Following the exploitation of a flaw in its liquidity pools, which led to the leakage of $5 million, Osmosis may well recover some of it. And for good reason: $2 million was allegedly stolen by members of FireStake, a staking protocol dedicated to Cosmos network validators (ATOM). The latter have publicly admitted their fault and announced that they will return the funds.
Osmosis recovers $2 million from $5 million breach
Yesterday morning, the decentralized exchange Osmosis (OSMO), which relies on its own blockchain of the same name, unfortunately suffered a $5 million theft due to a breach in liquidity pools. As a result, both the blockchain and the exchange were shut down in order to apply a test panel and develop an update.
One Reddit user reported a “serious problem”, and he was quite right. Indeed, at that time, if a user of the protocol deposited a certain amount of money, they could get their stake back and an additional 50% without any lock-in.
In other words, if someone deposited 100 OSMOs, they could get 150 back, and repeat the operation over and over again. Fortunately, the flaw was exploited to a lesser extent, and the total haul from the theft was $5 million. The original Reddit post was quickly deleted by the moderation team, most likely to prevent the information from spreading.
According to a post by Osmosis on Twitter, more than 95% of the total stolen funds are in the hands of only 4 different people.
Update:
– 4 individuals have been identified that account for 95%+ of realized exploit amount.
– 2 out of the 4 individuals has proactively expressed intent to return the exploited amount in full.
– Osmosis (@osmosiszone) June 8, 2022
According to this source, 2 of the 4 individuals decided to return the stolen money, the equivalent of 2 million dollars. The other two individuals are believed to have transactions coming from or going to centralized exchanges, which, with proactive cooperation from said exchanges, may allow the funds to be recovered.
A network protocol responsible for the theft
The two people who finally decided to give back the stolen $2 million are obviously not just anyone. They would be 2 employees of FireStake, a staking service for validators of the Cosmos ecosystem (ATOM), which is also itself a validator of the network.
The company has publicly disclosed the information, indicating that what was initially intended to be a simple test to assess the voracity of the flaw has escalated from a starting sum of $226 to a total of $2 million.
Dear @osmosiszone community, many of you know about the Osmosis LP bug that occurred yesterday.
In disbelief of it being real, two members of @fire_stake started testing to see if the bug existed, testing grew into a temporary lapse in good judgment, and…
– FireStake | Validator (@stake_fire) June 8, 2022
Doubting the reality of the flaw, two members of FireStake began testing whether the bug existed, and the testing continued for the duration of an error in judgement and… as a result of these operations, we were able to turn $226 into about $2 million. We were thinking about our family’s future, not our community’s. “
In any case, FireStake timidly apologised and decided to transfer its role as validator, while announcing that its team was working with Osmosis to return the funds as quickly as possible.
It remains to be seen whether the other thieves will also eventually return what they have stolen. If not, the Osmosis team had stated that they would use funds from their own reserve to put things right.
