Blockchain security firm PeckShield detected an exploit in Gamma’s Ethereum-based liquidity management protocol on January 4, resulting in losses initially estimated at 211.9 Ether, equivalent to around $469,000. However, the confirmed losses amounted to $3.4 million, with the exploiter transferring $2.2 million to the crypto mixer Tornado Cash. In response, Gamma shut down its vault deposits, allowing only withdrawals, and reached out to the exploiter’s wallet address to initiate negotiations for a bounty in return for the crypto assets. The protocol assured the community that shutting down deposits for public-facing vaults nullified the attack, as a deposit was required for the attack vector.
Gamma Strategies, the decentralized finance protocol, identified the root cause of the attack and outlined its steps moving forward. The protocol plans to undergo a third-party code review to mitigate the attack before reopening deposits. Gamma emphasized its commitment to maximizing recovery for all affected users. The firm also sent a message to the attacker, expressing its intention to negotiate a bounty for the return of the stolen $3.4 million in digital assets. Gamma apologized to those impacted and promised to release a detailed post-mortem analysis and proposed remediation plan in the coming days.
The incident highlights the ongoing challenges faced by decentralized finance protocols in securing their platforms against exploits. Gamma’s decision to engage in negotiations for a bounty reflects a pragmatic approach to recovering the funds lost in the attack. The broader crypto community will likely scrutinize the protocol’s response and the effectiveness of its proposed mitigation measures to assess the overall security of DeFi platforms.
