Hong Kong-based defi protocol Linear Finance reported a security breach that drained its Linear USD token’s liquidity on PancakeSwap and Ascendex platforms.
Hong Kong‘s burgeoning defi ecosystem faced a significant setback this week as Linear Finance, one of its leading protocols, came under an unexpected attack.
In an incident that jolted the defi community, malevolent actors exploited a vulnerability in the protocol, resulting in a substantial liquidity drain of its Linear USD (ℓUSD) token.
According to a candid statement released by Linear Finance, the entire liquidity of ℓUSD on both PancakeSwap and Ascendex was drained. The breach caused a catastrophic fall in the token’s value, plummeting its price to a staggering zero.
The modus operandi of the attacker was shrewd: they exploited a flaw that allowed them to mint an infinite supply of ℓAAVE tokens. These were then exchanged for ℓUSD on the Linear Exchange, after which the attacker proceeded to liquidate them on PancakeSwap and Ascendex.
The gravity of such incidents in the defi world cannot be understated. Decentralization brings with it the promise of heightened security, but as this incident demonstrates, it also presents unique challenges that demand rigorous monitoring and rapid interventions.
Linear Finance, realizing the severity of the attack, promptly initiated a series of measures to mitigate further damage and safeguard its user base.
The protocol momentarily paused all contracts that facilitated token minting, burning, or exchanging, demonstrating an effort to stall any additional suspicious activities.
In a move signaling transparency and proactiveness, the ℓUSD Linear bridge contract was disabled. Furthermore, the protocol began actively tracking the attacker and has since disseminated the wallet addresses connected to the exploit to major exchanges and legal authorities.