Hong Kong-based decentralised finance (DeFi) protocol, Linear Finance, recently found itself grappling with a grave security breach that had severe repercussions on the liquidity of its Linear USD token (ℓUSD).
This incident sent shockwaves through the DeFi community, as malicious actors successfully exploited a vulnerability within the protocol, triggering a significant drain on ℓUSD liquidity.
In a display of transparency, Linear Finance acknowledged the complete depletion of ℓUSD liquidity on both PancakeSwap and Ascendex.
In its blog post, it stated that:
“The Linear Finance protocol was subject to an attack that resulted in the draining of all ℓUSD liquidity on both PancakeSwap and Ascendex, resulting in the price of ℓUSD going to zero. The attacker was able to mint an unlimited supply of ℓAAVE and subsequently traded the liquid asset to ℓUSD on the Linear Exchange, prior to selling it on PancakeSwap and Ascendex.”
The attacker’s tactics revealed a shrewd understanding of the system’s vulnerabilities.
Exploiting a flaw within the protocol, they executed an intricate scheme that allowed them to mint an infinite supply of ℓAAVE tokens.
Subsequently, these tokens were exchanged for ℓUSD on the Linear Exchange, providing the attacker with the ammunition to initiate a sell-off on PancakeSwap and Ascendex.
Linear Finance’s response to this critical situation demonstrated a commitment to damage control and the protection of its user base.
Swiftly, the protocol implemented a series of measures, including the temporary suspension of all contracts facilitating token minting, burning, or exchanging.
This decision aimed to halt any further potentially suspicious activities.
Moreover, in an act of transparency and proactivity, Linear Finance disabled the ℓUSD Linear bridge contract.
Concurrently, the protocol initiated an active pursuit of the attacker, taking proactive steps to share the wallet addresses associated with the exploit with major exchanges and legal authorities.