- Gamma Strategies’ exploiter has moved some funds through the sanctioned coin-mixing service Tornado Cash
- Gamma had sent the hacker an on-chain message with hopes of offering a bug bounty
- The protocol lost roughly $3.4 million
The Gamma Strategies hacker has been seen moving part of the loot through sanctioned coin-mixing service Tornado Cash, decreasing the chances of a possible return of the funds that the platform had hoped. According to blockchain security firm PeckShield, the attacker moved 1,000 ETH worth approximately $2.2 million, leaving roughly $1 million of the stolen funds unmoved. The hacker’s actions come despite the protocol sending an on-chain message requesting him to keep a small percentage of the funds and return the rest, a sign that the attacker may not be interested in negotiating with the Gamma team.
Preliminary Results are Out
Apart from using Tornado Cash, the attacker is also swapping remaining funds for other coins and moving them between chains. In its latest update on X (formerly Twitter), Gamma disclosed that they “have preliminarily reached the root cause of the recent exploit on [their] vaults.”
We have preliminarily reached the root cause of the recent exploit attack on our vaults.
Out of abundance of caution, we shut off all deposits on our public-facing vaults — this effectively nullifies the attack any further because a deposit is required for the attack to take…
— Gamma (@GammaStrategies) January 4, 2024
According to the protocol, the attacker used a loophole in a setting that disallows deposits “when price change exceeds a certain amount.”
Gamma revealed that the threshold for stopping deposits was placed extremely high (up to 200%) allowing the exploiter to manipulate token prices in exchange for a “high number of LP tokens.”
The main issue is with the settings we placed on (2) the price change threshold.
It was placed too high allowing for up 50-200% price change on certain LST and stablecoin vaults. This allowed the attacker to manipulate the price up to the price change threshold and mint a…
— Gamma (@GammaStrategies) January 4, 2024
A Deposit is Required to Conduct an Attack
Gamma Strategies has already stopped deposits saying that it helps stop further losses since “a deposit is required” to conduct such an attack. The protocol will re-enable the option once it conducts a detailed post-mortem of the incident.
It added that it’s committed to recovering the funds and “mitigate the risk going forward.” The platform has however not provided a concrete timeline for when it’ll start reimbursing victims or when it expects to open up deposits.
With the attacker moving funds through Tornado Cash and multiple chains, likely, they won’t return the funds for a bounty.
