On June 2, 2024, Velocore, a decentralized exchange, experienced a significant security breach that led to the theft of approximately $6.8 million in Ethereum. The hack originated from vulnerabilities in the Balancer-style Constant Product Market Maker (CPMM) pool contract. Every Velocore pool on the Linea and zkSyncEra Layer 2 networks, excluding stable pools, was impacted.

The attacker reportedly obtained funds through the Tornado Cash mixer, exploited the vulnerability, and then moved the stolen assets via Across Bridge back into Tornado Cash. 

Subsequent to these events, Velocore conducted a thorough investigation, concluding that despite rigorous audits and advanced preventive measures in place, the attack occurred swiftly and unexpectedly. 

In response, Velocore has actively engaged in on-chain negotiations and sought the collaboration of various protocols and centralized exchanges to monitor the attacker’s activities. Additionally, the exchange took a snapshot of the blockchain state before the breach to formulate a compensation plan for affected users once normal operations resume.

This incident not only compromised Velocore but also affected Linea, the Layer 2 platform on which Velocore operates. In an effort to assist Velocore and prevent further unauthorized fund transfers, Linea paused its sequencer and halted block production between blocks 5081800 and 5081801.

A Layer 2 blockchain sequencer helps handle more transactions efficiently by grouping them together and processing them off the main blockchain (Layer 1). This process speeds up transactions and reduces costs. The sequencer then updates the main blockchain periodically with a summary of what happened, ensuring everything remains secure and accurate.

The decision to pause the sequencer has sparked a big debate among blockchain enthusiasts and experts about the need for greater decentralization in Layer 2 solutions. Critics argue that the reliance on a single sequencer, controlled by the network’s team, compromises the foundational blockchain principle of decentralization. 

Although Layer 2 networks claim to be moving towards decentralized sequencers, many remain centralized in practice. In fact, centralized sequencers are used by Arbitrum, Optimism, Polygon, Base, zkEVM, Scroll, Linea, and many others. This approach, while perhaps necessary for short-term security, could undermine trust in decentralized applications in the long term. 

Nevertheless, the Linea team contends that their decision was necessary. The primary reason behind halting the sequencer was the observation that the hacker had begun to sell a significant sum of tokens for ETH. Such actions threatened to cause further issues within the ecosystem, extending beyond the problem of drained liquidity pools. 

Share this article
The link has been copied!