Level Finance, a decentralised perpetual exchange built on the BNB Chain, discovered an exploit in one of its smart contracts. The project informed its Twitter followers on Tuesday of an exploit that drained 214,000 of its native LVL tokens. At the time of writing, these tokens were worth roughly $1 million.
On Tuesday, the organisation informed the public of the exploit through Twitter. According to PeckShield, a blockchain security startup, the contract included a fault that enabled multiple referral claims from the same timestamp. The stolen 214K Native Token – LVL – was then exchanged for 3,345 BNB tokens worth $1.01 million.
Level Finance stated that the issue has been isolated to their Referral Controller Contract. They also said that a remedy will be deployed within the next 12 hours. This announcement resulted in a huge drop in the value of LVL tokens. Within a few minutes, the price of LVL tokens fell nearly 25% from $8.4 to $4.2 due to the sell-off panic. However, the token price has recently recovered and is currently trading at $7.78 at the time of writing.
Level Finance acknowledged the hack in a message on Discord following the incident. According to Level Finance on Discord, “the exploit was isolated from our other contracts,” and the exploiters carried out the heist by financing a fault in the “Claim Multiple” function.
Obelisk, a blockchain auditing firm, analysed Level Finance’s smart contracts and provided a full report on the project’s risks and concerns in January. The auditing company identified two high-risk concerns that were still outstanding at the time of the audit. They are no maximum capacity on swaps and missing contracts and functions. Obelisk said at the time that interactions with the ReferralController contract might result in unforeseen consequences. According to the analytic firm, depending on how the contract was utilised, there was a potential for re-entry complications.
A need for stricter rules and regulations for the crypto industry is arising. The industry saw millions lost in hacks last year. Prominent firms like Aave, Platypus, Euler and SushiSwap saw hacks recently. According to DeFiLaama, since the beginning of the year, more than $20 million has been stolen from the DeFi market.
