The Defi exchange site, OptiFi, from Solana bugged. Result: access to funds is blocked and there is a very real risk of permanent loss. The bug didn’t happen after a hack, or because of poor site security, but after an update that would have gone astray.
An accident that caused great losses
Losing your funds as a result of a hack is already a big problem. But it is a thousand times worse if you lose your funds as a result of mishandling. The OptiFi team had a bad experience. In fact, the developers have bugged their own platform after updating. At the end, the loss is $661,000 in USDC. Admittedly, this isn’t the worst loss recorded this year, but it’s certainly one of the heaviest.
To go back to the chronology of events, the team updated their program code on August 29 at approximately 06:00 UTC. The goal was to update the OptiFi program on the main Solana network. However, the agent in charge of the operation is used accidentally the “deploy anchor” command. to deploy the program on the main network. It took longer than usual, probably due to network congestion. They then launched the “solana close programme” to try to stop the process. The result of the races: the OptiFi program was terminated as a result.
The network is completely blocked
By launching the wrong program, the mains automatically crashed and, unfortunately, can no longer be recovered. Almost 661,000 USDC are therefore blocked in the PDAs. According to the team, 95% of the bleeds involve 3 OptiFi staff. In particular, they insisted that they would refund all users’ funds.
Unbeknownst to him, the developers managed to completely destroy their own DeFi platform. They obviously tried to interrupt the order before he sent a message back. But, A new buffer account was created in the meantime, but was not used. They tried to close the new buffer account and recover the balance first, but it didn’t work. The mainnet is shut down, and the data is no longer recoverable.
Can the situation be rectified?
True, the funds are no longer recoverable. However, it is still possible to reduce the breakdown according to the team. this, through implementation of a Platform monitoring peering and separation of capital pools (MAFs) from the main register. This will reduce the impact of errors.
Warnings will also be placed in the user documentation. This is added two-step confirmation for closing a program in the CLI interface. The developers have learned from their mistakes. They are now trying to build a new, safer DeFi platform for users who continue to trust them. The OptiFi team said the incident report will be posted later. In the meantime, she apologizes profusely to the users of the platform again. In particular, those who are affected in some way by their mistakes.
More information: 112 OOO computers infected by cryptominer via fake Google Translate app!