Earlier this month, the cryptocurrency community faced a significant challenge as two connected wallets executed attacks on the qcKUJI-KUJI pair, leading to forced liquidations and excessive borrowing of KUJI against qcKUJI. The attacks involved a new Kujira address funded anonymously via the Secret Network, allowing the attackers to manipulate market prices severely by exploiting the price feed mechanisms.
The attackers utilized an abnormal exchange rate to swap KUJI for qcKUJI, significantly diverging from the standard rates provided by the Quark protocol. This manipulation enabled them to profit from liquidations and borrowings at these inflated prices, creating a ripple effect across the market.
GHOST Oracle Resolution Report
Earlier this month, two attacks by connected wallets manipulated the price of qcKUJI-KUJI to force liquidations, and forced excessive borrowing of KUJI against qcKUJI.
Both of these issues were rectified and the losses incurred were refunded.…
— Kujira 🉐 (@TeamKujira) April 17, 2024
Actions and Rectifications
Upon detection, immediate measures were implemented to mitigate the impact and prevent further exploitation. The developers addressed the vulnerabilities by deploying several patches and security updates. These included enhancing the liquidity of the qcKUJI/KUJI FIN trading pair, fixing a critical bug in the LSD strategy that affected price balancing, and reducing borrowing limits to curb potential abuses.
Further, improvements were made to the price feeder software used by all validators, enhancing the reliability of price reporting under unusual order book conditions. These changes are part of a broader effort to fortify the system against similar attacks in the future.
The GHOST Oracle team has taken a transparent approach in disclosing these issues to ensure the community is aware and can remain vigilant. They emphasized the importance of not announcing the breach immediately during its occurrence to avoid guiding potential copycats in exploiting the vulnerabilities.
By waiting until the system’s integrity was confirmed secure and all patches were thoroughly tested, the team ensured that sharing the information would not expose any lingering vulnerabilities. In their report, the team expressed gratitude towards the community for its support and patience during these challenging times. They reassured users that the measures taken were both swift and effective, emphasizing their commitment to learning from these incidents and continuously improving security protocols.