DeFi Protocol Visor Finance Restores Full User Position Value After $500k Exploit
Decentralized finance (DeFi) protocol for liquidity management that is building on popular DEX Uniswap V3, Visor Finance was exploited over the weekend for $500,000.
Last month, Visor began active liquidity management on Uniswap v3 after releasing its NFT Smart Vault that allows DeFi participants to deposit assets and permission them for use on various protocols.
On Saturday, an attacker obtained access to an account that managed some of the Hypervisor admin function, and they were able to withdraw funds from deposits that were not yet placed into LP position.
The attacker withdrew only $500k from a TVL of $3 million. The team noted in the incident report,
“The attacker was not a member of the team and appears to have lacked a full understanding of our emergency withdrawal safeguard. Stolen funds were thus limited to un-positioned assets, and thus the $500k number was not arbitrary.”
The team has restored user position values of each hypervisor through its treasury funds.
The team further explained their intentional restrictive approach to the Beta launch that included a very small whitelist and capping deposits at $5k per account.
“Our mistake was not using a multisig account for all admin functions of the Hypervisor,” which has now been corrected.
Its token VISOR (VISR), which has a market cap of nearly $11 million, is trading at $0.430, down 62.8% in the past 7 days. Just two months ago, it hit its all-time high at $4.11 and is currently down 89.5% from it.