- DeFi protocol Gamma Strategies has been exploited.
- Millions of dollars are feared to be lost.
- The protocol has initiated negotiations to recover the funds.
Decentralized finance (DeFi) protocol Gamma Strategies is counting millions of dollars in losses following an attack on its vaults.
On January 4, blockchain security firm PeckShield issued an alert on X (Twitter), noting that it had detected a 211.9 ETH exploit on the Algebra Dex Engine. Dismissing the report, the Algebra Dex team clarified that the attack was on vaults linked to Gama Strategies.
Gamma Strategies Addresses $3.4 Million Exploit
Hours after acknowledging that it was “monitoring and reacting to a possible security incident,” Gamma Strategies issued a report detailing how its public vaults/hypervisors were exploited, causing a suspension of deposits.
Per the report, the issue stems from a miscalculated price change threshold.
“It was placed too high allowing for up 50-200% price change on certain LST and stablecoin vaults. This allowed the attacker to manipulate the price up to the price change threshold and mint a disproportionately high number of LP tokens,” Gamma Strategies wrote.
While the protocol did not clarify how much was lost in the attack, PeckShield’s latest alert indicated the attacker’s address had transferred ETH worth about $2.2 million to Tornado Cash. The firm estimated Gamma Strategies’ loss to be $3.4 million following the attack.
Noting that it would release a detailed post-mortem analysis and proposed remediation plan “over the coming days,” Gamma Strategies vowed to “maximize recovery for all affected users” and mitigate the risk in the future. True to this, the protocol has initiated negotiations with the attacker to recover the funds.
Negotiations for Bug Bounty and Funds Recovery
In a Twitter (X) update, Gamma confirmed that it had attempted to contact the exploiter via Etherscan and Arbiscan to negotiate the return of funds.
“Hello. We are reaching out to you from Gamma. We noticed that you found a bug, and we want to thank you for discovering it. We hope you did so as a whitehat or grayhat. We want to open up communications regarding bug bounty,” the message read.
The attacker had not responded to the message at press time.
Read about dYdX’s post-mortem report on its $9M exploit:
dYdX Identifies Hacker in $9M SUSHI and YFI Incident
Stay updated on how the Orbit cross-chain bride was recently exploited:
Orbit Cross-Chain Bridge Hit for $82 Million