Gamma Strategies Offer Bounty After $3.4M Exploit Drain

Published: Jan 4, 2024
Written By:
Vignesh Karunanidhi
Milk Road Writer

Gamma Strategies suffered an attack this week exploiting vulnerabilities in its Ethereum-based liquidity vaults to steal $3.4 million in crypto assets.

The team responded by freezing deposits to stem further losses. However, in a rare move, Gamma also messaged the hacker’s wallet, seeking to negotiate a “bug bounty” for returning the stolen assets.

Key Details:

  • The flaw allowed manipulation of deposit token pricing thresholds prior to minting LP tokens.
  • Enabled attackers to disproportionately mint and drain $3.4 million from pools.
  • Gamma suspends deposits but keeps vaults running for legitimate users.
  • Hacker has already laundered over $2 million via Tornado Cash Mixer, according to PeckShield.

Gamma outlined the flaw that allowed for briefly overriding safety measures through meticulously orchestrated transactions targeting price data.

Read more: Solana Focused Wallet Drainers On The Rise, Security Platforms Warn

Vaults relied on restricting deposits during significant volatility shifts. However, the hacker found manipulating prices prior to deposit approval enabled minting far more pool tokens than was justified.

By carefully calibrating an intricate series of swaps, the exploiter grabbed amplified yields before withdrawals locked in gains. Gamma conceded that its 50–200% maximum price change settings left holes.

Gamma Strategies Deploy Recovery Efforts

Gamma stopped further deposits, limiting additional risk while keeping vault services operational. The team pledged a full post-mortem and code review to bolster security prior to reactivation.

Source: Etherscan

Read more: DYdX Identifies YFI Attacker In Pump And Dump Scheme

The Gamma team messaged the attacker’s wallet address after tracing funds through Tornado Cash Mixer. The protocol indicated openness to a negotiated bounty payment to regain as much stolen crypto as possible.

Further details are pending as talks proceed, but the initiative spotlights new recovery tactics emerging in the DeFi breach response.

Vignesh Karunanidhi

Vignesh has been a seasoned professional in the crypto space since 2017. He has been writing for over 6 years and specializes in writing and editing various types of crypto content, including news articles, long-form pieces, and blog posts, all focused on sharing the beauty of blockchain and crypto.

Vignesh Karunanidhi
Milk Road Writer
Vignesh has been a seasoned professional in the crypto space since 2017. He has been writing for over 6 years and specializes in writing and editing various types of crypto content, including news articles, long-form pieces, and blog posts, all focused on sharing the beauty of blockchain and crypto.