Nearly $1.1M stolen in Level Finance hack

BleepingComputer reports that Level Finance has lost nearly $1.1 million worth of LVL tokens in a hack that involved the exploitation of a smart contract vulnerability just after the decentralized perpetual exchange underwent two security audits. No impact has been reported to Level Finance's liquidity pool and DAO treasury but the attack has prompted an almost 50% decline in LVL token value, according to Level Finance, which also noted that the exploit has not affected other contracts. Both PeckShield and BlockSec noted the presence of a logic vulnerability in the compromised "LevelReferralControllerV2" smart contract's claimMultiple functionality, which enabled repeated claims of referral rewards within the same time period. "Specifically, the claim reward was determined by the tier of referral and reward points, hence the attacker made the following preparation: 1) creating and setting many referrals; 2) using flashloan to perform dozens of swap (the reward was updated in the postSwap function)," said BlockSec in a tweet.