Gamma Protocol Reportedly Suffers $3.4M Exploit

Decentralized finance (DeFi) protocol Gamma Strategies finds itself in the spotlight as security analysts report a significant exploit leading to losses of approximately $3.4 million. 

Both PeckShield and BlockSec, reputable security firms, have confirmed the incident, highlighting a breach that allowed a hacker to abscond with 1500 ether.

"The root cause stems from the inconsistency between the accounting mechanisms for depositing and withdrawing used by Gamma Strategies, which results in a discrepancy between the liquidity and the shares," explained BlockSec founder Yajin Zhou to The Block. "Exploiting this, the attacker could withdraw an excessive amount of tokens."

‍

Root Cause and Remediation Plan

Gamma Strategies, in a recent update, outlined the root cause of the exploit and detailed steps to prevent a recurrence. 

The vulnerability lay in the price change threshold setting, allowing for a significant manipulation of prices in certain vaults. A third-party code review before reopening deposits was identified as one of the corrective measures, as well as a commitment to maximize recovery for affected users.

The breach's severity is underscored by the insights from BlockSec, which identified a critical vulnerability in Gamma's "accounting mechanism."

Amidst the unfolding drama, a fraudulent social media account with verified status impersonated Gamma, directing investors to a phishing website. Notably, this imposter account garnered more attention than Gamma's cautionary message about the breach.

‍

A Troubled Landscape

The Gamma Protocol exploit adds to the grim tally of cryptocurrency sector hacks. In 2023, the industry suffered losses nearing $1.8 billion, with major incidents concentrated in the latter half of the year. 

The Mixin platform, in September, grappled with a $200 million loss, unable to identify the attacker or retrieve the funds. Despite challenges, Mixin pledged to compensate users for half of their lost holdings.

Notable breaches in 2023 also included a security incident at Poloniex, initially reported at $33 million but later adjusted to over $120 million. The crypto gambling platform Stake faced a $41 million theft in September, contributing to the industry's growing concerns about security.