Key Takeaways
- The decentralized exchange Osmosis has been exploited for around $5 million following the disclosure of a critical bug.
- The bug allowed malicious users to drain liquidity from the exchange by depositing and immediately withdrawing 50% more money from the pools.
- Developers were able to halt the Osmosis blockchain just 12 minutes after the bug was discovered, mitigating further damage to liquidity providers.
Share this article
The Cosmos-connected Osmosis blockchain has been halted following the discovery of a critical bug in the like-named decentralized exchange.
Osmosis Hit By a Critical Exploit
The decentralized exchange Osmosis has been exploited for approximately $5 million.
The critical bug that led to the exploit was initially disclosed by a community member posting under the name Straight-Hat3855 on the Osmosis subreddit. “There is a serious problem with osmosis,” they said, asserting that adding liquidity on the decentralized exchange and instantly withdrawing it was causing users to receive back 50% more tokens than initially deposited.
After expressing doubt over the user’s claims, other community members began depositing and withdrawing liquidity, only to find that the exploit worked as described. According to Osmosis, only about $5 million of the exchange’s $212.77 million in total value locked was drained before the developers halted the like-named blockchain for emergency maintenance.
According to pseudonymous Osmosis senior analyst RoboMcGobo, the blockchain’s validators were able to respond and coordinate the emergency halt within 12 minutes of the exploit being discovered. If the developers had not halted the chain, malicious users could’ve continued using the exploit to drain the exchange’s entire liquidity.
In an update posted to Twitter, the official Osmosis account wrote that the “bug has been identified and a patch written.” “More testing is underway before validators are recommended to coordinate a restart,” the team explained, announcing that a full bug report and action plan would be coming soon.
Osmosis is a decentralized exchange running on its own like-named blockchain built using the Cosmos SDK. Like other Cosmos SDK chains such as Secret Network, Osmosis is interoperable with the entire ecosystem of Cosmos-based blockchains. Per data from DeFi Llama, Osmosis is the second-largest Cosmos-based blockchain by total value locked, despite hosting only a single decentralized application.
The OSMO token has lost only around 2.3% on the news, falling from around $1.19 before the exploit to $1.06 at press time.
Disclosure: At the time of writing, the author of this piece owned ETH and several other cryptocurrencies.