{"id":14000,"date":"2024-06-03T10:42:21","date_gmt":"2024-06-03T07:42:21","guid":{"rendered":"https:\/\/forklog.com\/en\/velocore-dex-suffers-6-8-million-loss-in-exploit\/"},"modified":"2024-06-03T10:42:21","modified_gmt":"2024-06-03T07:42:21","slug":"velocore-dex-suffers-6-8-million-loss-in-exploit","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/velocore-dex-suffers-6-8-million-loss-in-exploit\/","title":{"rendered":"Velocore DEX Suffers $6.8 Million Loss in Exploit"},"content":{"rendered":"<p>The decentralized exchange Velocore has fallen victim to an attack, with a hacker extracting approximately $6.8 million in Ethereum (ETH) from pools in the L2 networks Linea and zkSyncEra.<\/p>\n<blockquote class=\"twitter-tweet\" data-lang=\"en\">\n<p lang=\"en\" dir=\"ltr\">Post-mortem on the exploit of Velocore<\/p>\n<p>This incident is unlikely to extend to other protocols, so other users of <a href=\"https:\/\/twitter.com\/LineaBuild?ref_src=twsrc%5Etfw\">@LineaBuild<\/a> and <a href=\"https:\/\/twitter.com\/zksync?ref_src=twsrc%5Etfw\">@zksync<\/a> can rest assured.<\/p>\n<p>We apologize to all affected partners and users and are working diligently with various security partners to resolve the\u2026 <a href=\"https:\/\/t.co\/rfeqIwmMJX\">pic.twitter.com\/rfeqIwmMJX<\/a><\/p>\n<p>\u2014 Velocore | veDEX on zkSync Era \/ Linea \u25aa\ufe0f (@velocorexyz) <a href=\"https:\/\/twitter.com\/velocorexyz\/status\/1797229772399067587?ref_src=twsrc%5Etfw\">June 2, 2024<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>The Linea team decided to halt the sequencer to prevent further loss of Velocore users&#8217; funds.<\/p>\n<p>The hacker managed to transfer 700 ETH (~$2.6 million) through a bridge from the ConsenSys-launched blockchain. Developers stopped block production for about an hour, &#8220;censored&#8221; the attacker&#8217;s addresses, and reached out to <span data-descr=\"centralized exchanges\" class=\"old_tooltip\">CEX<\/span> to block the stolen assets.<\/p>\n<blockquote class=\"twitter-tweet\" data-conversation=\"none\" data-lang=\"en\">\n<p lang=\"en\" dir=\"ltr\"><a href=\"https:\/\/twitter.com\/hexagate_?ref_src=twsrc%5Etfw\">@hexagate_<\/a> alerted us about the ongoing exploit, helped trace stolen user funds, exploiter addresses and vulnerable contracts. 700ETH moved off Linea via a 3rd party bridge. It was the middle of the night, Velocore was still vulnerable and we could not get ahold of their team.<\/p>\n<p>\u2014 Linea (@LineaBuild) <a href=\"https:\/\/twitter.com\/LineaBuild\/status\/1797283425528999977?ref_src=twsrc%5Etfw\">June 2, 2024<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>&#8220;Velocore was still vulnerable, and we could not contact their team,&#8221; they explained their motives.<\/p>\n<\/blockquote>\n<p>However, the community <a href=\"https:\/\/x.com\/JackNorris\/status\/1797331192963907954\">considered<\/a> their actions of halting the blockchain contrary to the spirit of cryptocurrency.<\/p>\n<blockquote class=\"twitter-tweet\" data-lang=\"en\">\n<p lang=\"en\" dir=\"ltr\">Decentralizing the sequencer isn\u2019t optional. Every serious L2 stack must race to do first. <a href=\"https:\/\/t.co\/Y9szRm0j0O\">https:\/\/t.co\/Y9szRm0j0O<\/a><\/p>\n<p>\u2014 Alex G. (\u220e, \u2206) (@gluk64) <a href=\"https:\/\/twitter.com\/gluk64\/status\/1797298833824624864?ref_src=twsrc%5Etfw\">June 2, 2024<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>&#8220;Decentralizing the sequencer is not optional. Every serious L2 stack must race to do this first,&#8221; wrote Alex Glukhovsky, co-founder of Matter Labs, the company behind zkSync.<\/p>\n<\/blockquote>\n<p>Declan Fox, head of product at Linea, responded. He agreed that decentralization is not optional. However, the ConsenSys specialist believes the protocol is &#8220;on the right path.&#8221;<\/p>\n<blockquote class=\"twitter-tweet\" data-conversation=\"none\" data-lang=\"en\">\n<p lang=\"en\" dir=\"ltr\">Agree that decentralization is not an option. Linea is on a solid path to decentralising all aspects of the network in a very aggressive time window. Given that many Rollup frameworks more than 2 years older than us are no further ahead, I\u2019m pretty delighted with our pace. <\/p>\n<p>But\u2026<\/p>\n<p>\u2014 Declan Fox (@DeclanFox14) <a href=\"https:\/\/twitter.com\/DeclanFox14\/status\/1797302358323474585?ref_src=twsrc%5Etfw\">June 2, 2024<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>&#8220;Given that many Rollup frameworks more than two years older than us are no further ahead, I\u2019m very pleased with our pace,&#8221; Fox stated.<\/p>\n<\/blockquote>\n<p>In April, crypto projects lost approximately <a href=\"https:\/\/forklog.com\/en\/news\/certik-reports-record-low-cryptocurrency-losses-in-april\">$25.7 million<\/a> due to hacks and frauds. This was the lowest monthly total since 2021, noted CertiK.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The decentralized exchange Velocore has fallen victim to an attack, with a hacker extracting approximately $6.8 million in Ethereum (ETH) from pools in the L2 networks Linea and zkSyncEra. Post-mortem on the exploit of Velocore This incident is unlikely to extend to other protocols, so other users of @LineaBuild and @zksync can rest assured. We [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":13999,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"","news_style_id":"","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[44,787,1574],"class_list":["post-14000","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-cybercrime","tag-dex","tag-linea"],"aioseo_notices":[],"amp_enabled":true,"views":"29","promo_type":"","layout_type":"","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/14000","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=14000"}],"version-history":[{"count":0,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/14000\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/13999"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=14000"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=14000"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=14000"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}