Polygon lending protocol 0VIX has announced a temporary halt to its POS and zkEVM operations due to an exploit costing the protocol at least $2 million. In collaboration with security partners, 0VIX is investigating the situation which appears to be related to vGHST. Consequently, POS and zkEVM markets, including oToken transfers, minting, and liquidations have been paused. While only POS is currently affected, the situation may impact zkEVM in the future.
A joint investigation with blockchain security firm PeckShield uncovered that the attacker exploited the protocol through vGHST, the staking token of blockchain gaming project Aavegotchi, also the share token for $GHST, Aavegotchi’s native token. Security and audit firm Blocksec found the price oracle manipulated, allowing the attacker to borrow large amounts of vGHST after initially borrowing stablecoins, which were used to open up lending on 0VIX and gain access to the vGHST lending pool. The subsequent borrowing of vGHST led to the native token $GHST increasing by 24.7% in less than 30 minutes, as revealed by CoinMarketCap. The attacker then fled with the collateral and exchanged their loot for other tokens.
These attacks, known as oracle manipulation hacks, plague the crypto space. The recent hack in October 2022, resulting in $117 million losses, is a prime example. However, 0VIX, in collaboration with PeckShield and Chainalysis, managed to identify the attacker and swiftly issued an ultimatum via an on-chain message. The attacker has been offered a $125,000 bug bounty in exchange for returning the stolen funds, with the threat of involving law enforcement if they fail to respond.
While hacks and exploits are an ongoing concern in the crypto space, the 0VIX incident raises broader questions about Ethereum’s transition from Proof of Work to Proof of Stake. Was the shift a misstep, or can Ethereum and other crypto projects implement better security measures to prevent similar incidents in the future?
The debate around the pros and cons of Ethereum’s move, the efficacy of current security measures, and the responsibility of individual exchanges and crypto projects to ensure their users’ safety is likely to intensify in the aftermath of this particular exploit. The main conflict at the crux of this article is the struggle between innovation in the blockchain market and the adaptability of security measures to keep up with rapidly evolving technology and threats.
Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.