{"id":88810,"date":"2023-12-28T15:41:11","date_gmt":"2023-12-28T13:41:11","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=88810"},"modified":"2025-09-13T20:19:15","modified_gmt":"2025-09-13T17:19:15","slug":"hacker-drains-1-1-million-from-levana-protocol-liquidity-pools","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/hacker-drains-1-1-million-from-levana-protocol-liquidity-pools\/","title":{"rendered":"Hacker drains $1.1 million from Levana Protocol liquidity pools"},"content":{"rendered":"<p>Levana&#8217;s perpetual-swap platform on the Osmosis blockchain was hit by an attack, resulting in attackers draining <a href=\"https:\/\/forklog.com\/en\/news\/what-are-liquidity-pools-and-how-do-they-work\">liquidity pools<\/a> crypto assets worth $1.1 million.<\/p>\n<p><!--more--><\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">Important Update on Levana&#8217;s Security Situation!<\/p>\n<p>There was an oracle attack on Levana impacting ~10% of the LP. The issue has been fixed and opening positions will relaunch next week. Trader profits, closing positions, withdraws and trigger orders are working as expected.<\/p>\n<p>\u2014 Levana Protocol (@Levana_protocol) <a href=\"https:\/\/twitter.com\/Levana_protocol\/status\/1740071199483543819?ref_src=twsrc%5Etfw\">December 27, 2023<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>From December 13 to 26, attackers seized 10% of the DeFi protocol&#8217;s liquidity, exploiting network congestion that hindered traders&#8217; ability to interact with the markets. The situation was exacerbated by an integration bug with <a href=\"https:\/\/forklog.com\/en\/news\/what-is-a-blockchain-oracle\">price oracle<\/a> Pyth, which allowed attackers to manipulate prices and drain the pools.<\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p>\n<cite>\u00abA bug in the Osmosis market-fee code meant that during congestion the gas price provided was largely insufficient to complete trades or perform bot maintenance activities\u00bb, \u2014 <a href=\"https:\/\/blog.levana.finance\/levana-exploit-postmortem-df89a72cc92b\">\u043f\u043e\u044f\u0441\u043d\u0438\u043b\u0438<\/a> Levana&#8217;s developers.<\/cite><\/p><\/blockquote>\n<p>According to them, there are no vulnerabilities in the Pyth price oracle itself \u2014 it behaved exactly as expected.<\/p>\n<p>The developers added that current trading positions were not affected, despite the exploit. However, opening new trades, as well as modifying existing ones, are suspended until the update is deployed next week.<\/p>\n<p>Levana plans to compensate losses to affected liquidity providers through <a href=\"https:\/\/forklog.com\/en\/news\/what-is-a-cryptocurrency-airdrop\">airdrop<\/a> and the distribution of fees collected by the protocol during the incident.<\/p>\n<p>On December 16, unknown <a href=\"https:\/\/forklog.com\/en\/news\/nft-trader-loses-about-3-million-in-hack\">attacked<\/a> the old smart contracts of the NFT Trader P2P platform and drained $3 million worth of non-fungible tokens.<\/p>\n<p>Later, the Telcoin project <a href=\"https:\/\/forklog.com\/en\/news\/telcoin-project-loses-1-3-million-due-to-exploit\">lost $1.3 million<\/a> due to the exploit, after which the TEL token price fell by 40%. Also <a href=\"https:\/\/forklog.com\/en\/news\/thunder-terminal-hacked-for-190000\">was hacked for $190,000<\/a>, a decentralised trading platform Thunder Terminal.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Levana&#8217;s perpetual-swap platform on the Osmosis blockchain was hit by an attack, with attackers draining {{AOPEN_1}}liquidity pools{{ACLOSE_1}} crypto assets worth $1.1 million.<\/p>\n","protected":false},"author":1,"featured_media":88811,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[44,2279],"class_list":["post-88810","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-cybercrime","tag-osmosis"],"aioseo_notices":[],"amp_enabled":true,"views":"23","promo_type":"1","layout_type":"1","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/88810","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=88810"}],"version-history":[{"count":1,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/88810\/revisions"}],"predecessor-version":[{"id":88812,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/88810\/revisions\/88812"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/88811"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=88810"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=88810"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=88810"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}