Sovryn, a Bitcoin-based decentralized funding protocol, was drained of more than $1 million in funds on Tuesday via a price manipulation exploit.
The attack allowed the culprit to drain over $1 million worth of crypto from the protocol, including 44.93 RBTC and 211,045 USDT.
Sovryn’s first trick
According to Sovryn blog entry on the subject, the attacks specifically targeted the Sovryn Borrow/Lend protocol. It affected the RBTC and USDT loan pools.
RBTC and USDT are the price of crypto assets pegged to Bitcoin and US dollars, respectively. In this case, they circulate on Rootstock (RSK), a Bitcoin sidechain intended to extend the Bitcoin smart contract, dapp, and scaling capabilities. Sovryn is a Defi protocol based on RSK.
Some of the funds were apparently withdrawn via Sovryn’s AMM exchange feature, meaning the attacker ended up with several different tokens. The effort to recover funds is still ongoing.
“Due to the multi-layered security approach adopted, the developers were able to identify and recover funds when the attacker was trying to withdraw the funds,” the post says. “At this point, through a combined effort, the developers have managed to recoup about half of the holding’s value.”
Sovryn spokesperson Edan Yago said this is the first successful exploit against the protocol after two years of operation. he maintained that Sovryn is “one of the heaviest audited Defi systems”, with valuable and active bug bounties.
The exploit worked by manipulating the price of Sovryn’s iToken – interest-bearing tokens that represent a user’s share of cryptocurrency in a loan pool. The price of this token is updated each time a loan pool position is interacted with.
How the funds were drained
First, the attacker bought WRBTC (wrapped RBTC) via a flash exchange on RskSwap. He then borrowed additional WRBTC from Sovryn’s loan agreement using his own XUSD (another stablecoin) as collateral.
“The attacker then provided liquidity to the RBTC loan contract, closed his loan with a swap using his XUSD collateral, redeemed (burned) his iRBTC token, and returned the WRBTC to RskSwap to complete the exchange flash,” the post continued.
The whole process manipulated the price of the iToken so that the attacker could withdraw much more RBTC from the loan pool than was first deposited.
Sovryn clarified that user funds have not been affected by the hack. Any value missing from the loan funds will be re-injected by the Treasury, Sovryn’s treasury.
Binance Free $100 (Exclusive): Use this link to sign up and get $100 free and 10% off fees on Binance Futures in your first month (terms).
PrimeXBT Special Offer – Use this link to sign up and enter code POTATO50 to receive up to $7,000 in your deposits.
