DeFi Hack: 0VIX on Polygon (MATIC) Exploited for $2 Million in Flash Loan Attack

DeFi Hack: 0VIX on Polygon (MATIC) Exploited for $2 Million in Flash Loan Attack

On April 28, 2023, a flash loan attack targeted the decentralized lending protocol 0VIX on Polygon's (MATIC) main chain and its novel network Polygon zkEVM. According to reports, the attack became possible due to a flaw in the oracles mechanism of 0VIX, which was exploited by the attacker to manipulate the price of vGHST, a 0VIX token based on Aavegotchi's GHST asset.

Leading Web3 cybersecurity expert Peckshield revealed that the attacker deposited $24.5 million in USD Coins (USDC) as collateral and borrowed $5.4 million in U.S. Dollar Tether (USDT) and 720,000 USDC. The attacker then started a series of leveraged borrowings of vGHST, causing the price of the low-liquid coin to rocket. However, the vulnerable VGHSTOracle failed to mitigate the manipulation, resulting in the liquidation of the attacker's borrowing position and the return of the collateral to their pocket. In total, the attackers made approximately $2 million in crypto equivalent as a result of this hack.

This attack vector is a common one for attacks in DeFi, with similar oracles manipulations happening in 2022 on Ethereum (ETH), Polygon (MATIC), Solana (SOL), and BNB Chain (BSC). It is worth noting that the team of 0VIX paused all operations on Polygon (MATIC) and zkEVM networks, although the latter was not affected by the attack.

The protocol sent a message to the attacker urging them to return the stolen money, but the malefactors remain silent. The term of the ultimatum expired, and there is no update from the attackers' side. As such, the victims will likely be sharing information about the hack with law enforcement bodies to find the owners of wallets involved in the attack.

The attack on 0VIX highlights the importance of security in DeFi protocols, especially given the large sums of money at stake. It is crucial that DeFi protocols take the necessary precautions to prevent such attacks, including implementing robust security measures and conducting regular audits.

In response to the attack, the Polygon team has announced plans to work with security experts to enhance the security of its ecosystem. In a statement, the Polygon team said, "We take the security of our ecosystem very seriously, and we are committed to ensuring that our users can trust the Polygon network and its applications. We will continue to work with security experts to enhance the security of our ecosystem and prevent such attacks from happening in the future."

This attack on 0VIX is a reminder that the DeFi ecosystem is still in its infancy, and there is much work to be done to ensure its security and stability. While the DeFi space offers significant opportunities for innovation and growth, it also presents significant risks that must be addressed through diligent security measures and proactive risk management.

As the DeFi ecosystem continues to evolve, it is essential that all stakeholders, including developers, investors, and users, work together to build a secure and resilient DeFi ecosystem that can withstand attacks and other security threats. Only by working together can we ensure the long-term success of DeFi and the broader crypto ecosystem.

Comment ()