Osmosis, a decentralized exchange (DEX) built on the Cosmos network, was halted just before 3:00 am EST on Wednesday after attackers exploited a liquidity provider (LP) bug to the tune of roughly $5 million.
The bug was first identified in a Reddit post on the official Cosmos Network page. The user, Straight-Hat3855, brought attention to a “serious problem” with Osmosis (OSMO) that allowed users to arbitrarily grow LPs by 50% simply by adding and removing liquidity. The Reddit post was quickly removed, but not before malicious actors took advantage of the bug, which saw approximately $5 million removed from liquidity pools on the Osmosis exchange.