Assets Removed from Osmosis

What was the total dollar amount of assets that was improperly removed from pools due to the bug, and what is the list of addresses that had joined a pool since the upgrade? What is the dollar value deposited of those addresses joining pools? What is the cumulative value of funds that joined and exited?

Introduction

What is Osmosis?

Osmosis is a decentralized peer-to-peer blockchain that people can use to create liquidity and trade IBC enabled tokens. The Osmosis blockchain is made up of free, public, and open-source software.

What was the recent bug in Osmosis

On June 8th, a critical bug was found on Osmosis that led to the theft of several million dollars from liquidity pools. The bug gave liquidity providers double the amount of tokens they deposited when leaving the pool.

Methodology

We will look at the addresses what thave eploted the pools and how much the manged to take from the pools.
We are looking get a list of addresses that were explicitly exploiting the bug by doing multiple join/exits. aditionally we are looking to see what assets were stolen.

Osmosis exploit Metrics

Observation

The 4 addresses above were responsible for the attack and took Assets worth over 6 Million OSMO. Given that OSMO is worth about $1.14 nearly $7 million worth of tokens were stolen.
98% of the assets that were stolen were taken by 2 addresses.

Conclusion

There were 9 Osmosis pools exploited with most of the funds been took out of 4 of the pools.
Because all of the pools at 50%/50% Osmo and other token, half of the stolen tokens were OSMO.
ATOM and USDC were two assets that had the most volume drained.

flipside