Blueberry Protocol attacked via inconsistent logic for token price

Blueberry Protocol attacked via inconsistent logic for token price Blueberry Protocol attacked via inconsistent logic for token price

BlockSec recently confirmed that the Blueberry Protocol was attacked over X/Twitter.

The blockchain security platform suspects that the attack occurred via inconsistent token price normalization logic. The process involves a mismatch between the different price sources and their normalization methods.

At the same time, Blueberry Protocol also released a set of tweets to confirm the news. The DeFi platform informed users about an ongoing exploit. Blueberry was informed about the breach by Peckshield, another renowned blockchain security firm.

The attack caused the front end of the platform to go down. Blueberry strongly suggested users withdraw their assets if they could interact with the contracts directly. In a later statement, Blueberry confirmed the identity of the guilty party.

Advertisement

Named coffeebabe_eth, the account was not on X/Twitter or other social platforms. The platform confirmed that the drained funds were safe in the Blueberry multisig. The only money missing was the validator payment.

Blueberry has been in constant communication with comms and security professionals. The DeFi protocol will soon reach the validator to return the remaining 91 Ether. As expected, the breach caused Blueberry to pause the platform until further notice.

The platform will also release a complete post-mortem covering the breach soon. For now, Blueberry has confirmed that the total drained assets were 457.684573171942049193 (TX profit) and 1 (leftover value as bWETH).

Similarly, the costs/fees related to the transaction were 0.093022519261676367 (Gas Fees) and 91.038300317166143134 (Validator Payment).

The total assets returned to multisig are 366.6462729 ETH. The breach has affected the markets for USDC, BTC, and OHM. Every other market is unaffected by the exploit and is operating as usual.

Advertisement

While the news startled the community, the majority supported Blueberry for promptly acting and securing most of the funds. Users are now awaiting how the DeFi protocol will interact with the validator to close the situation.