Lodestar Finance, a lending platform on Arbitrum, experienced an attack with $6.5 million in losses

By Selena 12/12/22 12:43 PM

Lodestar Finance, a lending platform on the layer-2 Arbitrum solution, experienced a security incident with $6.5 million in losses.

Lodestar Finance of Arbitrum system suffers from flash loan attack

According to the December 11 announcement, the attacker manipulated the price of plvGLP tokens, then used them as collateral to borrow all assets, draining liquidity on the platform.

1. An attacker manipulated the exchange rate of the plvGLP contract to 1.83 GLP per plvGLP, an exploit that by itself would be unprofitable.
2. They supplied plvGLP collateral to lodestar and borrowed all available liquidity.

— Lodestar Finance (💙,🧡) (@LodestarFinance) December 10, 2022

Lodestar Finance explains the hacker pushed the plvGLP: GLP conversion rate up to 1:1.83. Next, this person deposits plvGLP into Lodestar as a mortgage to borrow all of the above assets.

Initially, the attacker may have made $5.8 million. But later, Lodestar said about 2.8 million GLP – worth $2.4 million at the time, had been restored and would be returned to affected users. The project is trying to negotiate with the hacker via DeBank over a bug bounty offer.

If you are the hacker, reach out to us so we can find a white-hat agreement and move on.

Recovering the funds of our users is the main priority and we will generously reward your collaboration.#Hack #whitehat #Arbitrum $LODE #Exploit #DEFI https://t.co/SWlCr3KMib

— Lodestar Finance (💙,🧡) (@LodestarFinance) December 10, 2022

The above security incident is similar to the situation of Mango Markets in October, crooks also broke into the project to withdraw money from the project by manipulating the price, causing damage up to $114 million.

Read more:

Join us on Telegram