DEX Level Finance Loses Over $1 Million in Security Breach
Decentralized finance (DeFi) platform Level Finance has fallen victim to a security breach, allowing an attacker to steal over $1 million worth of the exchange’s native LVL token. According to reports, the breach was due to a vulnerability in the “LevelReferralControllerV2” smart contract, which allowed for “repeated referral claims” from the same epoch.
An exploit targeted our Referral Controller Contract.
– 214k LVL tokens drained to exploiters address.
– Attacker swapped LVL to 3,345 BNB
– Exploit was isolated from other contracts.
– Fix to be deployed in 12 Hrs.
– LP’s and DAO treasury UNAFFECTED.More details to follow.
— LEVEL Finance #RealYield (@Level__Finance) May 1, 2023
The breach was discovered after Level Finance noticed a large transfer of 214k LVL tokens, worth around $1 million, to an unknown address. The attacker then swapped the tokens for 3,345 Binance Coin (BNB) before the breach was detected. Level Finance assured users that the breach was isolated from other contracts, and its liquidity pools and related DAOs remained unaffected.
The breach was confirmed by blockchain security firm Peckshield, which found that the contract contained a bug that allowed for the repeated referral claims. Level Finance said that it would deploy a new implementation of the referral contract within the next 12 hours to fix the issue.
It seems the @Level__Finance‘s LevelReferralControllerV2 contract has a bug that allows for repeated referral claims from the same epoch. So far 214k LVLs have been drained and swapped into 3,345 BNB (~1M)
Here is an example hack tx: https://t.co/isqHhzFk1Z https://t.co/ikOWx2ezf6 pic.twitter.com/wlr5bFFf0R
— PeckShield Inc. (@peckshield) May 1, 2023
The breach is the latest in a series of DeFi hacks and attacks that have targeted decentralized exchanges and other DeFi platforms in recent months. The increasing popularity and adoption of DeFi have made it a prime target for hackers, who have been exploiting vulnerabilities in smart contracts and other areas to steal funds from users.
As the DeFi ecosystem continues to grow, it is essential for platforms and developers to prioritize security measures and implement thorough audits to prevent similar attacks from happening in the future. Users are also advised to exercise caution when using DeFi platforms and to take necessary precautions such as using multi-factor authentication and keeping their private keys secure.
In conclusion, the security breach at Level Finance highlights the need for increased security measures and caution in the DeFi ecosystem. The swift response by Level Finance to isolate the breach and deploy a fix is commendable, and it remains to be seen how the incident will impact user confidence in the platform and the wider DeFi space.
Read more:
- Hacker Had Drained All Liquidity Pools From Terraport Finance, Causing Losses Of $2 Million
- Flash Loan Attack On 0VIX Lending Platform Results In $2 Million Loss