Liquidity management protocol Gamma lost $4 million as exploiters created many malicious contracts to conduct a price manipulation attack, it has since also been attacked again.
Last year, over $1.8 billion was lost to security incidents. 2024 has just begun, and the Web3 security incidents continue to create havoc.
How Exploiters Attacked Gamma Smart Contracts
Web3 security firm Cyvers reported on X (Twitter) that attackers created many malicious contracts to steal $4 million from Gamma. Cyvers CEO Deddy Lavid told BeInCrypto:
“The attacker created around 40 malicious contracts that targeted Gamma smart contracts. The type of hack is Price manipulation.”
Lavid further explains the price manipulation attack:
“In the price manipulation attack on Gamma smart contracts, the hacker exploited vulnerabilities to inflate assets’ prices artificially. They executed this by using multiple malicious contracts, manipulating market conditions to their advantage. Once the prices were distorted, they converted and moved the funds rapidly, evading typical security measures.”
As per Cyvers, after conducting the attack, the hackers bridged USDT from the Arbitrum chain to the Ethereum network using the Stargate bridge. Later, they swiftly swapped USDT to Ethereum (ETH) to avoid the freezing of funds.
Read more: How To Use Arbitrum Bridge To Bridge Ethereum Tokens
For context, Tether often freezes the stolen USDT to avoid the further movement of funds.
The screenshot below shows the flow of Gamma’s stolen funds. The exploiters have not yet moved the Ethereum or distributed it to multiple addresses. Not to mention, exploiters funded the fresh wallet through Tornado Cash deposit.
Gamma team is working with the security experts to investigate the incident further. It wrote on X (Twitter):
All public vaults/hypervisors have had deposits shut down. You may withdraw your funds if need be. Our vaults will continue to be managed normally for now, but deposits are currently shut down until we identify and mitigate the problem.
Additionally, the protocol has since been attacked again by another attacker who has taken 10 ETH, which is estimated to be $22,000. The attacker has also interacted with the Kyber Networks exploiter, asking for ETH for gas.
2024 Already Plagued With Exploits and Hacks
It has been just four days into 2024, yet three security incidents have been recorded so far. On January 1, BeInCrypto reported that the decentralized cross-chain protocol Orbit Chain lost over $81 million to hackers.
Then, on January 3, Radiant Capital lost $4.5 million due to a smart contract breach. These reports show that hackers exploited over $90 million in 2024.
Read more: Crypto Project Security: A Guide to Early Threat Detection
Do you have anything to say about the Gamma exploit or anything else? Write to us or join the discussion on our You can also catch us on TikTok, Facebook, or X (Twitter).
For BeInCrypto’s latest Bitcoin (BTC) analysis, click here.
Credit: Source link