This DeFi Protocol Just Got Hacked for $6.9 Million – Here’s What Happened

cryptonews.com:

Lodestar Finance, a DeFi protocol built on Ethereum’s Arbitrum network, lost $6.9m in an exploit over the weekend where an attacker was able to manipulate a price oracle.

In a statement published on Sunday, the team behind Lodestar admitted that the hack has created “a bad situation” and that “options are limited.”

The team said in the statement that the hack was made possible by manipulation of a price oracle in the protocol, which caused an “instantaneous change in the price.” This ultimately allowed the attacker to “borrow more than they should have been allowed,” resulting in a profit for the person or group behind the attack.

Going forward, the Lodestar team said the main priority is to work on recovering what they believe is recoverable, and then try to establish communications with the attacker.

“The Lodestar team is going to base our recovery plan off the approximately 2,720,000 GLP that is recoverable from the plvGLP contract,” the statement said, adding that further details about this recovery will be provided as they become available.

“In the meantime we will continue to try to reach out to the hacker and see if we can reach an agreement to return more of the user’s funds,” the team added in the statement.

The Lodestar Twitter account then went on to reach out directly to the attacker, offering to “find a white-hat agreement and move on.

“Recovering the funds of our users is the main priority and we will generously reward your collaboration,” the tweet said.

The statement from the Lodestar team came after a team member earlier in the weekend wrote in a user forum that the team is “working through what appears to be a potential exploit.”

He added that withdrawals “remain open, but are likely not able to be processed