Try Quests to earn cryptoOsmosis Bug Exploiters
On June 8, 2022, the Osmosis v9.0 update went live. As it turns out, it contained a critical bug. This bug could potentially drain all liquidity pools. As a result, the Osmosis team halted the chain. Thus, avoiding further damage.
- image Source
This Link
In this dashboard, I will answer this question from Flipside Crypto:
- What is the list of addresses that were explicitly exploiting the bug by doing multiple join/exits, i.e. who were the attackers?
- What was the total dollar amount that was taken by the attackers?
- What amount of stolen assets in the attackers’ wallets remain on Osmosis?
A Bug Detected
Crypto Twitter user Junønaut mentioned this bug first in a thread. He calls himself a crusader of the Juno Network. To clarify, Junø is a DEX in the Cosmos ecosystem. He got his information from the Osmosis and Cosmos Reddit subreddits. So, let’s see what he has to say.
Reddit user Straight Hat was the first to report this. This was on June 8, 2022. He claims that you can add liquidity to any pool and gain an extra 50% when you remove it. Now, that is a serious bug indeed. However, he received a lot of flak, since initially nobody seemed to believe him. That is, until they started to try it out.
As a result, some users started to exploit this bug. Here’s a sample of one wallet that repeatedly joined a pool and exited.
To take advantage of this bug and exploit it, you only needed to follow three simple steps.
-
Add liquidity to a pool.
-
Remove liquidity from the pool, allowing 50% extra. No bonding needed.
-
Rinse and repeat.
After the v9.0 update installed on June 8, 2022, validators started to mention issues.
This resulted in halting the chain in block 4713064. By doing so, Osmosis can save the remaining liquidity on the DEX.
> To find this information, I used the osmosis.core.fact_liquidity_provider_actions table of those who add liquidity and its amount (which should have been divided by 10 to the power of 6).
>According to the question guide: I put the condition between block 4707300 and 4713064 along with the condition of confirming the transaction to limit my answers.
>I did the same for those who have exited liquidity.
>Then, in order to understand the names of the tokens with which they have add liquidity, I used osmosis.core.dim_labels and osmosis.core.dim_prices tables to understand both the name and the value of the stolen tokens, and I gave my answers to the main answer of Join.
- I first prepared a table that gives you all the useful information at a glance
- > osmo1hq8tlgq0kqz9e56532zghdhz7g8gtjymdltqer
- > osmo18qx59wy8s3ytax3e0akna934e86mw776vlzjtq
- > osmo10t26acjmemggsahq6uvyucm4tj3z0mhz23ljh2
- > osmo1yglld3aary7lnrrn2dz7la84kmnmen4kpsxzay
- > osmo1jdh7eeyaar0tyask0r6w2228uh5wrd0pxtcfwr
- > osmo1ux20lcw7et2j8kl8gfdep78lacew4dqqjp5dvp
- > osmo1jfxcl8ja3nnfjduqemptknz2j6nk6502zp3rte
- > osmo1tg70tuzekpd376dpqr68yx5a7r709w6x8jtxha
- > osmo1za2zsg54554pvtpvxl0nz5uztnmhfncu5vtfrv
- > osmo1qaag7emlflgyxddkf3zqhgtzyyq0d37rsvyjcz
-
The table above shows the attackers and the number of their attacks.
-
The number of times osmo1yglld3aary7lnrrn2dz7la84kmnmen4kpsxzay is attacked is cruel.
-
He makes the most money with 84 successful attacks.
- Other attacks by other attackers range from 5 to 50 times
-
The chart above shows the amount of dollars stolen by the attackers.
-
osmo1hq8tlgq0kqz9e56532zghdhz7g8gtjymdltqer address had the highest rate of theft.
-
After that, osmo18qx59wy8s3ytax3e0akna934e86mw776vlzjtq address is in the second place with $ 1.3 million theft.
-
Other attackers stole between $ 11 and $ 134,000
-
The chart above shows the dollar amount of the attackers' stolen tokens.
-
Cosmos(Atom) had the highest rate of theft.~ $1.138M
-
The network token (OSMOSIS) itself has also had a popular position among thieves after the Cosmos(Atom) token .~$863.67K
-
USDC coin also has a high number and $ 0.8 million has been stolen
- osmo1hq8tlgq0kqz9e56532zghdhz7g8gtjymdltqer address had the highest rate of theft.
- Cosmos(Atom) had the highest rate of theft.~ $1.138M
- The Osmosis team took immediate action and thus managed to lessen the impact of the exploit.
- They isolated and fixed the bug swiftly.
- Another point that is great to see is their communication with the community.
Open, frank, and looking for solutions.
- That is great to see.