Lodestar Finance, a DeFi platform operating on Ethereum’s Arbitrum network, faced a $6.9m breach over the weekend due to a price oracle manipulation by a malicious actor.
In a public announcement made on Sunday, Lodestar’s team acknowledged the severity of the breach, admitting its adverse implications and the limited options available.
The incident report clarified that the breach stemmed from the manipulation of a price oracle in their system. This unexpected price shift enabled the attacker to borrow more assets than permitted, leading to substantial gains for the adversary.
Looking ahead, Lodestar’s primary focus is on recuperating any recoverable assets and initiating dialogue with the perpetrator.
The statement further detailed, “Our recovery efforts will revolve around the roughly 2,720,000 GLP that can be retrieved from the plvGLP contract.” The team assured that they would share more specifics about the recovery process as and when they emerge.
The Lodestar team emphasized their commitment to recovering users’ funds by stating, “We are making efforts to establish contact with the hacker in the hope of negotiating a resolution to return a greater portion of the affected funds.”
Following this, Lodestar’s official Twitter account directly addressed the hacker, proposing a “white-hat agreement” in an attempt to resolve the situation amicably. The tweet highlighted, “Our primary concern is to retrieve our users’ assets, and we assure a substantial reward for your cooperation.”
This official statement followed an earlier comment by a Lodestar team member on a user forum, indicating they were investigating a potential security breach. The team member also noted that while withdrawals remained accessible, processing them might currently be infeasible due to liquidity constraints within the protocol.
Community reacts
Numerous individuals in the crypto community took to Twitter to share their insights and reactions to the case. A prominent crypto enthusiast and developer delved into a detailed breakdown, illustrating the hacker’s modus operandi throughout the exploit.
This individual further remarked that Lodestar now essentially holds no valuable assets, succinctly describing the situation as being laden with “bad debt.”
LODE token crashes
Following the security breach, Lodestar’s native token, LODE, experienced a significant drop in value. As of the latest report on Monday, LODE’s price stood at $0.1535, marking a 7.7% decrease over the previous 24 hours and a substantial dip of nearly 60% over the week.
The LODE token’s market capitalization is modest, amounting to only $181k. The token’s trading is primarily facilitated through the Uniswap decentralized exchange, as per the information from CoinGecko.
Lodestar’s platform operates on Arbitrum, a prominent second-layer scalability solution for the Ethereum network.