- DeFi exchange Level Finance has lost more than $1 million to an exploit due to a bug in its smart contract.
- The DEX has assured that the exploit was isolated and that liquidity providers and DAOs remain unaffected.
- Level Finance’s native token LVL tanked as much as 50% following the exploit.
Level Finance, the decentralized crypto derivatives exchange built on the BNB Chain, has been exploited to the tune of over a million dollars. The attacker reportedly exploited a vulnerability in one of the DeFi exchange’s smart contracts, which allowed them to extract $1.01 million worth of crypto assets from the platform.
Level Finance took to Twitter earlier today to share the news of the exploit with its community. The attacker drained 214,000 of the exchange’s native LVL tokens to their address, which was later swapped for 3,345 BNB worth over $1 million.
According to blockchain security firm PeckShield, the security breach occurred due to a bug in Level Finance’s LevelReferralControllerV2 contract which allowed the exploiter to make repeated referral claims from the same epoch. The referral program was shut down by the exchange following the exploit.
DeDotFiSecurity revealed on Twitter that the attacker created an unverified contract seven days ago to exploit Level Finance. The security platform reported that the contract’s delegate function was used by the attacker to withdraw the LVL tokens from the DeFi exchange. Level Finance clarified that the exploit was isolated from other contracts. The exchange also informed that its liquidity providers and DAO treasury were unaffected by the exploit.
While Level Finance managed to contain the damage of the exploit, its native token LVL took a significant hit. The token tanked as much as 50% in the immediate aftermath of the exploit, going from $8.4 to a 3-week low of $4.2. LVL recovered to $7.7 by press time. Opportunistic traders rushed to trade the token after the exploit, leading to an 864% surge in its daily trading volume.