Gamma Negotiates with Hacker Following $3.4M Exploit

Gamma Strategies, an Ethereum-based liquidity management protocol, is in negotiations with a hacker who exploited its system, resulting in a loss of $3.4 million in digital assets. The company is attempting to recover the stolen funds by offering a bounty to the attacker.

The Exploit

On January 4, 2024, blockchain security firm PeckShield detected an exploit within Gamma’s vaults. Initial estimates indicated that the losses amounted to around 211.9 Ether (ETH), worth approximately $469,000. However, PeckShield later confirmed that the losses reached $3.4 million. The exploiter had already transferred $2.2 million to the crypto mixer Tornado Cash. This happened just a week ago, after December 27, when Thunder Terminal suffered a security breach resulting in the loss of ETH and SOL for a total of $239,000.

Security analysts PeckShield and BlockSec attributed the incident to a critical vulnerability in Gamma’s accounting mechanism. The root cause of the exploit was an inconsistency between the accounting mechanisms for depositing and withdrawing used by Gamma Strategies, which resulted in a discrepancy between the liquidity and the shares. This allowed the attacker to withdraw an excessive amount of tokens.

Gamma’s Response

In response to the attack, Gamma shut down its vault deposits, allowing only withdrawals. The protocol sent a message to the exploiter’s wallet address, hoping to start negotiations for a bounty for returning the crypto assets. Gamma also announced that it had identified the root cause of the attack and assured the community that shutting down deposits for its public-facing vaults already “nullifies the attack any further” because a deposit is required for the attack vector.

Moving Forward

Gamma has outlined steps to prevent a recurrence of such an exploit. The company plans to get a third-party code review to ensure that the attack is mitigated before reopening deposits. Gamma also highlighted its commitment to maximize recovery for all the affected users. The company apologized to those affected and promised to release a more detailed post-mortem analysis and a proposed remediation plan in the coming days.

About Gamma Strategies

Gamma Strategies is a decentralized asset management protocol built on Ethereum and other blockchains. It allows users to deposit funds into pools called “hypervisors” and earn a return on their investment through active liquidity management and market-making strategies. The protocol was founded by an anonymous team and launched in 2020.

About PeckShield

PeckShield is a blockchain security company founded in 2018. It provides comprehensive security audits, threat monitoring, and prevention, among other services. The firm has a global team based in Hangzhou, Beijing, and San Francisco, consisting of seasoned security professionals and senior researchers.

Leave a comment

My Newsletter

Sign Up For Updates & Newsletters