Gamma Heist — Over $3M in Digital Assets Drained, 1,000 ETH Moved to Tornado Cash
On Jan. 4, the decentralized finance protocol Gamma Strategies was a victim of a hacking attack which saw criminals make off with digital assets worth over $3 million. To pre-empt further attacks, Gamma Strategies said it has shut off all deposits on any of its “public-facing vaults.”
Hacker Transfers 1,000 Ethereum to Crypto Tumbler Tornado Cash
On Jan. 4, 2023, the decentralized finance (defi) protocol Gamma announced its platform had been breached in a cyber attack, resulting in the theft of digital assets valued at several million dollars. In response to thwart additional security breaches, Gamma reported it has ceased all deposits into its “public-facing vaults.”
According to a series of alerts issued by the blockchain security company Peckshield, the exploiter-labeled address has been transferring or swapping digital assets from the hack. For instance, the security firm said it detected that the exploiter address “bridged and transferred 800.5 $ETH (worth ~$1.8M).” Before this, the exploiter address had moved 1,000 ETH to the decentralized cryptocurrency tumbler Tornado Cash.
Our vaults have 4 main sources of deposit protection against flashloans:
1.) Mandating a ratio of token0 and token1 in accordance with the ratio in the pool
2.) Setting a price change threshold, such that deposits will be disallowed when price change exceeds a certain amount
3.)…— Gamma (@GammaStrategies) January 4, 2024
In a post on X, the Gamma team insisted that the steps taken so far, including shutting down deposits, effectively nullify further attacks. The team nevertheless suggested that the set price change threshold might be the reason why the protocol became a victim of the attack.
“The main issue is with the settings we placed on (2) the price change threshold. It was placed too high allowing for up to 50-200% price change on certain LST and stablecoin vaults. This allowed the attacker to manipulate the price up to the price change threshold and mint a disproportionately high number of LP tokens.,” the Gamma team said.
To prevent hackers from carrying out a similar attack, Gamma said it is setting all price change thresholds to “a safe threshold level.” Additionally, third parties will now be required to review the code before the deposit functionality is reopened. Gamma has also promised to maximize “recovery for all affected users.”
What are your thoughts on this story? Let us know what you think in the comments section below.