Trader Uncovers $2.5 Million Price Manipulation Attack on Synthetix

Trader Uncovers $2.5 Million Price Manipulation Attack on Synthetix

Share this article

DeFi player Synthetix reportedly suffered market manipulation attacks on its platform late last year. The incident emphasizes the need for better oracles and infrastructure around decentralized finance.

Synthetix Latest (or Earliest) DeFi Platform to Suffer Exploit

According to a Medium blog post published Mar. 3, Ethereum-based DeFi platform Synthetix suffered targeted attacks between Nov. 30 to Dec. 26 last year.

The report calculated losses of the manipulation attacks at roughly $2.5 million for Synthetix (SNX) token holders. The synth MKR pairs, sMKR and iMKR, were targeted, with low spot MKR market liquidity providing the traders with the attack opportunity.

The Trades in Question

The trades involved buying sMKR on Synthetics and MKR on a number of centralized and decentralized exchanges to raise the price. Once the price had risen, the attackers returned to the Synthetix platform to take advantage of the manipulated price by selling synthetic MKR long tokens sMKR for iMKR, taking a short MKR posture.

MKR were then sold to lower the price. Once the new price was reflected on the Synthetix platform, the trade could then be executed again. Trading was halted by the Synthetix team on Dec. 26, with SNX holders losing just under 3,000 sMKR tokens.

Crypto Briefing attempted to reach out to the Synthetix team for clarification. Synthetix did not dispute that the events took place, but argued the losses were smaller, and more in line with just under $1.5 million. The discrepancy can be put down to the difference in MKR prices today compared to when the incidents took place.

Price Manipulation the Underlying Vulnerability

The common attack vector in the DeFi subsector of cryptocurrency markets has been the ability to manipulate prices, suggesting price oracle problems among DeFi entities. The problem is particularly acute when liquidity is low. 

bZx suffered two attacks inside of one week mid-Feb. One involved a trader opening a 5,000 ETH wBTC short position on the platform and crashing the wBTC price on the marketplace from which bZx’s oracle took pricing data. bZx uses a sole source, Uniswap, for price data, leaving it vulnerable. Liquidity on Uniswap was low enough for the trader to affect prices.

The series of attacks over the past two months suggests DeFi remains vulnerable until there is greater development around the infrastructure that supports it.

Share this article

Loading...