From December 13th to 26th, the Levana protocol for trading perpetual swaps, based on the Osmosis blockchain, was subjected to a hacker attack. As a result of the exploit, hackers withdrew 10% of the reserves from the project's liquidity pools, amounting to over $1.1 million. The Levana team has committed to compensating the liquidity providers for their losses and has temporarily suspended the ability to edit and create new positions.
Levana developers discovered that the hackers exploited a vulnerability caused by high network load on Osmosis, which prevented Levana users from interacting with the markets due to insufficient gas prices for transactions. This also led to incorrect price displays in the Pyth oracle integrated into Levana, as users were unable to update its contract. These factors allowed the attackers to manipulate prices and deplete the pools. No vulnerabilities were found in the Pyth oracle itself; it functioned as expected.
Existing trading positions and profits remained untouched. The Levana team is working on fixing the bug, which will be implemented in a code update across the networks where Levana operates: Osmosis, Sei, and Injective.
Osmosis is a first-level (L1) blockchain created in the Cosmos ecosystem using the Cosmos SDK tools and the Tendermint consensus mechanism. Levana notes that many of the issues encountered while working with Osmosis are not due to flaws in the blockchain itself but rather to limitations of the Cosmos SDK and Tendermint in scaling and meeting the needs of an active user base.