OVIX Protocol Goes Through a $2M Oracle Exploit

OVIX, a lending protocol based on Polygon, recently went through a huge setback following being hit by a huge exploit where it lost up to a minimum of $2M. While responding to this, OVIX provisionally stopped the zkEVM and POS-related activities. The platform also endeavored to deal with the issue as well as decrease the effect on the clients.

OVIX Protocol Sees a Huge Exploit of $2 Million

Firstly, the intrusion was reported by CertiK (a blockchain security firm) and then Arkham Intelligence substantiated it later on. The OVIX protocol permits the consumers to borrow against diverse stablecoins, taking into account MATIC (the local token of Polygon) and Ethereum derivatives along with vGHST (the staked token of Avegotchi).

Arkham asserts that the party responsible for exploiting the protocol deliberately elevated the vGHST token’s price to get considerable USDC tokens in terms of loans. Once on the mainnent of Ethereum (ETH), the hacker swapped the stablecoin tokens for 757 Ether. The intruder used the stablecoins that were borrowed to access the lending pool of vGHST and the lending platform of OVIX.

Blockchain-related data provided by CoinMarketCap indicates that the exploiter borrowed the vGHST in great amounts. This played a vital role in elevating the price of the local GHST token by up to 25% only within 1/5 hour. The perpetrator remained successful in taking away the collateral. Following that the exploiter traded the respective collateral for additional tokens.

vGHST is utilized by the blockchain gaming platform Aavegotchi in the form of a staking token that plays the role of a share token. The token is for GHST (the local token of Aavegotchi). An auditing and security organization Blocksec has confirmed that the vGHST token’s price was elevated artificially. In addition to this, the platform also stated that tampering was carried out by the pricing oracle.

The exploiter utilized the vGHST coin for the exploitation of the protocol, as mentioned in the findings provided by PeckShield (a blockchain security platform). On the 28th of this month, OVIX issued a statement and admitted the issue. It disclosed that the company was performing an investigation on the matter in collaboration with the security collaborators.

Due to the breach, OVIX has terminated trading in zkEVM and POS. Apart from that, it was mentioned that the respective move would have some impact on the token issuance, liquidation, and transfer. Decentralized finance (DeFi) protocols can obtain real-time data dealing with the value of diverse crypto assets and the rest of the assets through price oracles which are also known as external services.

The manipulation of the oracle-reported prices and compromising the data feed of the oracle are both means of controlling the pricing oracles. To provide support to the rest of the attacks taking into account the liquidity pool exploits or flash loan hacks, exploiters might use the respective phony information for the artificial inflation or deflation of the assets’ value. In a flash loan hack, an attacker borrows great amounts from a DeFi protocol.

The Platform Cautions the Exploiters about the Engagement of Authorities in the Matter

Following that, the hacker inflates the actual value of the respective assets with fake data. Eventually, the respective assets are sold at a high price. Then, after the repayment of the loan, the exploiter holds the illegitimately made proceeds. In the meantime, the OVIX platform has issued a statement to caution the perpetrators about the involvement of the authorities if no response is provided by them.