Gamma Strategies, an Arbitrum-based decentralised finance (DeFi) protocol specialising in liquidity management, recently experienced a significant security breach. This protocol, which allows users to invest in 'hypervisors' or liquidity pools for active management and earning returns, suffered a loss of $3.4 million due to the breach.
Behind the Breach
On January 4, 2024, Gamma Strategies fell victim to an exploit resulting from a critical vulnerability in its vaults. The breach was facilitated by an inconsistency in the accounting mechanisms for depositing and withdrawing funds. This allowed the attacker to exploit the protocol's high price change threshold settings, which permitted up to 50-200% price changes in certain Liquid Staking Token (LST) and stablecoin vaults. By manipulating these settings, the attacker was able to mint an abnormally high number of LP tokens and subsequently withdraw them, leading to substantial financial losses for the protocol.
The attack resulted in a loss of assets valued at approximately $3.4 million, mainly in Ethereum (ETH). A notable portion of these assets, around $2.2 million, was moved to Tornado Cash, a cryptocurrency mixer, which added complexity to the recovery efforts.
The Aftermath
Following the breach, Gamma Strategies took swift action by disabling new deposits into its vaults while keeping withdrawals active. The team also expressed commitment to achieving a full recovery for affected users and plans to release a detailed post-mortem analysis and a resolution plan to enhance security and prevent future attacks. Efforts have also been made to contact the attacker to potentially return some of the stolen assets in exchange for immunity and a bounty, the outcome of this is yet to been seen.
Rivanorth is a global boutique Web3 cybersecurity company. We specialise in smart contract audits and blockchain security advisory. Visit rivanorth.com to find out more.
You build the future. We help you secure it.