Velocore, which is a decentralized exchange, is defrauded of $6.8 million as a result of a vulnerability in the smart contracts that manage its liquidity pools. Incidentally, the exchange functions on the Telos as well as on the zkSync, Era, and Linea blockchains.
Since there was a flaw in the overflow logic, a hacker was able to mislead Velocore into depositing a huge sum instead of a small one. This was accomplished by the user’s utilization of a flash loan, which compromised the exchange’s unstable pools on zkSyncEra and Linea. Nevertheless, the team members made certain to safeguard their assets on Telos. The stable pools maintained their safety.
Despite conducting numerous audits and implementing safety measures, we were unable to prevent the occurrence. Velcro promptly contacted its users to assure them that every measure would be taken to address the issue. In the interim, they have taken the initiative to deactivate the logic flaw, which is being ascribed to the hack, thereby preventing a further incident.
Presently, the ConsenSys-created Linea Ethereum Layer 2 network has, for the time being, put on hold its block production to somehow make up for the loss incurred. They have also shut down the sequencer to prevent any further siphoning off of funds. Consequently, they concluded that this was the final endeavor to protect the interests of their users. There appeared to be disagreements between Linea and Velocore on this matter.
It is a known fact that Linea relies on centralized technical functioning to protect ecosystem players. Linea’s main asset is a permissionless, censorship-free space; therefore, it was a necessary decision to take.
Velocore has offered the hacker a 10% bounty for being able to redeem the balance funds, but he has not responded. Apparently, the hacker has dumped roughly 1,700 ETH, equivalent to $7 million with Tornado Cash.
Meanwhile, the exchange has contacted its users to reassure them that they will receive adequate compensation.
Read the full article here