Cyber Incident Victim: GYM Network
Date:
Jun 2022
Location:
United States of America
Summary
A cross-protocol DeFi aggregator on BNB Chain suffered a $2.1 million exploit due to a vulnerability in its GymSinglePool component, allowing attackers to illegitimately increase balances without depositing funds. The stolen assets were routed through Tornado Cash, and the native token plummeted over 50% following the breach. Despite undergoing multiple audits by security firms and utilizing an established codebase, the flaw originated in a recently deployed feature, which was subsequently identified and patched.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On June 8, 2022, the GYM Network protocol, a cross-protocol DeFi aggregator operating on BNB Chain, suffered a security breach resulting in the theft of approximately $2.1 million worth of cryptocurrency (equivalent to 7,500 BNB). The attack targeted the protocol's GymSinglePool component due to a critical design flaw that allowed malicious actors to artificially increase their account balances without making corresponding deposits. Blockchain security firm PeckShield identified the vulnerability as stemming from inadequate caller verification mechanisms within the smart contract code. Attackers exploited this weakness to illegitimately claim funds, then immediately routed the stolen assets through Tornado Cash, a privacy-focused transaction mixing service, to obscure the trail. The incident triggered an immediate market reaction, with GYM Network's native governance token (GYM) losing over 50% of its value within hours, plummeting from $0.00099 to $0.00048. Protocol representatives confirmed the breach through their community coordinator, who disclosed that the vulnerability originated in a newly deployed "Claim and Reinvest" feature implemented just two days prior to the attack.
Despite undergoing multiple security audits – including two examinations by PeckShield and CertiK – and utilizing Alpaca Finance's codebase that had reportedly undergone twenty previous audits, the protocol remained vulnerable to this specific exploit. Blockchain researcher Kyrian Alex noted the incident reflected a recurring pattern in decentralized finance, highlighting that several cloned protocols contained similar unverified caller vulnerabilities. The development team responded by identifying the root cause of the breach and implementing a fix by the end of June 8, though no recovery plan for stolen funds was detailed in initial communications. The attack underscored operational challenges in securing complex DeFi systems, even those built upon extensively audited foundational code, while demonstrating the rapid financial consequences of such exploits through both direct asset loss and secondary market value collapse.