According to BlockBeats, Velocore announced on June 28 that it has disabled most of its functions to prevent further losses following a recent exploit. The only function that remains active is the withdrawal function. This decision was made due to the inability of the frontend exchange to correct the imbalance and unanchored pool of the stable pool through arbitrage, leading to additional losses for LP.
On the Linea chain, the administrative rights of the Diamond Proxy contract have been revoked. This has limited Velocore's ability to make fundamental updates, leaving them with no option but to change the exchange rate to zero. This measure is aimed at preventing further potential damage and providing a unified withdrawal method for all users. After re-examining the contract, Velocore discovered another vulnerability that could lead to the theft of all assets. To mitigate this risk, they conducted a white-hat operation and securely stored the assets in an independent Safe vault. Affected LPs can now claim funds based on the LP snapshot of the relevant block.
The Telos chain was not attacked and was patched without waiting for a time lock. Assets will be returned 1:1 to their owners, regardless of the overall LP compensation. Efforts are being made to accurately capture snapshots and update the claim function accordingly. The compensation for LP victims in the previous vulnerability attack will be decided by community voting, whether to restart or liquidate. All remaining assets will be consolidated into a single vault for collective decision-making.