- Level finance confirms 214,000 native token hacks and swaps to Binance to get a tune of $1 million.
- Level finance quickly shut down the exploit to prevent any more hacks.
- The hack was possible by claiming multiple bugs on the exchange’s smart contract.
- Level finance has asked users to stand by for more information on the exploit.
- April accounted for a huge part of the loss the crypto space has taken from hacks this year.
Level Finance has confirmed reports of an attacker manipulating a claim of multiple bugs in a smart contract on Level Finance to steal more than 214,000 LVL tokens from the exchange.
The Decentralized Exchange has experienced a security breach that enabled a hacker to steal over $1 million of Level Finance native (LVL) tokens.
The exchange informed 20,000 of its followers on Twitter that they had hacked 214,000 of the exchange’s LVL tokens which were eventually swapped into 3,345 Binance coins worth an approximate value of $1.01 million.
According to the information obtained from blockchain security firm, Peckshield, Level Finance’s “LevelReferralControllerV2” smart contract contains a bug that made it possible for the repeated referral claims from the same epoch that had drained the tokens. This report by Peckshield was confirmed by Level in a statement dropped on Discord.
However, according to details obtained from Binance Chain’s explorer, BSC scan, the v2 controller contract got data that showed multiple calls of the “claim multiple” function over the past 48 hours.
As of the time of writing, the implementation of the intelligent contract did not appear to have been altered since the advent of the attack. There has, however, been a statement from Level Finance saying they would deploy a new implementation of the referral contract within the next 12 hours.
Level Finance also noted that their liquidity pools and related Decentralized Autonomous Organizations (DAOS) remain unaffected by the hack.
According to a Twitter post by DeDotFiSecurity, there has been a shutdown of the referral program on their system to prevent further repeat hacks. Level Finance also added in Discord that the exploit had been immediately isolated from other exploits and implored users of the exchange to stand by for more information on the situation.
Conclusion
This month has been a dreadful one for exploits and a large percentage of the lost amount accounts for half of the total crypto that has been exploited in 2023.
In April, there was a significant soar in crypto exploits, exit flashes, and flash loan attacks, and more than $103 million of funds were stolen from crypto projects and crypto investors in April.
A crypto and security firm, Certik, dropped data on the April round-up of crypto exploit scams and hacks, which further revealed that the loss in April added a considerable number to the total year-to-date loss in the crypto space totaling $429.7 million.
