Decentralized finance (DeFi) protocol Gamma Strategies has fallen victim to an exploit resulting in the loss of approximately $3.4 million, according to security analysts. The incident occurred due to a critical vulnerability in the protocol’s “accounting mechanism,” allowing the attacker to withdraw an excessive amount of tokens. Security firms PeckShield confirmed the incident and estimated the losses at $3.4 million, with the attacker stealing over 1500 ETH.
The team has identified the root cause of the exploit, stating that the “price change threshold […]was placed too high allowing for up to 50-200% price change on certain LST and stablecoin vaults.” Gamma Strategies is currently reaching out to the exploiter.
Gamma Strategies has taken swift action to prevent further losses by disabling deposits to all public DeFi vaults while ensuring that withdrawals remain active for users who need to access their funds. Gamma Strategies said in a post on X:
“Our vaults will continue to be managed normally for now, but deposits are currently shut down until we identify and mitigate the problem.”
BlockSec founder Yajin Zhou explained that the root cause of the exploit was an inconsistency between the accounting mechanisms for depositing and withdrawing used by Gamma Strategies. This discrepancy allowed the attacker to exploit the protocol and withdraw more tokens than they were entitled to.
Gamma Strategies is a decentralized asset management protocol built on Ethereum and other blockchains. It allows users to deposit funds into pools called “hypervisors” and earn a return on their investment through active liquidity management and market-making strategies.
Let us know what you loved about this article, what could be improved, or share any other feedback by filling out this short form.
