Bitcoin DeFi protocol Sovryn loses $1M in a price manipulation hack

Through the hack, the perpetrator was able to steal almost $1 million worth of cryptocurrency, including 44.93 RBTC and 211,045 USDT.

Bitcoin-based DeFi protocol Sovryn has become the most recent target of the attackers. Through the hack, the perpetrator was able to steal almost $1 million worth of cryptocurrency, including 44.93 RBTC and 211,045 USDT.

The attacks particularly targeted the legacy Sovryn Borrow/Lend protocol, per a blog post by Sovryn on the matter. The RBTC and USDT lending pools were primarily impacted by the hack.

Notably, RBTC and USDT are crypto tokens correlated to those of BTC and the US Dollar, respectively. They circulate in this instance on Rootstock (RSK), a Bitcoin sidechain designed to increase the scaling, smart contract, and dapp capabilities of the cryptocurrency. Recently-attacked Sovryn is a Defi protocol based on RSK.

Since some of the money appeared to have been taken out via Sovryn’s AMM swap feature, the attacker obtained a variety of tokens. The company is actively pursuing to claw back the funds lost in the hack. Developers have managed to recover around half the value of the exploit through a combined effort, according to the announcement, which reads:

“Due to the multi-layered security approach taken, devs were able to identify and recover funds as the attacker was attempting to withdraw the funds.”

After two years of operation, according to Sovryn spokesperson Edan Yago, this is the first documented exploit against the protocol. He insisted that Sovryn had important and ongoing bug bounties and is “one of the most heavily audited Defi systems.”

The hackers operated the exploit by manipulating the price of Sovryn’s iTokens, which are interest-bearing digital tokens that stand in for a user’s holdings of cryptocurrency in a lending pool. Every time a position in the lending pool is acted upon, the price of this token is adjusted.

How did attacker conduct the hack? 

First, the attacker used a flash swap in RskSwap to purchase WRBTC (wrapped RBTC). Then, they used their own XUSD (another stablecoin) as collateral to borrow more WRBTC from Sovryn’s loan contract. Explaining how the attackers conducted the hack, the post states:

“The attacker then provided liquidity to the RBTC lending contract, closed their loan with a swap using their XUSD collateral, redeemed (burned) their iRBTC token, and sent the WRBTC back to RskSwap to complete the flash swap.”

The crypto industry has recorded a record number of crypto attacks in recent years. Most recently, DeFi market maker Wintemute lost $160 million in an operation hack, as TheCoinRise reported. Moreover, in September, crypto exchange CoinDCX witnessed Twitter account hack that delivered phishing links from its profile.