Defi Platform Levana Protocol Says $1.14 Million Was Lost During an ‘Oracle Attack’

The decentralized finance platform Levana Protocol confirmed on Dec. 27 that unknown attackers had drained approximately $1.14 million from the liquidity pool. The Levana team however insisted that the issue has “been fixed and opening positions will relaunch next week.”

‘Precognition Oracle Attacks’

The decentralized finance (defi) platform, Levana Protocol, recently confirmed that it was a victim of an oracle attack, in which approximately 10% or $1.14 million was drained from the liquidity pool (LP). However, in an update shared via X on Dec. 27, the Levana team insisted that the issue has already “been fixed and opening positions will relaunch next week.”

According to the update, the attack occurred 14 days earlier, and over 12 days, the hackers were able to drain approximately 4% off the LP. However, the attack increased significantly during Osmosis congestion on Dec. 26, resulting in an additional 5% drain. Initially, the Levana team attributed the resulting change in the profit and loss (PNL) to “organic trader profits and lack of effective cash.”

At the time of writing, seven wallets, which are presumed to belong to a bad actor, were said to have performed “precognition oracle attacks” on the protocol during times of network congestion.

Impacted LPs to Receive Airdrop

Commenting on fears that hackers will continue to drain the LPs, the Levana team said:

“Existing LPs are not at risk of further exploit since opening new positions was paused yesterday morning. Impacted LPs will be compensated through future airdrops and protocol fees collected at the time of the exploit.”

Meanwhile, in a Medium post, the Levana team insisted that the protocol’s recent issues had “nothing to do with Osmosis as a chain itself.” Rather, the issues seem to stem from the limitations of the Cosmos software development kit (SDK) and Tendermint.

The team also revealed that, in addition to fixing the vulnerability, Levana will grant an airdrop to LPs impacted by the exploit. Furthermore, the affected LPs will receive a share of the fees collected during the attack window.

What are your thoughts on this story? Let us know what you think in the comments section below.