Hack Explained - Velocore

Hack Explained - Velocore


1 min read

Velocore, a decentralised exchange (DEX) operating on zkSync and Linea blockchains, recently fell victim to $10 million hack, targeting the platform's liquidity provider tokens. The vulnerability exploited involved manipulating fee calculations within Velocore's liquidity pools.

Behind the Breach

The Velocore hack was executed by an attacker who exploited a flaw in the Continuous Product Market Maker (CPMM) mechanism used by Velocore. This mechanism, akin to Balancer's model, was intended to improve trading efficiency and security. However, the attacker manipulated the fee calculation logic, allowing them to drain liquidity pools without raising immediate alarms. The funds were then transferred across chains, ending up on the Ethereum mainnet, primarily converted to 700 ETH.

Rivanorth is a boutique Web3 cybersecurity company. We specialise in smart contract audits and blockchain security advisory. Visit rivanorth.com to find out more.

You build the future. We help you secure it.