Velocore Hack Causes Users' Liquidity Pools to Lose $10 Million

Velocore Hack Causes Users' Liquidity Pools to Lose $10 Million

All LP funds had vanished. Initial reports indicated that the hacker had transferred part of the stolen Ethereum (ETH) to the Ethereum mainnet

A major security breach occurred at the decentralized exchange (DEX) Velocore, which operates on zkSync and Linea. Hackers have stolen all user liquidity pools (LPs), having a total value of nearly $10 million, according to the reports. This incident has left the crypto community with many questions, especially when Linea Blockchain made a temporary pause of its block production.

The news first broke via an X thread by Officer’s Notes, a well-known threat researcher and writer. The thread detailed the hack on Velocore, revealing that all LP funds had vanished. Initial reports indicated that the hacker had transferred part of the stolen Ethereum (ETH) to the Ethereum mainnet.

A crucial fact was revealed whereby Linea Blockchain stopped its block production between block numbers 5081800 and 5081801 for one hour. But what caused this break is still a mystery. The anomaly came to light initially from some information on the BlockSec Team’s Telegram chat before EmberCN, an on-chain analyst, further analyzed it.

BladeSwap, another decentralized exchange on the native chain Blast_L2, also responded to the situation. In an X post, Bladeswap clarified that while it was a fork of Velocore, its vault uses a different pool contract calculation — the usual XYK (Uniswap v2 style) pool, not the CPMM (Balancer style) pool part of the exploit. They assured their users that the BladeSwap funds were safe and confirmed further investigations and implementation of additional security measures as needed.

Velocore Traces Exploit Source and Launches On-Chain Investigation

Velocore revealed where the exploit came from and began an on-chain investigation. The team is currently working on a detailed report that will outline the specifics of the breach and its impact. Velocore stressed that this particular flaw did not affect BladeSwap’s volatile pool.

On-chain analyst EmberCN added more details to this, explaining how the hacker converted all those robbed assets into ETH and transferred them via a cross-chain bridge to the Ethereum mainnet. At present, 1807 ETH coins worth about $6,880,000 are standing at that mysterious hacker’s address. Velocore has undergone three audits from reliable entities like Zokyo, Hacken and Scalebit. Nevertheless, this breach uncovered some weaknesses that escaped attention. However, Velocore’s investigation is being closely followed by the crypto community. The occurrence exposes on-going difficulties in trying to secure decentralized finances as well as an important requirement for strong and persistent security. The progress of the investigation will lead to more updates and information.

Read More