Sovryn DeFi Protocol Loses $1M to its First Hack

In Sovryn’s first successful malicious hack, $ 1 million was siphoned from its accounts in funds on Tuesday.
Sovryn clarified that users’ funds remain untouched and in case of any missing value, the Sovryn treasury will reinject.

The peculiar event took place on Tuesday, one of the most heavily audited Defi systems, fell victim to its first successful hack. With a clear vision of intentions, the crypto pirate specifically targeted the legacy Sovryn Borrow/Lend protocol that was tied to the RBTC and USDT lending pools. $44.93 RBTC and $211,045 USDT were withdrawn respectively.

Sovryn lost $1 million to the triumphant price exploitation attack. The exploiter used the project’s legacy lend and borrow functionality to balefully withdraw.

According to the DeFi protocol, the multi-layered security approach taken by their pioneers allowed them to identify and recover funds as the attacker was attempting to withdraw the funds.

They have also announced that the project’s treasury committee, would “reinject” the remaining stolen funds. At this point, through a combined effort, devs have managed to recover about half the value of the exploit

While this may look like an accomplished fact, that’s not really the case. Decentralized financial networks are all the rage now on the internet. You’ve probably seen so many Twitter posts talking about how this cryptocurrency or that Defi will become the next big thing.

Due to the multi-layered security approach taken, devs were able to identify and recover funds as the attacker was attempting to withdraw the funds,” reads the post. At this point, through a combined effort, devs have managed to recover about half the value of the exploit.

Official Edan Yago says.

For those not in the know, this is a simple explanation of how the crypto pirate secured his bag. The hacker purchased WRBTC (wrapped RBTC) using a flash swap in RskSwap. Then, infracted additional WRBTC from Sovryn’s lending contract using his own XUSD (another stablecoin) as collateral.

More than $1.1 million stolen from Sovryn defi protocol

October 4, 2022https://t.co/VPcHd6I1O1 pic.twitter.com/mphpYzLfiq

— web3 is going just great (@web3isgreat) October 6, 2022

Some of the funds were withdrawn using Sovryn’s AMM swap function, in interpretation, the attacker ended up with several different tokens. The effort to recover funds is still ongoing according to a Sovyn official Edan Yago.

The cyberpunk went ahead and provided liquidity to the RBTC lending contract, terminated their loan with a swap using their XUSD collateral, salvaged (burned) their iRBTC token, and shipped the WRBTC back to RskSwap to wrap up the flash swap.