The Osmosis (OSMO) chain has been halted after a “critical bug” that may have led to the theft of $5 million from the decentralized finance (DeFi) protocol’s liquidity pools.
Core developers and network validators stopped the chain early the morning of June 8.
The bug was first reported by a user on Reddit who warned that when someone deposited funds to a liquidity pool and removed it instantly, the withdrawal somehow increased by 50%.
That post has now been deleted by the forum’s moderator. But not before users executed the bug repeatedly, making off with millions of dollars in cryptocurrency.
Osmosis tweeted that: “Liquidity pools were NOT ‘completely drained’. Devs are fixing the bug, scoping the size of losses (likely in the range of ~$5M), and working on recovery.”
Earlier reports suggested the bug could have potentially drained all liquidity pools.
Osmosis first identifies then fixes bug
In a later update, the team reported that “the bug has been identified and a patch written. More testing is underway before validators are recommended to coordinate a restart.” While the chain was stopped, the Osmosis DEX and its native wallet remained unusable.
Osmosis is an automated market maker (AMM) built on the Cosmos blockchain, which enables cross-chain transactions. It operates a decentralized exchange (DEX) that had about $212 million in total value locked (TVL) at the time of the chain was halted, according to DefiLlama.
The exploit comes hard on the heels of a recent software upgrade to the Osmosis network meant to improve efficiency and user experience. On Discord, some validators reportedly started to raise issues following the upgrade, including “always missing some blocks”.
As of press time, the price of OSMO was down 4.3% at $1.08 in 24 hours. The token has slumped 90% from its all-time-high of $11.25 on Mar 4, as per data from CoinGecko.