0VIX, a lending protocol built on Polygon and Polygon zkEVM, suffered a recent attack resulting in a loss of at least $2 million. The attack was targeted at the vGHST token, a staked token of Aavegotchi’s blockchain gaming project, and the lending markets were paused temporarily by the 0VIX team when the attack was detected.
The attackers used a flash loan of $6.12 million in stablecoins to manipulate the vGHST lending pool on 0VIX. With the borrowed funds, the hackers opened vGHST lending positions and manipulated the protocol’s price oracle. This caused the price of Aavegotchi’s native token, GHST, to surge by 24.7% in under 30 minutes, resulting in the vGHST lending pool becoming insolvent. The attackers liquidated the pools and made off with the collateral.
Response and Impact on DeFi
The 0VIX team responded quickly to the attack by temporarily pausing the lending markets and investigating the matter. Blockchain security and data analytics firm, PeckShield, also provided support by reporting on the attackers’ actions. The attackers had already transferred $1.4 million in USDC and $600,000 in USDT via the bridging protocol Stargate Finance, in an attempt to move the funds back to Ethereum and convert the stablecoins to ETH.
Price oracle manipulation hacks are becoming common in DeFi. Hackers manipulate the price oracle of a low liquidity token, such as GHST, inflating its price, and then exchange their artificially-inflated holdings for other tokens with ample liquidity and a stable price. 0VIX’s attack is not the first of its kind, and it certainly will not be the last. Mango Markets on Solana and bZx exchange on Ethereum and BNB Chain were also hacked using similar techniques for $100 million and $55 million, respectively.
Debangshu is a content writer specializing in the Crypto and DeFi beats. Moreover, he holds 3 years of writing experience in technical niches. He has produced content for a wide range of publications and news outlets, ranging from cryptocurrency-oriented websites to corporate websites.