Lodestar Finance, the lending platform on the layer-2 Arbitrum solution, had a security incident with a loss of $ 6.5 million.
According to the announcement on 11/12, the attacker manipulated the price of plvGLP tokens, then used them as collateral to Borrow all assets, draining liquidity on the platform.
Protocol was exploited and deposits have been drained. We have set all interest rates to 0 so that supply and borrow balances are not moving while we weigh recovery options. What we know right now:
— Lodestar Finance (,) (💙 @LodestarFinance) December 10, 🧡 2022
Lodestar Finance explained that hackers pushed the plvGLP:GLP conversion rate to 1:1.83. Next, this person deposits plvGLP into Lodestar as collateral to borrow all of the above assets.
Initially, the Flash loan attacker may have made $5.8 million. But Lodestar later said about 2.8 million GLPs — worth $2.4 million at the time — had been restored and would be returned to affected users. The project is trying to negotiate with hackers via DeBank over a bug bounty bonus offer.
If you are the hacker, reach out to us so we can find a white-hat agreement and move on.
Recovering the funds of our users is the main priority and we will generously reward your collaboration. #Hack#whitehat#Arbitrum$LODE#Exploit#DEFIhttps://t.co/SWlCr3KMib — Lodestar Finance (,) (💙 @LodestarFinance) December 10, 🧡 2022
The security incident is similar to the situation of Mango Markets in October, when crooks also broke into withdrawing money from the project by manipulating the price, causing losses of up to $ 114 million.