Osmosis Decentralized Exchange (DEX) in the Cosmos ecosystem has been exploited.
A critical error in the liquidity pools led to about $5 million in theft. The core development team and network validators stopped the chain.
The vulnerability was first spotted by a Reddit user who warned in an already deleted post that if someone added funds to the Osmosis pool and deleted it, the position would somehow be increased by 50%.
Onchain transactions show that before the network was shut down, users had already started using the bug to withdraw funds from Osmosis.
“The liquidity pools have NOT been completely depleted. The developers are fixing the bug, estimating the size of the loss (probably in the ~$5 million range), and working on recovery,” reads the official statement from the Osmosis team.