Synthetix Lost 37 Million sETH in an Oracle Attack

by Arnab Shome
  • sETH is a synthetic digital currency which tracks the price of Ether.
Synthetix Lost 37 Million sETH in an Oracle Attack
Reuters
Join our Crypto Telegram channel

Cryptocurrency company Synthetix has suffered an oracle attack, resulting in the loss of 37 million synthetic Ether (sETH).

First pointed out by The Block, the loss of the synthetic crypto startup can be verified on Etherscan. However, due to the relative liquidity of sETH in the secondary markets, the fiat value associated with the loss cannot be calculated.

Kain Warwick, co-founder, and CEO of the company, believes that the attack was carried out by an arbitrage bot, and the company has already contacted the owner of the bot.

“There has been an incident with the price feed of sKRW, we are currently investigating the root cause, but during the time when the price feed was returning the wrong value, we believe an automated arb bot converted into sKRW and then into sETH,” Warwick noted in a statement on Synthetix’s Discord channel.

Encouraging hackers to beat other hackers

Amid the attack, the company has terminated all transfers within its networks as it has complete control over its smart contracts. It also initiated a bug bounty program to encourage white hat hackers to report bugs on the platform.

The move can be justified considering the growing popularity of bounty programs on Blockchain platforms. Last month, Finance Magnates reported that white hat hackers had raked over $32,000 by reporting bugs in various blockchain platforms in a mere seven weeks. Coinbase even rewarded a hacker $30,000 for reporting a critical bug on the exchange, totaling its payout at over $300,000.

Making of synthetic crypto

Synthetix allows its users to mint synthetic Cryptocurrencies on Ethereum’s blockchain. The coins can also be traded on a peer-to-peer platform. The compromised sETH tracks the price of Ether using an Oracle-backed price feed. Earlier this year, the company also launched a synthetic Bitcoin on Ethereum blockchain which can be traded on the Synthetix exchange.

Cryptocurrency company Synthetix has suffered an oracle attack, resulting in the loss of 37 million synthetic Ether (sETH).

First pointed out by The Block, the loss of the synthetic crypto startup can be verified on Etherscan. However, due to the relative liquidity of sETH in the secondary markets, the fiat value associated with the loss cannot be calculated.

Kain Warwick, co-founder, and CEO of the company, believes that the attack was carried out by an arbitrage bot, and the company has already contacted the owner of the bot.

“There has been an incident with the price feed of sKRW, we are currently investigating the root cause, but during the time when the price feed was returning the wrong value, we believe an automated arb bot converted into sKRW and then into sETH,” Warwick noted in a statement on Synthetix’s Discord channel.

Encouraging hackers to beat other hackers

Amid the attack, the company has terminated all transfers within its networks as it has complete control over its smart contracts. It also initiated a bug bounty program to encourage white hat hackers to report bugs on the platform.

The move can be justified considering the growing popularity of bounty programs on Blockchain platforms. Last month, Finance Magnates reported that white hat hackers had raked over $32,000 by reporting bugs in various blockchain platforms in a mere seven weeks. Coinbase even rewarded a hacker $30,000 for reporting a critical bug on the exchange, totaling its payout at over $300,000.

Making of synthetic crypto

Synthetix allows its users to mint synthetic Cryptocurrencies on Ethereum’s blockchain. The coins can also be traded on a peer-to-peer platform. The compromised sETH tracks the price of Ether using an Oracle-backed price feed. Earlier this year, the company also launched a synthetic Bitcoin on Ethereum blockchain which can be traded on the Synthetix exchange.

!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|} !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}