Cyber Incident Victim: Osmosis

On June 8, 2022, attackers exploited a liquidity provider (LP) bug in Osmosis, a decentralized exchange on the Cosmos network, resulting in approximately $5 million in losses. The vulnerability was first publicly identified in a Reddit post on the official Cosmos Network page by user Straight-Hat3855, who demonstrated how adding and removing liquidity could artificially inflate LP shares by 50%. Despite the post's rapid removal, malicious actors had already leveraged the flaw before Osmosis halted operations at block height 4,713,064 just before 3:00 am EST on June 8. Project moderator RoboMcGobo confirmed the bug enabled attackers to receive 150% returns on deposits instead of the intended 100% by exploiting the LP share calculation error. Four primary attackers accounted for 95% of the stolen funds, with two parties voluntarily returning portions of their gains shortly after the incident.

The exploit prompted immediate operational countermeasures, including the temporary suspension of the Osmosis exchange to prevent further abuse. FireStake validators publicly admitted to exploiting the bug to extract approximately $2 million and returned the funds following community pressure. Another unidentified attacker also returned stolen assets voluntarily, while the remaining two malicious actors transferred funds to centralized exchanges, enabling Osmosis co-founder Sunny Aggarwal to initiate tracking efforts through those platforms. The incident triggered widespread community demands for restitution from the perpetrators, though specific recovery mechanisms beyond voluntary returns were not detailed in initial reports. Financial impacts included direct losses from the $5 million exploit and operational disruption due to the exchange halt, though the partial recovery of $2 million mitigated total damages. No additional technical details about the bug's root cause or long-term protocol changes were disclosed in the immediate aftermath.