Mar 2024 - Lava Lending Flash Loan Attack - $340k (Global)
"Decentralized, Cross-chain, Liquidity Markets.
Borrow, lend, leverage, and basis trade liquidity positions from multiple DEXs across chains. Optimize your liquidity management with single asset zap-ins straight from your wallet."
"Firefighters are looking into a reported exploit. Please sit tight as we work with our community partners to resolve the situation and determine a clear plan of action."
"The incident was reported by PeckShield Alert to the protocol on March 28, 2024. Within 15 minutes of reviewing the report, all lending markets on the protocol were paused to prevent any further exploits. Lava community members reached out to contacts at major exchanges to identify the exploit address and prevent potential off-ramping of assets. Within an hour and with coordination of major exchanges, law enforcement incidents were filed. The address has also been listed as a malicious address on the blockchain explorer Arbiscan (Etherscan).
All affected addresses were identified and a contingency plan was enacted for compensation by the Insurance Fund, not dependent on the successful return of funds by the attacker.
An on-chain message was delivered to the attack address and the final recipient address of exploited funds in accordance to the protocol's exploit response procedures stipulating ongoing investigations will be halted if the attacker returns 90% of user funds."
"Firefighters have identified the exploit steps and are working to reproduce and test safety functions. A full post mortem will be delivered after details are confirmed."
"A compensation plan for addresses affected by the exploit has also been established. The compensation plan will go into effect in addition to and not determinate of the potential return of funds. "
"Update the _limitFees function to correctly limit fees even if they are generated only with one token.
When the compound function is called for a second time in one block, claim any pending fees as protocol fees."
Further Analysis
Lava Lending offered a decentralized liquidity market platform. An incident was reported on March 28, 2024 by PeckShield Alert, leading to the immediate pause of all lending markets to prevent further exploits. Community members collaborated with major exchanges to identify the exploit address, file law enforcement incidents, and list the address as malicious. Affected addresses were compensated by the Insurance Fund, independent of funds returned by the attacker. The protocol's exploit response procedures were followed, with ongoing investigations halted if 90% of user funds were returned. Updates to limit fees and claim pending fees as protocol fees have been made to enhance security.
How Could This Have Been Prevented?
More Cryptocurrency Exchange Hacks/Scams/Frauds
Pendle Finance Twitter Hack Fake Airdrop > > < < Prisma Finance TroveManager Exploit
Sources/Further Reading
SlowMist Hacked - SlowMist Zone (Dec 31)
@LavaLending Twitter (Dec 31)
@LavaLending Twitter (Dec 31)
Lava Post-Mortem: March 28, 2024 - HackMD (Dec 31)
https://www.lava.ag/updates?chainId=42161 (Dec 31)
Arbitrum Transaction Hash (Txhash) Details | Arbiscan
(Dec 31)
 t.me/QuadrigaInitiative
|
 /r/QuadrigaInitiative
|
 @QuadrigaInit
|
 info@quadrigainitiative.com
|