Sophisticated Trading Bot Exploits Synthetix Oracle, Funds Recovered

When Ethereum-based synthetic asset issuance platform Synthetix, which allows users to mint and trade synthetic currencies in a peer-to-peer fashion, lost track of more than 37 million synthetic Ether (sETH) on June 24, the company stopped all trading on its platform. While users only lost trading access for 24 hours, the event led to trades with 1,000x profits equalling $1 billion in less than an hour. The Australian-based company’s synthetic currencies provide access to the value of certain currencies, including Bitcoin and Ether. The platform says it makes it easy for users to hold Bitcoin and Ether, without needing a crypto wallet. 

Synthetix crypto-backed synthetic asset tokens are priced against the euro, Japanese yen, Korean won, Australian dollar and gold. Launched in the summer of 2018, Synthetix also has a stablecoin that tracks the United States dollar. Since Synthetix users trade assets that are representations of their underlying assets and track the prices of those assets, if a user trades sUSD into sBTC at $10,000 per BTC and the price goes up to $12,000 per BTC, they can trade that back into $12,000 of sUSD, making a profit of $2,000 sUSD.

The idea of synthetic digital currencies is not exclusive to Synthetix. Abra offers a service whereby users can receive exposure to any fiat currency (e.g., USD, EUR, PHP) or cryptocurrencies other than Bitcoin (e.g., XRP, DGB) that Abra supports via smart contracts on the Bitcoin and Litecoin networks. If a users deposits 1 BTC into an Abra wallet and then decides to buy 10 XRP with it, Abra creates a smart contract guaranteeing the right to 10 XRP. The user can then exchange the 10 XRP back into BTC, and Abra calculates the amount of BTC the user gains.

An oracle is to blame

Essentially, oracles are used in blockchains to verify real word information and then report back the finding to the blockchain, triggering an implementation of smart contracts. In this case, a Synthetix oracle, responsible for providing external data to Synthetix’s smart contracts, transmitted false data on June 25, which a bot took advantage of. No funds were really “lost,” according to the company. One bot owner's balance was inflated due to an incorrect sKRW price feed, which he then converted into an inflated amount of sETH. According to Kain Warwick, the founder of the platform, all the sETH were recovered, and the situation has since been resolved. The company contacted the owner of the arbitrage bot that unintentionally hacked the oracle and agreed on a bounty deal with him in order to return the funds. Warwick told Cointelegraph:

“It was a tense negotiation, but because the profit they had made in these trades is backed by SNX collateral there was insufficient collateral to cover the profits, so there would have been no way to cash out these gains. We paid them significantly more than our largest open bug bounty which is $2k, but significantly less than their nominal profit of several billion dollars.” 

The most surprising thing was the level of sophistication the bots employed to target the oracle. According to Warwick:

 “While there have been bots using the system for several months now, recently they have improved significantly. This particular bot was able to take advantage of the mispricing issue immediately, and exploit it repeat