Osmosis DEX, a decentralized crypto exchange built on the Cosmos network, became a victim of a hacker attack after 4 individuals exploited a bug in the network and stole $5 million worth of assets.
The bug first came up in a Reddit post on the official Cosmos Network page. User Straight-Hat3855 talked about a “serious problem” with Osmosis (OSMO). In fact, users can grow LPs up to 50% just by adding and removing liquidity. In a short time, the post disappeared from Reddit.
Unfortunately, the attackers saw the exploit and using it, removed $5 million from liquidity pools on the Osmosis exchange.
Moreover, after the identification of the bug, the Osmosis exchange halted at block height of 4,713,064. Project Moderator RoboMcGobo explained in a series of posts about the functioning of the bug. However, with these detailed instructions, attackers added liquidity to any Osmosis LP and immediately withdraw it for a 150% return on their initial deposit. RoboMcGobo wrote:
“Essentially, the function would give 50% too many LP shares for a join, If one should have gotten 10 LP shares, 15 would be achieved out.”
He also explained that “a small number of users” unintentionally exploited the bug. Moreover, Osmosis posted those four attackers looted $5 million worth of funds from the network. They also stated that 2 of those attackers are willing to return their funds.
Moreover, after an hour of Osmosis tweeting about the attack, FireStake, a validator on the Cosmos ecosystem posted a Twitter thread. In the thread, he admitted that “a temporary lapse in good judgment” saw two members of its team exploit the bug to the extent of roughly $2 million.