Osmosis DEX on Cosmos exploited for $5 million as validators halt the network

Quick Take

  • Osmosis is a blockchain in the Cosmos ecosystem that provides a commonly used decentralized exchange.
  • It was exploited today and the chain was frozen as a preventative measure.

Osmosis, a blockchain that runs a large decentralized exchange (DEX) in the Cosmos ecosystem, was halted today.

After a critical bug in its liquidity pools led to an estimated $5 million exploit, the core development team and the network validators stopped the chain at block #4713064. 

The vulnerability was first noted by a user on Reddit who warned in a now-deleted post that if someone added funds to an Osmosis pool and removed it, the position somehow increased by 50%.

On-chain transactions show that before the network was stopped, users had already begun to exploit the vulnerability to siphon funds out from Osmosis.  While the exact nature of the vulnerability is still unclear, the Osmosis team confirmed the bug let malicious users drain about $5 million worth of assets from liquidity pools.

“Liquidity pools were NOT "completely drained". Devs are fixing the bug, scoping the size of losses (likely in the range of ~$5M), and working on recovery,” an official post from the Osmosis team stated.

Due to the chain halt, the Osmosis DEX and its native wallet remain unusable for the time being. The team is now working to issue a patch before the network could be restarted. 

© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.