- Hackers exploited a Polygon lending protocol, 0VIX, to the tune of $2 million.
- The attackers manipulated the price oracle and liquidated the lending pools.
- Price oracle manipulation hacks are common in DeFi sector and considered severe attacks.
Exploit of 0VIX Protocol
The vGHST token was targeted by hackers in an attack on the Polygon and Polygon zkEVM lending markets. The 0VIX crew put these markets on hold while they investigated the situation. It is reported that the hackers managed to exploit 0VIX to steal $2 million worth of various stablecoins, such as Ethereum and MATIC. Aavegotchi’s staked vGHST token could also be used as collateral thanks to this protocol.
Price Oracle Manipulation
Security firm PeckShield reported that $6.12 million in stablecoins were borrowed through a “flash loan” in order to manipulate the vGHST lending pool on 0VIX. By doing so, the value of GHST increased by 24.7% from $1.13 to $1.41 within 30 minutes according to CoinGecko data. This sudden increase made the vGHST pool bankrupt and allowed the attacker to liquidate it with their stolen collateral. Price oracle manipulation hacks are often employed in DeFi protocols, allowing hackers to inflate prices of tokens with low liquidity before converting them into more valuable assets with steady values through selling them off again later on.
Stargate Finance Involvement
According to independent security researcher Officer’s Notes, $1.4 million USDC and $600,000 USDT had already been moved using Stargate Finance bridge protocol prior to this incident occurring. This bridging protocol helps users move assets around between different blockchains quickly and easily.
Price oracle manipulation hacks have become increasingly common within DeFi protocols due their effectiveness at stealing large amounts of funds quickly and easily with minimal effort required from attackers themselves for executing them successfully.. As such, it is important for developers creating DeFi protocols today ensure they take all necessary security measures when designing their systems in order to protect users‘ funds from these kinds of attacks in future going forward