Velocore, a decentralized commerce (DEX) built on Consensys’ zero-files Ethereum Digital Machine (zkEVM) and Topic Labs’ zkSyncEra, saw an exploit on all volatile pools on June 2.

The personnel within the advantage of the DEX estimated that the protocol lost approximately $6.8 million value of ETH after the exploiter took benefit of vulnerabilities in its Balancer-type CPMM pool contract. They additionally eminent that the exploit used to be queer to volatile pools, and all stable pools remained safe.

The Linea personnel used to be alerted to the exploit by blockchain safety company Hexagate, and deployed ecosystem safety measures to mitigate hurt from the exploit. Those measures incorporated halting the blockchain sequencer to dwell extra funds from being bridged out.

🔊Update on Velocore Incident

The Velocore DEX used to be exploited. Our teams had been the expend of our ecosystem safety measures to mitigate the hurt from this attack. Extra files on this thread.

Linea community stays valid, this most realistic affected a Third celebration dapp.

— Linea (@LineaBuild) June 2, 2024

“700ETH moved off Linea by ability of a Third celebration bridge. It used to be the heart of the night time, Velocore used to be peaceable weak and we couldn’t rating ahold of their personnel,” mentioned the Linea personnel on X.

Linea stopped producing blocks for spherical an hour between block 5081800 and 5081801, wherein time the hacker’s wallet contend with used to be censored, and the attacker used to be additionally steer clear off from selling gigantic amounts of ETH.

The Linea personnel additionally gave the affect to anticipate criticism from proponents of decentralization, explaining its resolution to dwell block production used to be in benefit of safety customers and builders within the ecosystem.

“Be pleased other L2s, we’re peaceable within the ‘coaching wheels’ fragment of existence, giving us safeguards to make expend of,” mentioned the Linea personnel.

“Most L2s, alongside with Linea, peaceable count on centralized technical operations which might perhaps maybe very properly be leveraged to supply protection to ecosystem contributors. Linea’s core value is a permissionless, censorship-resistant environment so it used to be now now not a resolution we took flippantly.”

Meanwhile, the Velocore personnel is engaged on monitoring down the exploiter, however plans to reimburse the affected customers once operations resume.

Root reason has been identified already, and measures had been taken to dwell copycats from the expend of the identical methodology. We are coordinating with other safety partners to select the factual time to liberate the put up-mortem article.
Within the period in-between, all buttons with the exception of for withdraw… pic.twitter.com/FF4p8sE16I

— Velocore | veDEX on zkSync Period / Linea ▪️ (@velocorexyz) June 2, 2024