Last updated on May 31st, 2023 at 07:14 am
Level Finance Crypto Security Hack – One of the top cryptocurrency exchanges in the world, Level Finance, had digital assets worth over $1 million stolen from it. Despite the exchange having undergone two security checks and assessments, the issue occurred on April 29, 2023.
This raises doubts and issues regarding how well these tests protect against cyber intrusions and attacks. Sources claim that the hackers broke into Level Finance’s network via a highly effective phishing attack. After acquiring access to the exchange’s internal systems, the attackers were able to transfer the stolen funds to various other accounts.
1/@Level__Finance was reported to be hacked due to the lack of checks of repeated items for the array argument of the vulnerable function. Note that the hacker first tried to make a preparation but failed several times 7 days ago, and finally made it before launching the attacks. pic.twitter.com/c9wMcpWNtZ
— BlockSec (@BlockSecTeam) May 2, 2023
- Hot Wallet vs. Cold Wallet – How to Protect your Crypto from Hackers
- Polygon Labs Responds to UK’s Crypto Asset Regulatory Consultation
- Level Finance Crypto Security Hack
- Binance Pushes for Proportional Crypto Regulations to Ensure Steady Growth
- Crypto Exchange Companies in Kenya will now Pay 1.5% in Tax
How the security attack was detected
According to blockchain security and data analytics startup PeckShield, the compromised smart contract, ‘LevelReferralControllerV2,’ has a logic fault in the claimMultiple function that enables users to repeatedly claim referral rewards inside the same epoch (period of time). BlockSec, a smart contract auditor, came to the same conclusion and stated that the hacker had repeatedly failed to exploit the hole since last week.
Because the claim incentive was specifically based on the tier of referral and reward points, the attacker made the following preparations: Two justifications were offered by BlockSec on Twitter: “[…] using the flash loan to execute numerous swaps (the reward was modified in the post swap function); and (1) generating and setting numerous referrals.”
The attacker created numerous referral accounts to take full advantage of the advantages of the smart contract bug. By using flash loans (single-transaction borrow and return), the attacker was able to perform many token swaps while earning rewards each time, increasing the referral benefits. In a tweet from DeDotFiSecurity, it was stated that the attacker had made an unauthorized contract seven days prior in order to profit from Level Finance.
The security platform exposed that the attacker removed the LVL tokens from the DeFi exchange by using the delegate function of the contract. According to Level Finance, the exploit was kept apart from other contracts. The exchange added that neither the DAO Treasury nor its liquidity suppliers were harmed by the breach.
Despite being able to contain the damage brought on by the exploit, Level Finance’s native token, LVL, suffered a significant loss. The token fell as much as 50% after the exploit, from $8.4 to a 3-week low of $4.2. As soon as the exploit was discovered, shrewd traders jumped at the chance to trade the token, raising its daily trading volume by 864%. The hacker eventually followed the correct protocols and conducted the attack, which brought in $1.1 million for them.
Level Finance Response to Security Breach and Measures Taken to prevent future attacks
Level Finance responded to a hack with a statement acknowledging the breach and announcing an inquiry. The DAO has published a proposal to seek community input on how to manage the 214K LVL tokens that the attack has added to the market.
The Level team is collaborating with law enforcement authorities to track down the perpetrators and get back the money that was stolen. The Quantstamp team is hired to undertake ongoing real-time security evaluations on all contract upgrades. Measures will be taken to reduce further attacks.