Polygon Lending Protocol 0VIX Pauses Protocol After $2M Exploit

0VIX, a lending protocol on Polygon and Polygon zkEVM, has reportedly been exploited for no less than $2 million.

The protocol permits borrowing towards a number of stablecoins, derivatives of Ethereum and Polygon’s native MATIC token, in addition to Aavegotchi’s staked token, vGHST. Aavegotchi is a blockchain gaming mission impressed by the favored Tamagotchi sport.

The exploit was carried out on the vGHST token.

Officer’s Notes, an impartial safety researcher, advised Decypt that the attackers have already transferred $1.4 million in USDC and $600,000 in USDT through briding protocolStargate Finance as they try to switch funds again to Ethereum and convert the stablecoins to ETH.

The 0VIX workforce responded by pausing the lending markets quickly as they investigated the matter.

Blockchain safety and information analytics agency, PeckShield, reported that the attackers took out a flash mortgage of $6.12 million in stablecoins to govern the vGSHT lending pool on 0VIX.

Blocksec, a blockchain safety agency, confirmed that the hackers used the borrowed stablecoins to open vGSHT lending positions and later manipulated the protocol’s value oracle.

Aavegotchi’s native token, GHST, surged 24.7% from $1.13 to $1.41 in lower than half-hour, in accordance with CoinGecko.

The moment value surge of GHST turned the vGHST lending pool bancrupt, and the attacker liquidated the swimming pools, making off with the collateral from the swimming pools.

Some of these assaults are referred to as value oracle manipulation hacks, that are widespread in DeFi circles.

Attackers manipulate the value oracle of a low liquid token, like GHST, inflating its value. Then, the attacker exchanges their artificially-inflated holdings for different tokens with ample liquidity and secure value.

Mango Markets on Solana and bZx change on Ethereum and BNB Chain had been hacked utilizing the identical method for $100 million and $55 million, respectively.