Venus Protocol, a decentralized money market, announced on Thursday evening that about $11 million had been lost due to people exploiting the historic collapse of the Luna cryptocurrency and its sister stablecoin UST.
“Today, we became aware of errant price behavior for LUNA on Venus Protocol. Upon investigation, it was learned that the price feed had been paused by Chainlink due to extreme market conditions,” Venus Protocol explained.
“The price on Venus was last listed at about $0.107 while the market price was $0.01. In order to de-risk this situation, the protocol was paused using PauseGuardian via multisig. Upon this desyncing event, it was discovered that 2 accounts had suspiciously deposited a sum of 230,000,000 LUNA valued at over $24,000,000. Assets were borrowed totalling around $13,500,000.”
Venus Protocol and several other platforms use Chainlink to provide its users with real-time price estimations of the tokens on its platform that are available for lending and borrowing.
But the tool began having issues with Luna on Thursday as the price continued to fall precipitously.
“As a result, it was possible to deposit UST and LUNA as collateral and borrow other tokens, with an underpriced collateral valuation. Liquidable accounts also depend on the Chainlink oracles,” decentralized finance researcher Vali Dyor explained.
Chainlink released its own statement on the issues with its oracles, saying that the minimum value circuit breaker for the LUNA/USD Price Feeds was automatically triggered due to the “unprecedented volatility across the cryptocurrency markets.”
They explained that the circuit breaker is one component of their security efforts that is used to “protect against flash crashes and other forms of market manipulation.”
The attack on Venus Protocol was the reverse of a popular hack used to attack decentralized finance platforms.
Flash loan attacks — which involve hackers borrowing funds that do not require collateral, buying a significant amount of a cryptocurrency to artificially raise its price and then offloading the coins before the loan is paid back and the borrower keeps any profit — have been used to attack several platforms in recent months.
But Chainlink noted that the triggering of the circuit breaker was not a “a manual intervention by node operators, Chainlink Labs, or other third parties.”
“Some users proactively paused their applications, while other users were informed of the impacted feeds and reminded to immediately pause their application’s use of the feeds in accordance with best practices outlined in the Chainlink documentation,” Chainlink said.
“The LUNA/USD Price Feeds are now operational, but not recommended based on the asset’s risk profile. We will be learning from this set of market events to continually improve the protocol’s approach to circuit breaker parameters and other layers of security across various oracle networks.”
Venus Protocol has decided to suspend the LUNA market effective immediately at the request of its users and has a “Risk Fund” that will be used to cover the shortfall caused.
All wallets that have a position with Luna will be disabled temporarily as they disable the market.
“Subsequently, a VIP will be prepared asking the community to set the collateral factor for LUNA to 0, after which the Chainlink price feed will be re-enabled which will allow withdrawals and liquidations. Venus is also assessing the UST Situation carefully and will take further actions as necessary,” they explained.
Early on Friday morning, the protocol announced that it was “pausing” for 48 hours and that no liquidations would be allowed.
As the price of Luna cratered overnight, exchanges and markets were forced to make difficult choices on how to approach the cryptocurrency.
Binance stopped all trading of Luna and UST on its platform but the moves have done little to stop all cryptocurrency values from being depressed across the board.
The post Collapse of Luna cryptocurrency leads to $11 million exploit on Venus Protocol appeared first on The Record by Recorded Future.
Source: Read More (The Record by Recorded Future)