Levana, operating on the Osmosis blockchain, recently suffered a severe exploit, resulting in a substantial loss of over $1.1 million from its liquidity pools. The attack unfolded over a prolonged period of 13 days, targeting and siphoning 10% of Levana’s liquidity pools between December 13 and December 26.
Exploiting the congestion on the Osmosis chain, coupled with a bug in the fee market code of Osmosis and issues in Levana’s integration with the Pyth oracle, allowed attackers to manipulate prices and drain the pools, posing significant challenges for user market interactions.
The exploit was primarily facilitated by a congestion attack on the Osmosis chain, causing hindrances for Levana users in engaging with the markets. This exploit was further compounded by weaknesses in the Osmosis fee market code and discrepancies in Levana’s Pyth oracle integration. Levana assured that existing trades and profits remained unaffected, but due to security concerns, new positions and modifications to existing ones have been temporarily suspended until an upcoming scheduled update.
The team is diligently working on a fix, aiming to deploy it across Osmosis, Sei, and Injective chains where Levana operates, along with plans to compensate affected liquidity providers through an airdrop and distributing collected protocol fees during the attack period.