DeFi Protocol Gamma Strategies Suffers $3.4 Million Attack

Gamma Strategies has initiated negotiations to recover millions of funds lost following an attack on its vaults.

Hacker in a digital space playing with a crypto coin.
Created by Kornelija Poderskytė from DailyCoin
  • DeFi protocol Gamma Strategies has been exploited.
  • Millions of dollars are feared to be lost.
  • The protocol has initiated negotiations to recover the funds.

Decentralized finance (DeFi) protocol Gamma Strategies is counting millions of dollars in losses following an attack on its vaults.

On January 4, blockchain security firm PeckShield issued an alert on X (Twitter), noting that it had detected a 211.9 ETH exploit on the Algebra Dex Engine. Dismissing the report, the Algebra Dex team clarified that the attack was on vaults linked to Gama Strategies.

Gamma Strategies Addresses $3.4 Million Exploit

Hours after acknowledging that it was “monitoring and reacting to a possible security incident,” Gamma Strategies issued a report detailing how its public vaults/hypervisors were exploited, causing a suspension of deposits.

Per the report, the issue stems from a miscalculated price change threshold.

“It was placed too high allowing for up 50-200% price change on certain LST and stablecoin vaults. This allowed the attacker to manipulate the price up to the price change threshold and mint a disproportionately high number of LP tokens,” Gamma Strategies wrote.

While the protocol did not clarify how much was lost in the attack, PeckShield’s latest alert indicated the attacker’s address had transferred ETH worth about $2.2 million to Tornado Cash. The firm estimated Gamma Strategies’ loss to be $3.4 million following the attack.

Transaction trail of the attacker's address.
Transaction trail of the attacker’s address: PeckShield.

Noting that it would release a detailed post-mortem analysis and proposed remediation plan “over the coming days,” Gamma Strategies vowed to “maximize recovery for all affected users” and mitigate the risk in the future. True to this, the protocol has initiated negotiations with the attacker to recover the funds.

Negotiations for Bug Bounty and Funds Recovery  

In a Twitter (X) update, Gamma confirmed that it had attempted to contact the exploiter via Etherscan and Arbiscan to negotiate the return of funds.

“Hello. We are reaching out to you from Gamma. We noticed that you found a bug, and we want to thank you for discovering it. We hope you did so as a whitehat or grayhat. We want to open up communications regarding bug bounty,” the message read.

The attacker had not responded to the message at press time.

Read about dYdX’s post-mortem report on its $9M exploit:
dYdX Identifies Hacker in $9M SUSHI and YFI Incident

Stay updated on how the Orbit cross-chain bride was recently exploited:
Orbit Cross-Chain Bridge Hit for $82 Million

This article is for information purposes only and should not be considered trading or investment advice. Nothing herein shall be construed as financial, legal, or tax advice. Trading forex, cryptocurrencies, and CFDs pose a considerable risk of loss.

Author
Brian Danga

Brian Danga, a Kenyan crypto reporter, is dedicated to delivering breaking news and updates from the cryptocurrency world. With a background as a Web3 writer and project manager, he recognizes the importance of unbiased reporting. Holding an LLB degree from the University of Nairobi, Brian's analytical skills contribute to his accurate news reporting. His personal interests include cooking, watching documentaries, reading, and engaging in intellectual discussions.