Decentralized exchange (DEX) on Ethereum Layer 2 networks ZKsync and Linea, Velocore, announced that it has temporarily disabled most functions, retaining only the withdrawal, in response to a recent exploit of vulnerabilities.
During the security breach, only the volatile pools were exploited, while the others remained unaffected. Imbalances in stable pools and depegged pools caused additional losses for Liquidity Providers (LPs), as frontend swaps were unable to resolve these issues through arbitrage. Meanwhile, on Linea, Velocore could only adjust the swap fee to zero without implementing deeper structural changes. This measure was taken to mitigate potential further damage and ensure a consistent withdrawal method for all users.
Furthermore, during a contract reevaluation, Velocore identified another vulnerability that could potentially lead to the theft of all assets. As a precautionary measure, Velocore conducted a white-hat operation to swiftly mitigate risks, securing assets in a separate Safe vault.
Velocore has emphasized that affected LPs are now able to claim their funds based on the LP snapshot captured at the specific block on both ZKsync and Linea.
Additionally, the Telos blockchain remained secure and was promptly patched without implementing a timelock. Velocore intends to return the stolen assets directly to their owners on a 1:1 basis, which is separate from the overall compensation for LPs. The team is currently in the process of taking snapshots for Telos and updating the claims function.
Notably, regarding compensation for victims of the previous exploit involving LPs, the decision will be determined later through a community vote on whether to reboot or liquidate. All remaining assets will be consolidated into a single treasury for collective decision-making.
Whitehat Operation for Remaining Balances in Velocore Vault
Following the recent exploit, we disabled most functions in Velocore except withdrawals to prevent further damage. However, this caused confusion among some users. Only the volatile pools were exploited, while others… pic.twitter.com/E1l17HCjvn
— Velocore | veDEX on zkSync Era / Linea 
(@velocorexyz) June 28, 2024
Velocore Faces $6.8M ETH Loss In Security Breach, Multiple Pools Compromised
Velocore is positioned as the first veDEX spanning multiple blockchains developed on Velodrome. It provides a trading environment characterized by low fees and minimal slippage, aiming to alleviate protocols from the need to inflate their token rewards, thereby fostering growth within the decentralized finance (DeFi) ecosystem.
Velocore encountered a security breach on June 2nd, resulting in approximately $6.8 million worth of ETH being lost. The vulnerability stemmed from weaknesses within the Balancer-style CPMM pool contract. The affected contracts included all volatile pools (CPMM) on Linea and ZKsync Velocore. Although Telos Velocore also had similar vulnerabilities, actions were taken to mitigate them before any exploitation occurred.
The post Velocore Addresses Remaining Vulnerability With White Hat Operation, Allows Affected LPs To Claim Funds Based On Snapshot appeared first on Metaverse Post.
