RoboMcGobo, who detailed how the flaw allowed attackers to add liquidity to any Osmosis LP and then immediately withdraw it for a 150% return on their initial deposit: \u201cEssentially, the function would give 50% too many LP shares for a join,\u201d RoboMcGobo wrote just after 4:00 pm on Wednesday, adding: \u201cIf one should have gotten 10 LP shares, 15 would be achieved out.\u201d<\/p>\n<p>RoboMcGobo explained that the bug was \u201cexploited intentionally by a small number of users\u201d and \u201cseemingly unintentionally by a few others.\u201d\u00a0According to a Twitter thread from Osmosis, four attackers were responsible for 95% of the total exploit amount, with two of the attackers voluntarily stepping forward to return stolen funds.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">Update:<\/p>\n<p>&#8211; 4 individuals have been identified that account for 95%+ of realized exploit amount.<\/p>\n<p>&#8211; 2 out of the 4 individuals has proactively expressed intent to return the exploited amount in full.<\/p>\n<p>\u2014 Osmosis  (@osmosiszone) <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/osmosiszone\/status\/1534585650476994560?ref_src=twsrc%5Etfw\">June 8, 2022<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><br \/>\nRoughly one hour following Osmosis\u2019 tweet concerning the attack, FireStake, a validator in the Cosmos ecosystem, posted a Twitter thread admitting that \u201ca temporary lapse in good judgment\u201d saw two members of its team exploit the bug to the extent of roughly $2 million. <\/p>\n<p>Firestake told their 1,700 Twitter followers that they were \u201cthinking about [their] family\u2019s future\u201d when they continued to exploit the bug. However, after admitting to \u201cstressing through the night\u201d about the event, they decided to voluntarily return the funds and \u201cset things straight.\u201d<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">Dear <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/osmosiszone?ref_src=twsrc%5Etfw\">@osmosiszone<\/a> community, many of you know about the Osmosis LP bug that occurred yesterday. <\/p>\n<p>In disbelief of it being real, two members of <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/fire_stake?ref_src=twsrc%5Etfw\">@fire_stake<\/a> started testing to see if the bug existed, testing grew into a temporary lapse in good judgment, and&#8230;<\/p>\n<p>\u2014 FireStake | Validator (@stake_fire) <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/stake_fire\/status\/1534598315441913856?ref_src=twsrc%5Etfw\">June 8, 2022<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/commonwealth.im\/osmosis\/discussion\/5359-discussion-thread-osmosis-halt-20220608\">According<\/a> to a post from Osmosis co-founder Sunny Aggarwal, the other two hackers responsible for the theft made a series of transactions to centralized exchanges, which Aggarwal believes will make it easier to track them down. <\/p>\n<p>RoboMcGobo echoed Aggarwal\u2019s words in the project\u2019s Discord, \u201cFunds have been linked to CEX accounts. Law enforcement has been notified\u2026 we\u2019re hopeful that the exploiters will do the right thing here so that aggressive action will not be necessary.\u201d<\/p>\n<p><template data-name=\"subscription_form\" data-type=\"markets_outlook\"><\/template><\/div>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong>\n<\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/news\/\" data-internallinksmanager029f6b8e52c=\"2\" title=\"News\" target=\"_blank\" rel=\"noopener\">News<\/a> articles, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/general\/\" target=\"_blank\" rel=\"noopener\">General category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/cointelegraph.com\/news\/attackers-loot-5m-from-osmosis-in-lp-exploit-2m-returned-soon-after\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8221; Attackers loot $5M from Osmosis in LP exploit, $2M returned soon after &#8220; Osmosis, a decentralized exchange (DEX) built on the Cosmos network, was halted just before 3:00 am EST on Wednesday after attackers exploited a liquidity provider (LP) bug to the tune of roughly $5 million. The bug was first\u00a0identified\u00a0in a Reddit post&#8230;<\/p>\n","protected":false},"author":1,"featured_media":459935,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/images.cointelegraph.com\/images\/1200_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjItMDYvOGMwZjNkYTktMDE2NC00MDJmLWI4YTAtYzA5ZWIzNWQ0YjA0LmpwZw==.jpg","fifu_image_alt":"","footnotes":""},"categories":[1],"tags":[74867,74877,74868,75916,20093,70944],"class_list":["post-459934","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general","tag-altcoin","tag-decentralized-exchange","tag-defi","tag-dex","tag-cosmos","tag-hackers"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/459934","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=459934"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/459934\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/459935"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=459934"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=459934"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=459934"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}