OVIX Protocol Falls Victim To $2 Million Oracle Exploit

OVIX, a Polygon-based lending protocol, recently suffered a major setback after suffering an exploit that cost the platform at least $2 million.

in response, ovix It has temporarily suspended POS and zkEVM operations while it works to address the issue and reduce the impact on its users.

The intrusion was initially reported by blockchain security firm CertiK, and later confirmed by Arkham Intelligence.

The OVIX protocol allows borrowing against a variety of stablecoins, including Ethereum derivatives and Polygon’s native MATIC token, as well as Aavegotchi’s token, vGHST.

Arkham claims that the scalper deliberately drove up the price of vGHST in order to obtain large USDC loans. Once on the main Ethereum (ETH) network, the hacker exchanged the stablecoins for 757 ETH.

The intruder used the borrowed stablecoins to access the vGHST lending aggregator and the OVIX lending platform.

GHST price infusion

Blockchain data from CoinMarketCap shows that they borrowed large amounts of vGHST, driving up the price of the local USD currency GHST by up to 25% in just half an hour.

The perpetrator stole collateral and later exchanged it for more tokens.

Aavegotchi blockchain gaming project uses vGHST as its token. It serves as the share token for Aavegotchi’s original token, $GHST.

Blocksec, a security and auditing organization, has verified that vGHST was artificially inflated, and that pricing oracles had been tampered with.

The hacker used vGHST token to exploit the protocol, according to the findings of a study conducted by blockchain security firm PeckShield.

In a statement released on April 28, OVIX acknowledged the issue and said it was investigating the matter with its security partners.

According to CoinGecko, the value of GHST has increased from $1.13 to $1.41.

OVIX discontinued trading

OVIX has suspended point-of-sale and zkEVM trading due to the hack. In addition, it was reported that this will have consequences for the issuance, transfer and liquidation of OTokens.

Such attacks, known in the DeFi community as “price gouging hacks,” are widespread.

When discussing vulnerabilities in decentralized finance (DeFi) systems, the term “price manipulation hack” is commonly used.

DeFi platforms can obtain real-time data on the value of multiple cryptocurrencies and other assets via price oracles, which are external services.

Manipulating prices reported by oracle or compromising the oracle data feed are two ways of manipulating oracle pricing.

To facilitate other attacks, such as flash loans or liquidity pool exploits, attackers may use this false information to artificially inflate or reduce the value of assets.

The term “fast loan attack” is used to describe a specific type of hack used to manipulate Oracle pricing. An attacker in this scenario would borrow heavily from a DeFi platform, inflate the actual value of the asset with fabricated data, and then sell it at the inflated price.

Once the loan is paid off, the attacker keeps the proceeds.

Total market cap of cryptocurrencies as of Sunday unchanged at $1.16 trillion. Chart by TradingView.com

detection challenge

Due to the interconnected nature of many DeFi platforms and price oracles, it can be difficult to detect and prevent manipulation attacks on these systems.

Security measures such as multi-signature authentication and data verification methods must be implemented by DeFi platforms and pricing oracle providers to reduce the likelihood of such attacks.

Meanwhile, OVIX Protocol issued a statement warning offenders that the authorities would be implicated if they did not respond.

Featured image from Crypto Daily

ExploitfallsMillionOracleOVIXprotocolVictim