In the world of decentralized finance (DeFi), security breaches have become an unfortunate reality. Recently, Gamma Strategies, a DeFi protocol built on the Ethereum blockchain, experienced a devastating exploit, resulting in a loss of approximately $3.4 million. The exploit was initially identified by blockchain investigator PeckShield on January 4 and was later confirmed by Gamma Strategies.
Gamma Strategies implemented several safeguards to protect its vaults against flash loans, including establishing token ratios, price change thresholds, deposit caps, and prohibiting single-sided deposits. However, the main issue that led to the exploit was the settings on the price change threshold. These thresholds were set too high, allowing for significant price changes of up to 50-200% on specific vaults. This flaw enabled the attacker to manipulate the price to the threshold and generate a large number of LP tokens.
Swift response and preventive measures
To prevent further losses, Gamma Strategies swiftly responded to the exploit by temporarily disabling deposits to all public DeFi vaults. However, withdrawals remained active, ensuring that users could still access their funds when needed. Additionally, the protocol has outlined its plan of action, which includes adjusting all price change thresholds to a safe level and conducting a third-party code review. These measures aim to effectively mitigate the attack before re-opening deposits.
Unfortunately, Gamma Strategies wasn’t the only DeFi project to suffer a security breach in the beginning of 2024. Orbit Chain, a project facilitating cross-chain bridging, experienced a similar fate, losing over $80 million in assets. The attacker managed to gain access to seven out of ten multisig signers, resulting in a total loss of $81.5 million.
The stolen funds
The majority of the stolen funds from Orbit Chain consisted of stablecoins, with $30 million in USDT, $10 million in USDC, and $10 million in DAI. Additionally, approximately 231 WBTC ($10 million) and 9,500 ETH ($21.5 million) were compromised. These security breaches highlight the urgent need for increased security measures within the DeFi space.
Compensation and recovery
While Gamma Strategies has taken swift action to secure its protocol and prevent further losses, it remains unclear whether the project intends to compensate its victims. The primary focus for now is on maximizing recovery for all affected users. It is crucial for protocols in the DeFi space to consider compensating users who have fallen victim to security breaches, as it helps to maintain trust and confidence in the ecosystem.
The recent exploit on Gamma Strategies serves as a stark reminder of the vulnerabilities within the DeFi space. As the popularity of decentralized finance grows, it is imperative for protocols to prioritize security and regularly conduct thorough audits to identify and address potential vulnerabilities. Only by doing so can DeFi protocols provide a safe and reliable environment for users to participate in the emerging financial landscape.