DEFI

2024 Not Quiet! Liquidity Management Protocol Gamma Hacked for 4 Million Euros, Hackers Have Already Stolen Nearly 100 Million This Year

share
2024 Not Quiet! Liquidity Management Protocol Gamma Hacked for 4 Million Euros, Hackers Have Already Stolen Nearly 100 Million This Year

Cybersecurity firm PeckShield reported that the Ethereum-based liquidity management protocol Gamma Strategies was exploited in an attack yesterday, resulting in losses of up to $4 million. Along with the events of Radiant Capital and Orbit this week, this brings the total losses from hacking attacks this year to nearly $100 million.

Gamma Hacked for $4 Million

According to reports, the liquidity management protocol Gamma Strategies suffered a price manipulation attack last night, resulting in a loss of 1,800 ETH, approximately $4 million.

Specifically, the attacker created around 40 malicious contracts targeting the protocol, manipulated the market price multiple times, artificially inflated asset prices, rapidly extracted liquidity, and converted assets to make huge profits. This is similar to the attack experienced by the Curve revenue protocol Zunami in the past.

Subsequently, the hacker used Stargate to cross-chain USDT from the Arbitrum chain to the Ethereum network, transferring 800.5 ETH worth about $1.8 million to another address, and deposited another 1,000 ETH worth about $2.2 million into Tornado Cash.

Gamma Team: Deposits Closed, Users Can Withdraw Funds

In response, the Gamma team stated that they have identified the root cause of the exploit and have temporarily suspended all deposits to prevent further risks. They claim that users can withdraw funds if needed.

Additionally, Gamma has sent messages to the addresses of the exploiters through Etherscan and Arbiscan, attempting to contact them for negotiation and return of the bounty in hopes of recovering the lost funds from the exploit:

Gamma attempting to negotiate bounty with attackers

The team also emphasized:

We will release a detailed post-mortem analysis and remediation plan in the coming days. We apologize to anyone affected by this attack, and we will do our best to recover funds and reduce the risk of recurrence in the future.

AMM Protocol Chronos Also Attacked

Concerningly, similar attack methods seem to have occurred on other protocols.

Just hours after the Gamma incident, the cybersecurity team Cyvers issued a warning on Twitter that the Chronos AMM protocol in the Arbitrum ecosystem, specifically the centrally managed liquidity pool by Dyson, also suffered a similar attack to the Gamma protocol, resulting in a loss of about $90,000.

Currently, Chronos is urging users to withdraw contracts related to the affected liquidity pool while assuring that other V2 liquidity pools remain secure.

Hackers Have Raked in Nearly $100 Million This Year

Only 5 days into 2024, there have already been at least 3 significant on-chain security incidents, including the hack of the cross-chain bridge Orbit on January 1st and the market exploit of the Arbitrum lending protocol Radiant Capital. The former resulted in a staggering $81.5 million loss, while the latter was $4.5 million.

In total, the hacker attacks in 2024 have amounted to approximately $90 million according to the above statistics, compared to about $1.7 billion for the entire year of 2023.

Web3 industry hacker attacks and scams in 2023 have accumulated losses of $1.7 billion