Sovryn (SOV), a project that aims to bring decentralized finance (DeFi) to the Bitcoin network, suffered a major exploit on October 5th, with a hacker stealing at least $1.1 million from the protocol.
Sovryn Suffers $1.1 Million Exploit
The Bitcoin-based DeFi protocol announced via a blog post that the project had lost $1.1 million in crypto (including 44.93 RBTC and 211,045 USDT) to an exploiter who took advantage of a legacy function of the project.
The Sovryn protocol is built on the Rootstock (RSK) blockchain. The attacker first bought wrapped RBTC (WRBTC) and then borrowed more WRBTC from Sovryn’s lending contract using his own XUSD (another stablecoin) as collateral.
Sovryn wrote that “the attacker then provided liquidity to the RBTC lending contract, closed their loan with a swap using their XUSD collateral, redeemed (burned) their iRBTC token, and sent the WRBTC back to RskSwap to complete the flash swap.”
Using this process, the attacker was able to manipulate the iRBTC price such that he could withdraw far more RBTC from the lending pool than was first deposited.
Half of the Funds Recovered
In an update, Sovryn announced that developers have been able to identify and recover at least half of the funds. They did so as the attacker attempted to withdraw the funds stolen from the exploit.
On the Flipside
- Sovryn clarified that user funds have not been affected by the hack and they are working to recover the entire funds stolen during the exploit.
Why You Should Care
This is the first successful exploit of Sovryn after more than two years of operation, and the project is actively working to limit the damages.
Learn how Bitcoin solves DeFi problems in:
DeFiChain: Staying in the Bitcoin Ecosystem Can Solve DeFi Problems
Read Solana’s approach to DeFi in:
Solana Prepares for Next DeFi Wave with Concentrated Liquidity Management