Sovryn – a Bitcoin-based decentralized finance protocol – was drained of over $1 million in funds on Tuesday using a price manipulation exploit. The attack allowed the culprit to drain over $1 million worth of crypto from the protocol, including 44.93 RBTC and 211,045 USDT. According to Sovryn’s blog post on the topic, the attacks specifically targeted the legacy Sovryn Borrow/Lend protocol. It impacted the RBTC and USDT lending pools. RBTC and USDT are crypto assets price pegged to Bitcoin and US dollars respectively. In this case, they circulate on Rootstock (RSK), a Bitcoin sidechain meant to expand Bitcoin’s smart contract, dapp, and scaling capabilities. Sovryn is a Defi protocol built on RSK. Some of the funds were apparently withdrawn using Sovryn’s AMM swap function, meaning the attacker ended up with several different tokens. The effort to recover funds is still ongoing. Sovryn spokesperson Edan Yago said this is the first successful exploit against the protocol after two years of operation. He maintained that Sovryn is “one of the most heavily audited Defi systems,” with valuable and active bug bounties. The exploit worked by manipulating Sovryn’s iToken price – interest-bearing tokens representing the share of cryptocurrency a user holds in a lending pool. This token’s price is updated every time a lending pool position is interacted with.
About OODA Analyst
OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.