Sovryn developers reported that the attacker, using an exploit of the outdated Sovryn Borrow/Lend protocol, attacked credit pools and withdrew 211,045 USDT and 44.93 RBTC.
The total amount of stolen crypto assets is more than $1 million. The Sovryn decentralized platform team stated that the hacker “provided liquidity to the RBTC loan agreement, closed his loan with a swap using XUSD collateral, redeemed (burned) his iRBTC token and sent WRBTC back to RskSwap to complete instant swap.
Thus, the attacker was able to withdraw more RBTC from the credit pool than he originally deposited. The developers of the protocol reported that they “were able to return the assets when the attacker tried to withdraw them.” At the moment, managed to return about half of the assets.
Sovryn team member Edan Yago said that this is the first protocol breach in two years. He claims that Sovryn is “constantly externally audited” and its security policy provides valuable rewards for finding bugs. The team clarified that user assets were not affected and any missing amount from the credit pools will be returned by the project.
RBTC and USDT are stablecoins pegged to Bitcoin and the US dollar, respectively. In the hacking incident, they circulated on Bitcoin’s Rootstock (RSK) sidechain, designed to empower the smart contract and scale Bitcoin. The DeFi Sovryn protocol is built on RSK.
DeFi protocols are still a target for hackers. According to blockchain security experts Immunefi, decentralized platforms lost more than $428.7 million in the third quarter of this year.
Source: Bits
I am an experienced journalist, writer, and editor with a passion for finance and business news. I have been working in the journalism field for over 6 years, covering a variety of topics from finance to technology. As an author at World Stock Market, I specialize in finance business-related topics.
