Hack Explained - Levana Protocol

Hack Explained - Levana Protocol


2 min read

In a recent decentralised finance (DeFi) hack, the Levana Protocol, a blockchain-based platform specialising in perpetual futures swaps, suffered a significant security breach. Levana, known for enabling traders to speculate on asset prices indefinitely without an expiration date, represents a novel and important facet in the DeFi landscape.

Behind the Breach

The breach at Levana Protocol, which unfolded over a 13-day period from December 13 to December 26, led to a significant loss of over $1.1 million, accounting for about 10% of the protocol's liquidity reserves. The complexity and duration of this exploit were notable. Attackers initiated a congestion attack on the Osmosis blockchain, artificially creating market stress. They exploited a vulnerability in the Osmosis fee market code, which during times of congestion, resulted in inadequate gas prices for trades and bot maintenance. This flaw allowed the attackers to manipulate prices and drain the liquidity pools effectively. Despite the Pyth oracle being involved in the attack, it reportedly had no known vulnerabilities and functioned as expected, highlighting the intricate challenges in safeguarding DeFi platforms against sophisticated cyber threats.

The breakdown of the losses amounting to a total of $1.146 million:

  • stATOM_USD: $241k

  • ATOM_USD: $229k

  • BTC_USD: $190k

  • ETH_USD: $128k

  • TIA_USD: $108k

  • *_USDC: $168k + $82k

Lessons from the Incident

The sophisticated nature of this attack, showcases the complex challenges DeFi platforms face. Moreover, this event mirrors a growing trend of security breaches within the DeFi ecosystem. In 2023, the DeFi landscape saw a staggering loss of around $3 billion. But there is hope as the space matures, hopefully measures like Levana's commitment to reimburse impacted liquidity providers through airdrops and sharing of protocol fees, becomes a new standard for the industry which will greatly increase user confidence and drive mass adoption.

Rivanorth is a global boutique Web3 cybersecurity company. We specialise in smart contract audits and blockchain security advisory. Visit rivanorth.com to find out more.

You build the future. We help you secure it.