Gamma Strategies decentralized finance protocol suffered a cyber attack, which resulted in a loss of around $3.4 million. PeckShield Inc., a blockchain security and data analytics firm, tweeted on X about the exploitation.
After confirming the attack, Gamma Strategies took security actions to stop any further losses to users and partners. They stated that they were working with security professionals and partners. The professionals shut down all public vaults/hypervisor deposits until the issue is identified and mitigated. Gamma said,
All public vaults/hypervisors have had deposits shut down. You may withdraw your funds if need be. Our vaults will continue to be managed normally for now, but deposits are currently shut down until we identify and mitigate the problem.
The hacker took over 1500 Ether using the vulnerability in the protocol’s accounting mechanism. After figuring out the cause of the incident, Gamma tried to contact the exploiter via Etherescan (/etherscan.io/tx/0x293698c1ab) and Arbiscan (/arbiscan.io/tx/0xfb99dd2af2) to negotiate the return of funds. BlockSec founder Yajin Zhou, in an interview, stated that the root cause of the exploitation is the “inconsistency between the accounting mechanisms for depositing and withdrawing used by Gamma Strategies” which results in a major difference between the liquidity and the shares.
Gamma Protocol is an asset management protocol where users deposit funds into pools called “hypervisors.” They get the return on investment through active liquidity management (ALM) strategies. The smart contracts automatically rebalances assets, manage the price range, and reinvest the earned fees.