{"id":78037,"date":"2023-04-28T17:37:33","date_gmt":"2023-04-28T14:37:33","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=78037"},"modified":"2025-09-11T02:37:19","modified_gmt":"2025-09-10T23:37:19","slug":"defi-protocol-0vix-hacked-for-2-million","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/defi-protocol-0vix-hacked-for-2-million\/","title":{"rendered":"DeFi protocol 0VIX hacked for $2 million"},"content":{"rendered":"<p>The attacker siphoned digital assets from the DeFi protocol 0VIX worth more than $2 million, reportedly in an attack using <a href=\"https:\/\/forklog.com\/en\/news\/what-are-flash-loans\">flash loan<\/a>.<\/p>\n<blockquote class=\"twitter-tweet\" data-lang=\"en\">\n<p lang=\"en\" dir=\"ltr\"><a href=\"https:\/\/twitter.com\/hashtag\/CertiKSkynetAlert?src=hash&#038;ref_src=twsrc%5Etfw\">#CertiKSkynetAlert<\/a> ?<\/p>\n<p>We are currently investigating a <a href=\"https:\/\/twitter.com\/hashtag\/flashloan?src=hash&#038;ref_src=twsrc%5Etfw\">#flashloan<\/a> exploit on 0VIX.<\/p>\n<p>It appears an attacker exploited the protocol via flash loan for ~$2million.<\/p>\n<p>More details to follow <a href=\"https:\/\/t.co\/XVgb6EZ5oB\">pic.twitter.com\/XVgb6EZ5oB<\/a><\/p>\n<p>\u2014 CertiK Alert (@CertiKAlert) <a href=\"https:\/\/twitter.com\/CertiKAlert\/status\/1651913272973459457?ref_src=twsrc%5Etfw\">April 28, 2023<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>According to on-chain data, the hacker&#8217;s haul consisted of:<\/p>\n<ul class=\"wp-block-list\">\n<li>~1.45 million <a href=\"https:\/\/forklog.com\/en\/news\/what-is-the-usdc-stablecoin\">USD Coin (USDC)<\/a>;<\/li>\n<li>~0.58 million <a href=\"https:\/\/forklog.com\/en\/news\/what-is-tether-usdt\">Tether (USDT)<\/a>;<\/li>\n<li>~9,566 tokens Aavegotchi (GHST).<\/li>\n<\/ul>\n<p>An unknown <a href=\"https:\/\/etherscan.io\/tx\/0x173ce3bb8ee1f400cb3914ae17e2f5d482e4a9305b83657bb58a1b500131eb9c\">transferred<\/a> assets from the Polygon network to Ethereum via <a href=\"https:\/\/forklog.com\/en\/news\/stargate-cross-chain-bridge-liquidity-tops-2-billion-within-a-week-of-launch\">the cross-chain bridge Stargate Finance<\/a> and converted them to ETH.<\/p>\n<p>The 0VIX team, with few details, confirmed the incident and paused markets on <a href=\"https:\/\/forklog.com\/en\/news\/developers-launch-a-bridge-between-polygon-and-zkevm\">Polygon and zkEVM<\/a>. The latter were not affected by the attack, and the move was a precaution.<\/p>\n<blockquote class=\"twitter-tweet\" data-lang=\"en\">\n<p lang=\"en\" dir=\"ltr\">0VIX is working with its security partners to look into the current situation that seems to be related to vGHST.<\/p>\n<p>As a result, POS and zkEVM markets have been paused this includes pausing oToken transfers, minting, and liquidations.<\/p>\n<p>Only POS has been currently affected but zkEVM\u2026<\/p>\n<p>\u2014 0VIX | live on zkEVM (@0vixProtocol) <a href=\"https:\/\/twitter.com\/0vixProtocol\/status\/1651917875672670209?ref_src=twsrc%5Etfw\">April 28, 2023<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>According to the developers, the attack vector is linked to GHST.<\/p>\n<blockquote class=\"twitter-tweet\" data-conversation=\"none\" data-lang=\"en\">\n<p lang=\"en\" dir=\"ltr\">? The root cause of the exploit is the vulnerable <a href=\"https:\/\/twitter.com\/search?q=%24vGHST&#038;src=ctag&#038;ref_src=twsrc%5Etfw\">$vGHST<\/a> Oracle, which allowed the attacker to manipulate the price<\/p>\n<p>\u2014 Hacken?? (@hackenclub) <a href=\"https:\/\/twitter.com\/hackenclub\/status\/1651942931995979777?ref_src=twsrc%5Etfw\">April 28, 2023<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u00abThe main cause of the exploit was the vulnerable GHST oracle, which allowed the attacker to manipulate the price\u00bb, Hacken experts confirmed in their findings.<\/p>\n<\/blockquote>\n<p>In the wake of the attack the value of assets blocked in 0VIX plummeted from $6.42 million to $1.78 million, according to <a href=\"https:\/\/defillama.com\/protocol\/0vix\">DeFi Llama<\/a>.<\/p>\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"391\" src=\"https:\/\/forklog.com\/wp-content\/uploads\/image-242-1024x391.png\" alt=\"image-242\" class=\"wp-image-205698\" srcset=\"https:\/\/forklog.com\/wp-content\/uploads\/image-242-1024x391.png 1024w, https:\/\/forklog.com\/wp-content\/uploads\/image-242-300x115.png 300w, https:\/\/forklog.com\/wp-content\/uploads\/image-242-768x293.png 768w, https:\/\/forklog.com\/wp-content\/uploads\/image-242.png 1388w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><figcaption>Data: DeFi Llama.<\/figcaption><\/figure>\n<p>Back in April, the Merlin decentralised exchange on zkSync lost <a href=\"https:\/\/forklog.com\/en\/news\/merlin-on-zksync-era-hacked-for-1-82-million-after-certik-audit\">about $2 million<\/a> in an attack. The project team said the incident was not caused by an exploit but by <a href=\"https:\/\/forklog.com\/en\/news\/merlin-dex-and-certik-pledge-2m-restitution-to-victims-of-the-hack\">fraudulent actions<\/a> by a group of technical specialists.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The attacker siphoned digital assets from the 0VIX DeFi protocol worth more than $2 million, reportedly as a result of a flash loan attack.<\/p>\n","protected":false},"author":1,"featured_media":78038,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1154,1093],"class_list":["post-78037","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-crimes","tag-defi"],"aioseo_notices":[],"amp_enabled":true,"views":"15","promo_type":"1","layout_type":"1","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/78037","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=78037"}],"version-history":[{"count":1,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/78037\/revisions"}],"predecessor-version":[{"id":78039,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/78037\/revisions\/78039"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/78038"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=78037"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=78037"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=78037"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}