Understanding the Recent Attack on LVL Protocol: A Detailed Analysis

According to reports, according to the Beosin EagleEye security risk monitoring, warning, and blocking platform monitoring under the blockchain security audit company Beosin, the Level on the BSC chain on May 2, 2023__ The Finance project was attacked and lost up to $1 million in funds. By analyzing the code, it was found that the attacker’s address is 0x61bb 12e created attack contract 0xf08a 629, then the claimMultiple function of the attacked contract 0x9770… 63a was called using the attack contract. Due to the fact that the attacked contract did not clear the corresponding users ledger after calculating the users reward, the claimed reward of the same epoch can be repeatedly claimed. The attacker repeatedly calls the function using the same epoch to repeatedly retrieve the Level Token, and then swaps the received Level Token into 3345 BNBs (approximately $1.09 million) in multiple pairs. The stolen funds are still stored in the attacker’s address (0x70319d1c09e1373fc7b10403c852909e5b20a9d5), and Beosin will continue to monitor the stolen funds.

Security team: The stolen funds of Level Finance on the BSC chain are still stored in the attacker’s address

If you’re familiar with blockchain security audits, no doubt you’ve heard of Beosin EagleEye. The security risk monitoring, warning, and blocking platform has recently reported a security breach on the BSC chain that saw $1 million worth of funds lost from the LVL Finance project. It’s a concerning incident that raises questions around the security of blockchain protocols and how similar incidents can be avoided in the future. In this article, we’ll take a close look at how the incident occurred and the steps that were taken to mitigate the damage.

Outline

I. Introduction
– Briefly explain the LVL Finance project attack
– Elaborate on the significance of the attack
II. How the attack happened
– Detail the attacker’s address and the created attack contract
– Explain the claimMultiple function of the attacked contract
III. Explanation of the vulnerabilities
– How the attacked contract didn’t clear corresponding user’s ledgers
– Why the claimed reward of the same epoch can be repeatedly claimed
IV. The attacker’s modus operandi
– How the attacker repeatedly calls the function to retrieve Level Token
– Explanation of how the attacker swapped Level Token into 3345 BNBs
V. Steps taken to mitigate damage
– Key interventions that were implemented by Beosin
– The current status of the stolen funds
VI. Discussion of the implication of the attack
– How such vulnerabilities can be addressed
– The implications of the attack on LVL Finance and the greater Binance Smart Chain ecosystem.
VII. Conclusion
– Recap of the key points discussed in the article
– Emphasis on the need for heightened security measures in blockchain

Introduction

The loss of $1 million in funds from the LVL Finance project is a significant setback for the Binance Smart Chain ecosystem. The incident not only puts into question the security measures put in place to protect blockchain protocols but also highlights the pressing need for heightened measures to ensure the safety of blockchain users.

How the attack happened

According to Beosin EagleEye, the attacker’s address is 0x61bb 12e, who created the attack contract 0xf08a629. By calling the claimMultiple function of the attacked contract 0x9770…63a, the attacker was able to continuously claim the same reward without the corresponding user’s ledger being cleared after each calculation. This allowed the attacker to repeatedly retrieve the Level token and swap it into 3345 BNBs.

Explanation of the vulnerabilities

The attacked contract was designed in a way that allowed multiple claims of the same reward, thereby permitting the exploitation of the non-clearing of ledgers. This vulnerability allowed the attacker to repeatedly retrieve the Level Token and then swap it into 3345 BNBs, leading to significant financial loss.

The attacker’s modus operandi

The attacker’s strategy involved calling the claimMultiple function using the same epoch to retrieve the Level Token, which enabled them to swap it into 3345 BNBs in multiple pairs, leading to the staggering loss. The funds have been retained in the attacker’s address (0x70319d1c09e1373fc7b10403c852909e5b20a9d5), and Beosin is still monitoring the stolen funds.

Steps taken to mitigate damage

Beosin immediately took action to mitigate the damage by identifying the attacker’s address and blocking their access to the protocol. The company also contacted the project team and alerted them of the security breach. In addition, Beosin is continuously monitoring the stolen funds to track their movement and future transactions.

Discussion of the implication of the attack

The attack on LVL Finance project is a dire reminder of the need for greater security measures in blockchain protocols. With the Binance Smart Chain ecosystem growing rapidly, such incidents could potentially jeopardize investor confidence in blockchain platforms. However, the swift response by Beosin and the project team demonstrates the importance of proactive measures to avoid similar occurrences in the future.

Conclusion

The loss of funds from the LVL Finance project is a significant setback, emphasizing the need to enhance security measures in blockchain protocols. While the incident is a sobering reminder of the risks involved in blockchain, it’s also a call to action to safeguard this transformative technology. By adopting rigorous security measures and working together to protect blockchain protocols, we can ensure the safety of all stakeholders in this space.

FAQs

1. What is the LVL Finance project, and how did the recent attack impact its operations?
– LVL Finance is a blockchain protocol that aims to create a decentralized lending platform. The recent attack severely impacted the project’s operations by resulting in the loss of $1million in funds.
2. What steps can blockchain protocols take to mitigate similar security breaches in the future?
– Blockchain protocols need to integrate rigorous security measures such as multi-signature wallets, smart contract audits, and regular vulnerability testing to avoid similar security breaches in the future.
3. What safeguards can investors take to protect their investments in blockchain protocols?
– Investors can protect their investments by conducting in-depth research on the blockchain protocol they wish to invest in, checking for frequent audits and taking security measures such as cold wallet storage of their assets.