The Cosmos ecosystem’s Osmosis blockchain, which powers a massive decentralized exchange (DEX), was shut down today.
The core development team and network validators terminated the chain at block #4713064 after a severe issue in its liquidity pools resulted in a $5 million exploit.
The flaw was first discovered by a Reddit user, who cautioned in a now-deleted post that adding cash to an Osmosis pool and then removing it increased the position by 50%.
Osmosis was exploited before the halt
Users had already begun exploiting the vulnerability to siphon funds out of Osmosis before the network was shut down, according to on-chain transactions. While the exact nature of the flaw is unknown, the Osmosis team revealed that the fault allowed malevolent users to siphon $5 million from liquidity pools.
“Liquidity pools were not “drained fully.” “Devs are correcting the flaw, estimating the extent of the losses (likely in the $5 million areas), and working on recovery,” the Osmosis team noted in an official statement.
The Osmosis DEX and its native wallet are now unavailable due to the chain halt. Before the network can be restarted, the team is working on releasing a fix.
The flaw was discovered when a user deposited money into a liquidity pool and then immediately withdrew it. Unintentionally, the withdrawal was valued at 50% more than they deposit. According to a Discord post by Osmosis community analyst RoboMcGobo, it took the team 12 minutes to stop the chain after the issue was discovered.
On-chain transactions illustrate how one user repeatedly took advantage of the same flaw.
They started the exploit with merely 26 OSMO tokens and in their first transaction, they made another 13 OSMO tokens. They went through the procedure at least 30 times, growing his assets by 50% each time.
The wallet received roughly 70,000 Cosmos native ATOM tokens as a result of the procedure (by swapping OSMO to ATOM), which is worth around $600,000. They also moved some of their OSMO revenues to a different location in order to restart the process.