Key takeaways:
- US$8 million loss from the Synapse Protocol hack.
- The bridges are responsible for token switching and are at the centre of the Protocol.
Synapse Protocol (SYN) is a fully decentralized cross-chain bridge notable for its native token, the SYN token. The “Synapse Protocol was exploited and lost approximately US$8 million,” according to a tweet by well-known Chinese crypto writer Colin Wu.
In the crypto sector, Synapse was launched as a platform to eliminate the need for a centralized exchange in the DeFi business, allowing consumers to act as their own banks. However, it appears that the recent breach demonstrates the opposite.
According to news from the chain, as per a Twitter user Mempooler, the asset bridge developed by the cross-chain protocol Synapse Protocol is alleged to contain a flaw. As a result, the attacker was able to control the price of USD and profited around $8 million.
The bridges are at the crux of the Protocol and are in charge of token swapping.
The network was paused earlier today after a malicious actor tried to exploit an AMM contract vulnerability. Swift action ensured no LP funds were lost, and the bridge is now fully back online.
The fault, according to @ricosoon, was not with the bridge or the bridge contracts. Instead, the problem was with implementing the AMM contracts, which “a few different stableswaps used, forked from the Saddle.”
The hacker attempted to relocate the money by changing them into USDC while the validators were offline, according to a statement made by the developers on their Discord channel. When the problem was discovered, the AMM contracts were all disabled to prevent the vulnerability from spreading.
Discord: http://discord.gg/synapseprotocol
@SynapseProtocol tweeted,
@saddlefinance, an automated market maker specializing in pegged value crypto assets like tokenized bitcoin and stablecoins, was also alerted by the Protocol, and its bridges were also closed. As a consequence, “the validators, by consensus, are now electing not to process this transaction as it was malicious against LPs and the network as a whole:~ $8 million will therefore not be minted to the attackers address on the destination chain.”
The attacker’s funds are still on the bridge right now. However, the imbalance of the Avalanche pool is currently being assessed, and the bridging service has been discontinued, according to Aurelius, a key member of Synapse, who announced this on Discord.
The Synapse developers appear to have regained control of the situation, as they seek to re-deploy the pools ‘to an older, less-complex version’ of the bridge contracts, re-enabling liquidity, buying time to resolve the problem, and restarting the original bridges.
