A recent setback hit the decentralized finance (DeFi) platform Gamma Strategies, resulting in a staggering loss of around $3.4 million, according to security experts. The breach exploited a critical vulnerability within the protocol’s “accounting mechanism,” enabling the perpetrator to withdraw an excessive quantity of tokens. Security firm PeckShield confirmed the incident and estimated the loss at $3.4 million, with the attacker making off with over 1500 ETH.
The exploit’s origin was traced to a flaw in the protocol’s “price change threshold,” which had been set too high, allowing for extreme fluctuations of 50-200% in specific LST and stablecoin vaults. Gamma Strategies has acknowledged this flaw and is actively pursuing contact with the exploiter.
To prevent further losses, Gamma Strategies has promptly disabled deposits to all public DeFi vaults while maintaining the functionality of withdrawals for users requiring access to their funds. In a statement on X, they clarified, “Our vaults will continue normal management, but deposits are on hold until we resolve and mitigate the issue.”
According to Yajin Zhou, founder of BlockSec, the exploit’s root cause lay in an inconsistency between the deposit and withdrawal accounting mechanisms utilized by Gamma Strategies. This discrepancy facilitated the attacker’s ability to manipulate the protocol and extract more tokens than permitted.
Gamma Strategies stands as a decentralized asset management platform operating on Ethereum and other blockchains. It allows users to invest funds in “hypervisors,” enabling returns through active liquidity management and market-making strategies.
