Skip to content

Lodestar Finance Became a Victim of Another Hacker Attack

Lodestar Finance has been subjected to a hacker attack. The attacker manipulated the oracle and was able to steal several million dollars.

Lodestar logo

Lodestar Finance is an algorithmic borrowing and lending protocol. This protocol allows users to lend or borrow, use liquid staking and trade with leverage. Also, the protocol feature is the ability to profit from the assets of Arbitrum: MAGIC, DPX and plvGLP. It was plvGLP that became the target for the hacker.

What is plvGLP? plvGLP is a Plutus Vault GLP. Let's take it in order. Plutus – aka PlutusDAO – is a decentralized autonomous organization. GLP is a token that consists of an index of assets used for swaps and leverage trading. GLP is the GMX platform’s liquidity provider token. In turn, plvGLP is one of the price oracles of the Lodestar Finance protocol.

Let's go back to the hacker attack. As Lodestar Finance tweeted on December 11, the protocol was exploited and deposits have been drained.

Also, Lodestar Finance reported what information they know about the hacker attack. The attack began with the hacker manipulating the exchange rate of the plvGLP contract. This helped provide plvGLP collateral and borrow all available liquidity. After that, the hacker cashed out everything he could, and several plvGLP holders also used the exploit.

According to Lodestar Finance, the hacker was able to exploit the protocol to the amount of about $5.8 million, but Plutus later confirmed that $2.4 million is recoverable. Lodestar Finance hopes that the hacker will return the funds for a reward under the bug bounty program.

So far, there is no complete detailed analysis of the situation, but Lodestar Finance has shared a brief summary of this attack.

Also, Lodestar Finance recently shared the news that it managed to calculate all the losses of user funds. Total losses amounted to 5,648 ETH, and approximately 2.72 million GLP was recovered.

Lodestar Finance has become another victim of hackers. This year, hacker attacks on crypto and DeFi services have become more frequent. You can read about what else was attacked by hackers on our website under the tag #Hacks&Bugs. And we continue to observe.