The Velocore decentralized exchange has been attacked. The hacker withdrew approximately $6.8 million in Ethereum (ETH) from the pools in the Linea and zkSyncEra L2 networks.
Post-mortem on the exploit of Velocore
This incident is unlikely to extend to other protocols, so other users of @LineaBuild and @zksync can rest assured.
We apologize to all affected partners and users and are working diligently with various security partners to resolve the… pic.twitter.com/rfeqIwmMJX
The Linea team decided to stop the sequencer to prevent further loss of funds from Velocore users.
The hacker managed to withdraw 700 ETH (~$2.6 million) from the ConsenSys blockchain launched across the bridge. The developers stopped producing blocks for about an hour, "censored" the attacker's addresses and turned to CEX to block the stolen assets.
@hexagate_ alerted us about the ongoing exploit, helped trace stolen user funds, exploiter addresses and vulnerable contracts. 700ETH moved off Linea via a 3rd party bridge. It was the middle of the night, Velocore was still vulnerable and we could not get ahold of their team.
— Linea (@LineaBuild) June 2, 2024"Velocore was still vulnerable, and we couldn't contact her team," they explained their motives.
However, the community considered their actions to stop the blockchain contrary to the spirit of cryptocurrency.
Decentralizing the sequencer isn’t optional. Every serious L2 stack must race to do first. https://t.co/Y9szRm0j0O
— Alex G. (∎, ∆) (@gluk64) June 2, 2024"Decentralizing the sequencer is not optional. Every serious L2 stack should be in the race to do it first," wrote Alexey Glukhovsky, co—founder of the Matter Labs company behind zkSync.
He was answered by Declan Fox, head of product at Linea. He agreed that decentralization is not an option. At the same time, the ConsenSys specialist believes that the protocol is "on the right track."
Agree that decentralization is not an option. Linea is on a solid path to decentralising all aspects of the network in a very aggressive time window. Given that many Rollup frameworks more than 2 years older than us are no further ahead, I’m pretty delighted with our pace.
But…
"Considering that many Rollup frameworks are more than two years older than us and have not moved forward, I am very pleased with our pace," Fox said.
Recall that in April, crypto projects lost about $25.7 million as a result of hacking and fraud. This was a record low amount for a month since 2021, CertiK noted.