🔊Update on Velocore Incident
The Velocore DEX was exploited. Our teams have been employing our ecosystem security measures to mitigate the damage from this attack. More info in this thread.
Linea network remains secure, this only affected a 3rd party dapp.
The Velocore DEX was exploited. Our teams have been employing our ecosystem security measures to mitigate the damage from this attack. More info in this thread.
Linea network remains secure, this only affected a 3rd party dapp.
@hexagate_ alerted us about the ongoing exploit, helped trace stolen user funds, exploiter addresses and vulnerable contracts. 700ETH moved off Linea via a 3rd party bridge. It was the middle of the night, Velocore was still vulnerable and we could not get ahold of their team.
Because other avenues of handling this exploit closed, our team halted the sequencer to prevent additional funds bridging out. This was the last resort action to protect users on Linea.
https://x.com/WuBlockchain/status/1797090280254165024?s=19
The sequencer was paused from block 5081800 and 5081801.
During this pause, we gave the @Velocorexyz time team to support their efforts of triaging the vulnerability.
We also censored the hacker's addresses. This significantly reduced the ecosystem impact on Linea users.
During this pause, we gave the @Velocorexyz time team to support their efforts of triaging the vulnerability.
We also censored the hacker's addresses. This significantly reduced the ecosystem impact on Linea users.
Linea's team made a decision to halt block production by pausing the sequencer and censor attacker addresses to protect the users and builders in our ecosystem. Like other L2s, we are still in the "training wheels" phase of existence, giving us safeguards to use.
One of the key drivers in our decision to pause the sequencer was that the hacker had acquired and was beginning to sell a large sum of tokens into ETH. This would have created other issues in the ecosystem for users beyond the liquidity pool draining exploit.
Linea's goal is to decentralize our network - including the sequencer. When our network matures to a decentralized, censorship-resistant environment, Linea's team will no longer have the ability to halt block production and censor addresses - this is a primary goal of our network
Most L2s, including Linea, still rely on centralized technical operations which can be leveraged to protect ecosystem participants. Linea's core value is a permissionless, censorship-resistant environment so it was not a decision we took lightly.
Meanwhile, teams at Velocore and Linea have requested to CEX to freeze the exploited funds, and Velocore is setting up an onchain negotiation process.
https://x.com/velocorexyz/status/1797117286270353883
The Velocore team has just released a post-mortem on the exploit.
• All volatile pools(CPMM) in Linea and zkSyncEra Velocore are affected.
• No stable pools are affected.
• Team is pursuing onchain negotiations, CEX freezes, and compensating users
• All volatile pools(CPMM) in Linea and zkSyncEra Velocore are affected.
• No stable pools are affected.
• Team is pursuing onchain negotiations, CEX freezes, and compensating users
https://x.com/velocorexyz/status/1797229772399067587
Despite undergoing multiple audits, Velocore's protocol still had a exploitable flaw. We are grateful to the ecosystem security partners @hexagate @Cyvers_ and @HypernativeLabs for the fast response to assist @velocorexyz
User security is a top priority for Linea, which is why we have developed our ecosystem-wide threat monitoring and prevention mechanisms which went into full action on this exploit. We'll continue working closely with the Velocore team and supporting them in their next steps.
• • •
Missing some Tweet in this thread? You can try to
force a refresh
