On Wednesday, 8 June, the Osmosis Cosmos ecosystem blockchain platform halted block production due to a vulnerability that could have drained the liquidity pools of the Osmosis DEX.
Liquidity pools were NOT «completely drained».
Devs are fixing the bug, scoping the size of losses (likely in the range of ~$5M), and working on recovery.
More info to come. https://t.co/WOu7MMgSUM
— Osmosis 🧪 (@osmosiszone) June 8, 2022
Liquidity pools were not ‘completely drained’. The developers are fixing the bug, assessing losses (likely around $5 million) and working on restoring the network, the project team said.
As of writing, the platform had not processed transactions for more than four hours. The network остановлена at block height #4 713 064.
Reddit users were the first to notice the exploit. One noted that the vulnerability allows adding liquidity to a pool and obtaining 50% more than the deposited amount when it is removed.
It started with https://t.co/rifoL5mwMW claiming there is a serious exploit where anyone can add liquidity to any pool and gain an extra 50% when they remove it.
At first no one believed for a moment that it was true, until they tried it.
This is one heroic bug report. pic.twitter.com/OF346gMCzd
— Junønaut (@TheJunonaut) June 8, 2022
One address repeatedly exploited the vulnerability for more than 30 minutes. As a result, an ecosystem participant withdrew over 75 000 ATOM (~$659 000) from Cosmos.
Validators began reporting issues after the Osmosis v9 update, which was activated on 7 June. The update focuses on implementing a module enabling blockchain-platform projects to use the CosmWasm service for token issuance.
On Discord, validators started reporting issues after the v9 Nitrogen upgrade and an emergency halt has been announced to save the remaining liquidity on the DEX. pic.twitter.com/uB0RcFZqdC
— Junønaut (@TheJunonaut) June 8, 2022
Earlier, in January 2022, the price of the native Osmosis token surpassed $10.