Polygon-based protocol 0vix exploited for $2M
Arkham Intelligence said the attacker has moved the stolen USDC to Ethereum mainnet and swapped it for 757 ETH.
Polygon-based decentralized finance (DeFi) protocol, 0vix, appears to have been exploited for $2 million via flashloan.
Blockchain security firm CertiK reported the incident — which Arkham Intelligence further corroborated.
According to Arkham, the exploiter inflated the price of vGHST to borrow a large amount of USD. The attacker then moved the USDC to Ethereum (ETH) mainnet and swapped it for 757 ETH.
0vix has yet to respond to CryptoSlate’s request for comment as of press time.
0vix pauses markets
The lending protocol confirmed the incident in an April 28 statement, adding that it was “working with its security partners to look into the current situation that seems to be related to vGHST.”
Due to the incident, 0vix has paused the markets on POS and zkEVM. It further noted that this action would affect oToken transfers, minting and liquidation.
“Only POS has been currently affected but zkEVM has been paused as a precaution and will likely be enabled shortly again.”
Meanwhile, blockchain security firm Peckshield reported that the root cause of the exploit was a vulnerable VGHSTOracle that was deployed on March 17.
Peckshield said:
“The hacker involves a flashloan deposit of ~24.5m USDC as collateral to borrow 5.4m USDT and 720k USDC. In the meantime, it involved a series of leveraged borrow of vGHST, which suffers from a donation-based price manipulate and makes the hacker’s borrow position liquidatable. The borrow position is then liquidated to take back the original USDC collateral.”
DeFiLlama data showed that the total value of assets locked on the protocol slumped to $1.7 million from over $6 million after the exploit was confirmed.