The developers of the Synapse Bridge cross-chain protocol prevented the hacker from withdrawing roughly ~$8 million from the Avalanche Neutral Dollar (nUSD) Metapool. Thus, the incident, which the team told about in the Discord chat, occurred on November 7.
Synapse is a cross-chain bridge for moving tokens between several protocols of the first and second levels using AMM (automated market maker).
According to the developers, the attacker tried to exploit the vulnerability; using a bridge to transfer assets from Polygon (MATIC) to Avalanche (AVAX). Also, the team managed to identify an error in the AMM Metapool Saddle contracts.
The affected liquidity providers will return funds
“The validators will instead mint the nUSD back to the affected Avalanche LPs. All Avalanche nUSD LPs will be made whole, with no funds lost,” the team added.
Therefore, the transaction for about $8 million was rejected, the funds will be returned to the affected liquidity providers after the completion of a full audit.
In the third quarter of 2021, hackers targeting the blockchain industry stole cryptocurrencies worth more than $1.1 billion. The Ethereum ecosystem suffered the most. During the analyzed period it lost more than $800 million as a result of 20 attacks.
DeFi lender bZx hack
Recall that previously, the developers of the bZx DeFi platform acknowledged the loss of funds as a result of hacking for $55 million.
According to them, the hacker compromised the private key of the project deployment management on Polygon and Binance Smart Chain (BSC). Moreover, under the post, the security company SlowMist indicated that at the moment the damage amounted to over $55 million. Apparently, the hacker controls seven addresses with stolen funds.
In addition, the project team has published the results of the preliminary investigation. According to them, the incident was not a protocol hack. It “was a phishing attack on the bZx developer.”