Hack Alert - OpenLeverage Crypto Protocol Exploited For $236k

Quick Summary

1. OpenLeverage, a permissionless lending and margin trading protocol, experienced multiple hacks draining approximately ~$236,000 worth of assets today April 1st 2024.

2. The attacker's wallet was reportedly funded by Tornado Cash, a crypto mixing protocol known for its association with illicit activities, including laundering funds for North Korea's Lazarus Group.

3. OpenLeverage confirmed the hacks and paused its operations, initiating investigations into the incident to assess the extent of the losses.

4. The company assured users that accumulated insurance, buyback funds, and protocol reserves would cover the losses, ensuring no loss of user funds.

5. Following the hacks, OpenLeverage decided to close its trading and lending protocol, announcing processes for users to withdraw funds, with all protocol actions remaining paused until withdrawal procedures commence.

6. OpenLeverage announced a bounty for the hacker's cooperation in returning the stolen funds, although the specific reward amount was not disclosed.

7. OpenLeverage had previously secured investment from Binance Labs in June 2022, although the precise funding amount remained undisclosed.

How To Protect Myself?

Our investigation of the logs shows that a potential flash loan attack was behind this issue but this has not yet been confirmed by the OpenLeverage project. Consider withdrawing your funds from OpenLeverage and never storing crypto any more than necessary on any online platform.