After a $5 million exploit on Osmosis on Wednesday, one of its network validators called FireStake came forward to admit that they were responsible for draining $2 million of it.
Osmosis is a blockchain that runs a large decentralized exchange (DEX) in the Cosmos ecosystem. Osmosis suffered an exploit due to a security bug in its liquidity pools that allowed anyone to withdraw more than 50% of their position in the pools.
FireStake, which runs a staking service for the Cosmos ecosystem, said that two of its team members took $2 million in repeated withdrawals using merely $226. FireStake claimed that what started as testing to see if the bug existed, "grew into a temporary lapse in good judgment."
"We were thinking about our family's future, and not the future of our community," the firm affirmed. However, later it decided to notify Osmosis team to return the drained funds, the team added.
"They stepped forward themselves", Osmosis co-founder Sunny Agarwal said on FireStake's actions.
Osmosis said that the vulnerability was related to an error in the calculation of liquidity pool (LP) tokens shares when adding and removing funds on its DEX. When the Osmosis team first discovered it, they froze the entire chain to prevent users from draining all of the funds.
Out of the 5 million drained, it is expected that FireStake will return the $2 million. It's unclear if the team knows the whereabouts of the remaining $3 million. If those funds are not recovered, Osmosis said it will replace them from its own treasury.
In the meantime, the Osmosis blockchain remains halted. A pop-up on its website reads that the bug has now been fixed and validators are preparing for a network restore.
© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.