Osmosis validator FireStake admits it drained $2 million during Osmosis exploit

Quick Take

  • FireStake is one of the validators of the Osmosis blockchain.
  • Despite this, it admitted to taking advantage of Osmosis’ recent exploit to drain $2 million of funds.

After a $5 million exploit on Osmosis on Wednesday, one of its network validators called FireStake came forward to admit that they were responsible for draining $2 million of it.

Osmosis is a blockchain that runs a large decentralized exchange (DEX) in the Cosmos ecosystem. Osmosis suffered an exploit due to a security bug in its liquidity pools that allowed anyone to withdraw more than 50% of their position in the pools.

FireStake, which runs a staking service for the Cosmos ecosystem, said that two of its team members took $2 million in repeated withdrawals using merely $226. FireStake claimed that what started as testing to see if the bug existed, "grew into a temporary lapse in good judgment."

"We were thinking about our family's future, and not the future of our community," the firm affirmed. However, later it decided to notify Osmosis team to return the drained funds, the team added.

"They stepped forward themselves", Osmosis co-founder Sunny Agarwal said on FireStake's actions.

THE SCOOP

Keep up with the latest news, trends, charts and views on crypto and DeFi with a new biweekly newsletter from The Block's Frank Chaparro

By signing-up you agree to our Terms of Service and Privacy Policy
By signing-up you agree to our Terms of Service and Privacy Policy

Osmosis said that the vulnerability was related to an error in the calculation of liquidity pool (LP) tokens shares when adding and removing funds on its DEX. When the Osmosis team first discovered it, they froze the entire chain to prevent users from draining all of the funds. 

Out of the 5 million drained, it is expected that FireStake will return the $2 million. It's unclear if the team knows the whereabouts of the remaining $3 million. If those funds are not recovered, Osmosis said it will replace them from its own treasury.

In the meantime, the Osmosis blockchain remains halted. A pop-up on its website reads that the bug has now been fixed and validators are preparing for a network restore. 


© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

About Author

Vishal Chawla is The Block’s crypto ecosystems editor and has spent over six years covering tech protocols, cybersecurity, artificial intelligence and cloud computing. Vishal likes to delve deep into blockchain intricacies to ensure readers are well-informed about the continuously evolving crypto landscape. He is also a staunch advocate for rigorous security practices in the space. Before joining The Block, Vishal held positions at IDG ComputerWorld, CIO, and Crypto Briefing. He can be reached on Twitter at @vishal4c and via email at [email protected]