The decentralized exchange Velocore has fallen victim to an attack, with a hacker extracting approximately $6.8 million in Ethereum (ETH) from pools in the L2 networks Linea and zkSyncEra.
Post-mortem on the exploit of Velocore
This incident is unlikely to extend to other protocols, so other users of @LineaBuild and @zksync can rest assured.
We apologize to all affected partners and users and are working diligently with various security partners to resolve the… pic.twitter.com/rfeqIwmMJX
— Velocore | veDEX on zkSync Era / Linea ▪️ (@velocorexyz) June 2, 2024
The Linea team decided to halt the sequencer to prevent further loss of Velocore users’ funds.
The hacker managed to transfer 700 ETH (~$2.6 million) through a bridge from the ConsenSys-launched blockchain. Developers stopped block production for about an hour, “censored” the attacker’s addresses, and reached out to CEX to block the stolen assets.
@hexagate_ alerted us about the ongoing exploit, helped trace stolen user funds, exploiter addresses and vulnerable contracts. 700ETH moved off Linea via a 3rd party bridge. It was the middle of the night, Velocore was still vulnerable and we could not get ahold of their team.
— Linea (@LineaBuild) June 2, 2024
“Velocore was still vulnerable, and we could not contact their team,” they explained their motives.
However, the community considered their actions of halting the blockchain contrary to the spirit of cryptocurrency.
Decentralizing the sequencer isn’t optional. Every serious L2 stack must race to do first. https://t.co/Y9szRm0j0O
— Alex G. (∎, ∆) (@gluk64) June 2, 2024
“Decentralizing the sequencer is not optional. Every serious L2 stack must race to do this first,” wrote Alex Glukhovsky, co-founder of Matter Labs, the company behind zkSync.
Declan Fox, head of product at Linea, responded. He agreed that decentralization is not optional. However, the ConsenSys specialist believes the protocol is “on the right path.”
Agree that decentralization is not an option. Linea is on a solid path to decentralising all aspects of the network in a very aggressive time window. Given that many Rollup frameworks more than 2 years older than us are no further ahead, I’m pretty delighted with our pace.
But…
— Declan Fox (@DeclanFox14) June 2, 2024
“Given that many Rollup frameworks more than two years older than us are no further ahead, I’m very pleased with our pace,” Fox stated.
In April, crypto projects lost approximately $25.7 million due to hacks and frauds. This was the lowest monthly total since 2021, noted CertiK.