Osmosis DEX

On June 8, 2022, Osmosis, a decentralized exchange built on the Cosmos SDK, was exploited for approximately $5 million due to a critical bug in its liquidity pools, as reported by The Block. Detected at 22:49 EST, the attack prompted developers to halt the Osmosis blockchain at block height 4,713,064, two blocks after the exploit, per Mintscan. The bug allowed users to withdraw 50% more than their deposited liquidity without a bonding period, enabling an attacker to repeatedly deposit and withdraw OSMO tokens for profit. Starting with 26 OSMO, one exploiter gained 13 OSMO in their first transaction and, in another instance, turned 101,230 OSMO into 151,084 OSMO in 30 seconds, repeating the process 30 times across multiple accounts, netting ~70,000 ATOM (~$600,000) and other assets, per Mintscan. Osmosis, with $212.77 million in total value locked per DefiLlama, saw its TVL drop 1% post-hack, as noted by The Block. A Reddit user alerted developers, but the thread was removed, per Twitter (@osmosiszone). The team confirmed liquidity pools were not fully drained, fixed the bug, and worked on recovery, with no funds recovered by June 2022. One of 295 DeFi hacks in 2022 costing $3.1 billion, per Chainalysis, the incident fueled calls for rigorous smart contract audits, bonding period enforcement, and real-time transaction monitoring to secure DeFi platforms.