A hacker recently stole over $1 million from the Levana protocol, highlighting the security challenges within cryptocurrencies. Let’s see all the details below.

The security challenge in crypto protocols: the Levana protocol fraud

As anticipated, in a thread on X, Levana reported that an attacker stole around 10% of her cash reserves, causing a loss of $1.14 million.

The decentralized finance startup has suffered a security exploit , revealing that the attack began 14 days ago. Specifically, orchestrated by seven wallets controlled by a single attacker.

Levana said the attacker initially drained approximately 4% of its liquidity providers, subsequently increasing by a further 5% “until the protocol closes from opening new positions.”

The team clarified that the problems encountered arise from fundamental issues in Tendermint and Cosmo SDK . The Pyth Oracle, although involved in the attack, has no known vulnerabilities.

An alleged attacker launched a congestion attack on the Osmosis chain, preventing Levana users from interacting with the markets for a foreseeable period.

The protocol stated that the incident was caused by an “oracular attack”. However, now resolved, ensuring that traders’ positions and profits are safe, and closing of positions is occurring regularly.

Recall that, founded in 2021, the Levana protocol is a decentralized perpetual trading system that enables leveraged positions for cryptocurrencies.

Catalyx Exchange Also Suffers Security Breach: Investigation Underway

Recently, Canadian crypto exchange Catalyx also had to stop all trading, deposits and withdrawals following a recent security breach.

The incident compromised an undisclosed amount of customer funds, leading CatalX CTX Ltd., the organization behind the exchange, to launch an internal investigation. 

The goal is to determine the extent of the violation and identify possible perpetrators, including the potential involvement of an employee.

The investigation, which is currently ongoing, is examining various aspects, including the possibility of insider involvement in the incident.

Canadian regulators took action. The Alberta Securities Commission which issued a 15-day freezing order on Catalyx, restricting trading in crypto contracts.

The freezing order is in effect until January 5, and Catalyx CEO Jae Ho Lee said it is complying with the regulatory directive in response to the security breach.

Brief focus on blockchain security report in 2023

Over the course of the year, Mixin Network, Euler Finance, Multichain and several other protocols suffered hundreds of millions of dollars in asset losses, blockchain security platform Immunefi’s December 2023 report said . 

The report indicates that a total of $3 billion was lost to hacker attacks and web scams over the course of the year. 17% of these losses are attributed to the Lazarus Group , an organization with ties to North Korea.

The biggest hack of the year, in terms of losses, was the one on the peer-to-peer trading platform Mixin Network, which caused losses of more than $200 million for cryptocurrency investors.

In second place was the $197 million exploit on the Euler Finance lending platform , followed by the $126 million hack of the Multichain cross-chain bridge protocol.

Despite a 52% reduction from the previous year, the overall losses of $1.8 billion still show a significant impact.

The vast majority of losses came from hacks rather than fraud, with only $103 million attributed to clearly identifiable fraud schemes, such as rug pulls.

Over $1.6 billion was lost to attacks and exploits, with the majority of losses ($1.3 billion) coming from protocols claiming to be decentralized.

The report also indicates that only $409 million was lost from centralized finance (CeFi) crypto protocols.