Gamma hackers stole $4M in price manipulation attack

Liquidity management protocol Gamma, which lost $4 million after exploiters created several fraudulent contracts to conduct price manipulation, has yet again come under attack.

Last year, more than $1.8 billion was lost due to security issues. In the year 2024 has just begun, and Web3 security incidents continue to wreak havoc.

How exploiters attacked Gamma smart contracts

Web3 security firm Syvers reported on X (Twitter) that attackers created several fraudulent contracts to steal $4 million from Gamma. CEO of Syverse, Dede Lavid, told BEncrypto:

“The attacker created approximately 40 malicious contracts targeting Gamma smart contracts. It is a kind of hack price manipulation.

Lavid further explains the price manipulation attack:

“In the price rigging attack on Gamma smart contracts, the hacker exploited vulnerabilities to artificially inflate asset prices. They did this by manipulating market conditions to their advantage through the use of many fraudulent contracts. Once their prices were skewed, they switched and moved the money quickly, evading normal security measures.

According to Syvers, after carrying out the attack, the hackers bridged USDT from the Arbitrum chain to the Ethereum network's Stargate bridge. Later, they converted the USDT to Ethereum (ETH) to avoid the devaluation.

Read more: How to use Arbitrum Bridge to Ethereum Token Bridge

For context, Tether often freezes stolen USDT to prevent further currency movement.

The screenshot below shows Gamma's stolen money flow. Exploiters have not yet moved Ethereum or distributed it to multiple addresses. Not to mention, the exploiters funded the new wallet with Tornado Cash.

Gamma Group is working with security experts to further investigate the incident. He wrote on X (Twitter):

All public vaults/hypervisors are closed for deposits. You can withdraw your money if necessary. Our vaults will continue to operate normally for now, but deposits are currently blocked until we can identify and fix the problem.

Additionally, the protocol was attacked again by another attacker who took 10 ETH worth $22,000. The attacker linked to the Kyber Networks exploit, demanding ETH for gas.

2024 has already been hit by exploits and hacks

In the year Only four days have passed in 2024, yet three security incidents have been recorded so far. On January 1, BeenCrypto reported that decentralized cross-chain protocol Orbit Chain lost more than $81 million to hackers.

Then on January 3, Radiant Capital lost $4.5 million due to a smart contract violation. These reports show that hackers will steal more than $90 million by 2024.

Read more: Crypto Project Security: A Guide to Early Threat Detection

Do you have anything to say about gamma exploitation or anything else? Write to us on our Telegram channel or join the conversation. You can also find us on TikTok, Facebook or X (Twitter).

For BeInCrypto's latest Bitcoin (BTC) analysis, click here.