Level Finance Reports a $1 Million Exploit Due to Smart Contract Bug

A “claim multiple” bug in Level Finance’s smart contract allowed an attacker to steal over 214,000 LVL tokens, worth more than $1 million.

Decentralized exchange, Level Finance, disclosed a security breach on Twitter where an attacker stole more than $1 million in the exchange’s native token, Level Finance (LVL).

The exchange revealed that the attacker took advantage of a “claim multiple” bug in its “LevelReferralControllerV2” smart contract, allowing the attacker to make multiple referrals claims from the same epoch. The attack resulted in over 214,000 LVL tokens being drained and swapped into 3,345 Binance Coin (BNB) with an approximate value of $1.01 million.

Peckshield, a blockchain security firm, confirmed that the smart contract contained the bug, and Level Finance acknowledged it in a later statement. Despite the attack, Level Finance assured its users that its liquidity pools and related DAOs were not affected.

The exchange also stated that a new implementation of the referral contract will be deployed within the next 12 hours to prevent future incidents.

Level Finance reported that it had temporarily shut down its referral program, which halted the exploit. The team is currently investigating the incident and has promised to provide a post mortem soon.

• About author
• Disclaimer

Editorial

Keep up with latest news and announcements in Web3 world with NFTStudio24, Japan's first media platform built on blockchain technology revolutionizing the age of news and reporting.

The content provided here is for general informational purposes only. It should not be considered as professional advice. Any actions taken based on this information are at your own risk. We do not assume any responsibility or liability for the accuracy, completeness, or suitability of the information. Always consult with a qualified professional for specific advice related to your circumstances.