The exploit has seen the value of its stablecoin, ℓUSD, go down to $0.00002756 in less than 24 hours. It announced to its community the entire procedure being undertaken to bring back the protocol to order.
Linear Finance is a decentralized platform for synthetic asset management and exchanges that enables users to create, curate, and perform trades on synthetic assets.
It is built on the Ethereum blockchain and enables users to create synthetic assets with unlimited liquidity.
According to Linear Finance, the attack led to the complete depletion of ℓUSD liquidity on PancakeSwap and Ascendex, causing ℓUSD’s value to plummet to zero.
The attacker minted an unlimited amount of ℓAAVE, exchanged it for ℓUSD on Linear, and sold it on PancakeSwap and Ascendex.
In response, Linear Finance swiftly took actions to safeguard the protocol, including halting specific contract functions, disabling the Linear bridge for ℓUSD, and collaborating with authorities and exchanges to identify the attacker.
The four proposals
Linear noted that the four potential solutions it’s presenting to the community are as follows:
The first proposition is to “permanently disable all current liquid assets and release all staked $LINA back to the community.”
It noted that while the advantage of this is that it will effectively write down debt for all users with a negative P-Ratio and is relatively quick to implement, it will require a manual solution taking 5–7 days to fully implement.
The next proposal is to initiate a full restoration process by using upgradable smart contracts. “We can reverse the drain of lUSD and all subsequent damage the hacker has caused by authorizing the DAO to adjust the smart contracts,” it said.
The merit is that If the damage caused by the drain is successfully reversed, all lost funds will be recovered, and users will have their balances fully restored to the state they were in at the time of the drain.
Conversely, it added that implementation will require more work that will include “determining the state before the drain using advanced on-chain analysis tools” and there are other added risks to this approach.
Its third suggestion is to carry out token redeployment. While this is similar to the previous proposal, Linear Finance said it “would snapshot the pre-exploit state, generate all-new liquid assets, including LUSD.”
Then, a claim portal will be established for users to swap from the compromised version to the new one.
While this can “effectively restore the protocol and assets to the state prior to the attack”, it requires substantial development effort, of 3 to 5 weeks, required by the technical team and the need for advanced on-chain analysis tools.
Lastly, Linear Finance wants to initiate a communication line with the attacker. “We already know who the individual is and we are making attempts to reach out to them,” it said.
The advantage is that there will be “minimized disruption, swiftly restoring the protocol minimizes user inconvenience and losses.” However, there are no guarantees for a successful negotiation with the attacker.
While apologizing to its community and assuring them of finding a solution to the problem, it said that the proposals are live on its site. Furthermore, the voting period is slated for 48 hours.
The year has been a rough one for the industry as a lot of attacks have been experienced by several protocols. As of the end of August, the total funds stolen in the space for the year was close to $1 billion.