Gamma Strategies Saga: A $3.4 Million Crypto Heist

In the dynamic world of decentralized finance (DeFi), security breaches are a harsh reality. Gamma Strategies, a leading DeFi protocol, recently faced a cyber attack that led to the theft of digital assets worth millions.

The Heist

On January 4, 2024, at 3:42 AM +UTC, Gamma Strategies noticed a tweet indicating an exploit implicating Algebra Finance. After a quick investigation, they realized that select Gamma vaults were being exploited. The attack had a recognizable pattern of attacking their stablecoin and pegged asset (LST) vaults on Arbitrum across Uniswap, Camelot, and Ramses. The compromised vaults resulted in total losses of approximately $6.18 million. The attackers exploited a defect in Gamma’s deposit proxy configurations to exploit the aforementioned stable and LST vaults. The main issue has to do with the deposit proxy settings placed on the price change threshold. It was placed too high, allowing for a -50% / +100% price change on certain LST and stablecoin vaults.

The Response

Gamma Strategies immediately restricted vault deposits to mitigate the attack vector. They also joined a “war room” chat, where they could communicate and seek help from various partners, security professionals, and stakeholders. This group was invaluable in keeping a clear line of communication with their community. The first response they took was to immediately restrict vault deposits to mitigate the attack vector. Because the attack vector relied on the ability to make deposits into the pool, restricting vault deposits on every public-facing vault was a broad but effective means of nullifying the attack any further.

Exploit Costs

The compromised vaults and their losses are as follows:

  • gDAI-DAI 0.01% (Uniswap — Arbitrum) Vault: Losses of ~ $2.74M
  • wstETH-WETH (Camelot — Arbitrum) Vault: Losses of ~ $771K
  • USDT-USDC.e (Camelot — Arbitrum) Vault: Losses of ~ $1.357M
  • USDC-USDC.e (Ramses — Arbitrum) Vault: Losses of ~ $1.313M

The total losses amounted to approximately $6.18 million. The attackers exploited a defect in Gamma’s deposit proxy configurations to exploit the aforementioned stable and LST vaults.

Exploit Methodology

The exploiter exposed a defect in Gamma’s deposit proxy configurations to exploit the aforementioned stable and LST vaults. The main issue has to do with the deposit proxy settings placed on the price change threshold. It was placed too high, allowing for a -50% / +100% price change on certain LST and stablecoin vaults. This enabled the attacker to manipulate the price and mint an unusually high number of LP tokens.

Looking Ahead

Despite the setback, Gamma Strategies remains committed to its mission. The team is working tirelessly to enhance their security measures and prevent such incidents in the future. A key aspect of their recovery plan involves obtaining a third-party code review. This is to ensure that the vulnerabilities exploited in the attack are thoroughly addressed before any resumption of deposit services. In addition, the protocol is committed to prioritizing the recovery of affected users, ensuring minimal long-term impact from this incident. The company has extended its apologies to those impacted by the breach and pledged to release a detailed analysis of the incident along with a well-formulated remediation plan.

Categorized in: