E Point Perfect

GYM Network Protocol Hacked, $2.1 Million Stolen: Here’s How

article image

Vladislav Sopov

An error in a single function of a liquidity pool codebase resulted in seven-digit losses


GYM Network is a cross-protocol DeFi aggregator designed to optimize the process of yield farming on BNB Chain and make it straightworward for newbies.

GYM Network allowed to increase balance without actually depositing money

As per the statement shared by PeckShield cybersecurity provider, GYM Network had one of its elements, GymSinglePool, attacked today, June 8, 2022.

The architecture of the pool lacked a caller verification instrument: malefactors were able to increase their balances without sending money to them.

This design flaw was exploited with more than $2.1 million stolen. The attackers immediately started moving their loot to Tornado Cash transaction obfuscating service.


GYM, a core native utility and governance token of the protocol, immediately lost over 50% of its price, plunging from $0.00099 to $0.00048.

More protocols at risk?

Ironically, the protocol was audited twice by PeckShield itself and by CertiK. Also, it leverages Alpaca Finance’s codebase which was audited 20 times.

Blockchain researcher Kyrian Alex (Kyrian.sol) highlighted that GYM Network is far from being the only protocol that contains a similar design flaw:

This isn’t the first protocol being hacked because of “lack of caller verification”. Seem I’ll have to check out a lot of these clone protocols looking for this same vulnerability.

Team representatives confirmed the fact of attack. GYM Network’s community coordinator explained that the vulnerability was disclosed in a new “Claim and Reinvest” instrument deployed two days ago.

By press time, the source of the bug has been identified and fixed, the team adds.

Source link

Related posts

XRP Looks Ready for Big Move, Here Might Be Potential Catalysts

Bitcoin Consumes Million Times More Energy Than Credit Cards: IMF Report

Quant (QNT) Shows 7.6% Rise, Remains on Market Leaderboard, But Things Don’t Look Promising

Dogecoin Traders Are Long 57% on Binance; Here’s What This Signifies for Price

ZKSpace Launches Its Own Domain Name Service, ZNS

“Alameda” Wallet Moves $2 Billion on FTX Exchange in Past Week, Prior to Biggest Crypto Sell-Off in History