Decentralized trading platform Osmosis, created on CosmosSDK, was hacked, emptying its liquidity pools of $5 million. Developers have shut down the Osmosis blockchain to avoid additional harm. According to a notification by Mintscan, an Osmosis block explorer, the decentralized exchange was shut down at 10:49 p.m. EST today at a block height of 4,713,064. Just two blocks before the pause, an exploit was discovered.
There is a significant problem in the decentralized Osmosis exchange that a Reddit user alerted the Osmosis devs about. The Osmosis moderator eventually took down the Reddit discussion. As stated by the user, if you deposit money into a liquidity pool, you may then take out 50% more money than you put in without any bonding period.
Each Time Wealth Increased by 50%.
This flaw was regularly exploited, as shown by on-chain transactions. In their first transaction, they produced 13 more OSMO tokens than they had at the start of the exploit. They were able to give 101,230 OSMO (the native token of Osmosis) liquidity in a transaction performed.
Then, only 30 seconds later, the exploiter walked away with 151,084 OSMO tokens, making a 50% profit. This practise was done at least 30 times, each time increasing their wealth by 50%.
By converting OSMO to ATOM, the wallet was able to earn $600,000 in Cosmos native ATOM tokens, totaling around 70,000 tokens. To continue the scam, they moved a portion of their OSMO proceeds to a different address. The method was carried out several times by the user. The hacker pocketed almost $5 million as a result of this flaw.