Decentralized finance (DeFi) protocol Gamma Strategies has fallen victim to an exploit resulting in the loss of approximately $3.4 million, according to security analysts.
Decentralized finance (DeFi) protocol Gamma Strategies has fallen victim to an exploit resulting in the loss of approximately $3.4 million, according to security analysts. The incident occurred due to a critical vulnerability in the protocol's "accounting mechanism," allowing the attacker to withdraw an excessive amount of tokens. Security firms PeckShield confirmed the incident and estimated the losses at $3.4 million, with the attacker stealing over 1500 ETH.
The team has identified the root cause of the exploit, stating that the “price change threshold [...]was placed too high allowing for up to 50-200% price change on certain LST and stablecoin vaults.” Gamma Strategies is currently reaching out to the exploiter.
Gamma Strategies has taken swift action to prevent further losses by disabling deposits to all public DeFi vaults while ensuring that withdrawals remain active for users who need to access their funds. Gamma Strategies said in a post on X:
"Our vaults will continue to be managed normally for now, but deposits are currently shut down until we identify and mitigate the problem."
BlockSec founder Yajin Zhou explained that the root cause of the exploit was an inconsistency between the accounting mechanisms for depositing and withdrawing used by Gamma Strategies. This discrepancy allowed the attacker to exploit the protocol and withdraw more tokens than they were entitled to.
Gamma Strategies is a decentralized asset management protocol built on Ethereum and other blockchains. It allows users to deposit funds into pools called "hypervisors" and earn a return on their investment through active liquidity management and market-making strategies.
Let us know what you loved about this article, what could be improved, or share any other feedback by filling out this short form.
This article contains links to third-party websites or other content for information purposes only (“Third-Party Sites”). The Third-Party Sites are not under the control of CoinMarketCap, and CoinMarketCap is not responsible for the content of any Third-Party Site, including without limitation any link contained in a Third-Party Site, or any changes or updates to a Third-Party Site. CoinMarketCap is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement, approval or recommendation by CoinMarketCap of the site or any association with its operators.
This article is intended to be used and must be used for informational purposes only. It is important to do your own research and analysis before making any material decisions related to any of the products or services described. This article is not intended as, and shall not be construed as, financial advice.
The views and opinions expressed in this article are the author’s [company’s] own and do not necessarily reflect those of CoinMarketCap.
