DeFi Protocol Hacker Returns $1.6M Following Pricing Oracle Glitch

Fibo Quantum

The attack occurred after upgraded its price feed to relay data from a Chainlink pricing oracle as opposed to a time-weighted average price (TWAP).’s code, which was audited by PeckShield, contained an error and returned a number with too many zeros behind it. That meant the attacker was able to deposit one GMX token, worth around $70, effectively tricking the system into allowing infinite borrows, according to a postmortem published on’s Medium page. There was no issue with the Chainlink oracle itself.

Wood Profits Banner>