Level Finance, a renowned decentralized exchange, recently fell victim to a significant security breach. The attacker exploited a flaw in the platform’s smart contract, known as “claim multiple,” which resulted in the theft of over 214,000 Level Finance (LVL) tokens. The stolen LVL tokens were converted into 3,345 Binance Coin, worth approximately $1 million.
Peckshield and BSC Scan Expose Level Finance Vulnerability
Upon discovering the breach, Level Finance promptly notified its 20,000-strong Twitter following of the incident. The exchange further emphasized that the attack solely impacted LVL tokens, not its liquidity pools or related DAOs.
Renowned blockchain security firm Peckshield identified the vulnerability within Level Finance’s “LevelReferralControllerV2” smart contract. The bug enabled “repeated referral claims” from the same epoch, which the attacker exploited to extract numerous LVL tokens. Level Finance later confirmed this finding in an official statement made on Discord.
Data from Binance chain explorer BSC Scan also revealed multiple instances of invoking the “claim multiple” function over the past 48 hours. The compromised v2 controller contract has not been altered since the attack. However, Level Finance has committed to deploying a new implementation of the referral contract within the next 12 hours.
Temporary Shutdown of the Referral Program and the Road to Recovery
To mitigate further damage, DeDotFiSecurity announced on Twitter that the Level Finance team has “temporarily shut down the referral program,” effectively stopping the exploit. The exchange has since isolated the exploit from other potential vulnerabilities and asked its users to “stand by for a full post-mortem.”
As Level Finance moves forward after this significant security breach, it is a stark reminder of the importance of robust smart contract security measures within the decentralized finance (DeFi) sector.
The industry must continuously invest in security improvements to protect users and preserve the integrity of the DeFi ecosystem. Unfortunately, this will unlikely be the last security incident in decentralized finance.
For paid/sponsored articles, FintechMode neither endorses nor takes responsibility for the accuracy, timeliness, quality, and content of said articles. The statements, views and opinions expressed in paid/sponsored articles are solely those of the content provider and readers are reminded that Cryptocurrency products are unregulated in most locations and can be highly risky. Do your own research and consult relevant financial experts before making any investment decisions. FintechMode will not be held accountable, either directly or indirectly, for any harm or loss that may stem from or be linked to the usage or reliance on any information, goods, or services mentioned on this page. If you have any concerns, please email [email protected] or refer to our Terms & Conditions