Lodestar Finance, one of the best Money Markets in the industry at the moment, has lost nearly $6.9 million funds to an oracle exploit. The hacker has drained all the deposits, forcing the platform to set its interest rate to zero. Negotiations are underway by the platform. Until then, the zero interest rate remains effective to ensure no movement in the said activities.
The attacker could cash out the liquidity subject to the collateralization ratio. A portion is intact with Lodestar Finance, with some remaining portions falling under the category of recoverable. The Oracle exploit happened systematically over a short time. The attacker initiated the exploit by manipulating the exchange rate of the contract to 1.83 GLP per plvGLP.
Lodestar Finance received the collateral to let the attacker borrow all the available liquidity.
A portion of plvGLP is intact, courtesy of the mechanism of collateralization ratio that was in place to prevent a hundred percent cashout activity. The attacker could pocket profit only after burning a portion of the GLP. Approximately 3 million in GLP have been burnt.
Profit for the exploit can be calculated as follows:-
- Stolen funds minus GLP burned
Plans to reach out to the attacker are in the pipeline. Lodestar Finance has shared that nearly 2.8 million GLP is recoverable. However, this is worth approximately $2.4 million.
Negotiations will happen once the attacker is contacted successfully. Lodestar Finance looks to negotiate based on the offering of a bug bounty. The DeFi platform will be able to recover more funds if the negotiations tilt their direction. Lodestar Finance has shared 3 Debank addresses where it will reach out to the attacker.
The oracle exploit has affected the platform in two ways: its Total Value Locked has plunged to $11.07 from $6.92 million. Additionally, LODE, the native token of the platform, lost about 65% of outfits value post the exploit. However, per the press timing, LODE was trading at the lowest value of $0.16.
Lodestar Finance again published a tweet asking the attacker to connect with the platform, hoping for some negotiations about a big bounty. The priority is to recover the users’ funds by agreeing to the terms of a white-hat agreement.
Followers have not taken the update in the right spirit. Most of them have expressed unhappiness saying that it’s a tough time. Others have said that it is a hard time because the platform is offering bounties, so attackers turn themselves in instead of offering bounties to catch the hacker.
Another explanation for the attack is that the attacker could borrow more than their limit only because they manipulated the exchange rate. The tease rate was far beyond the realistic values, allowing the attacker to flashborrow a large sum of funds.LODE continues to trade at a lower value for now.