ChainCatcher message, Wombat Exchange posted on X that it has received reports that the DEX Velocore on the ZKsync chain has forked Wombat's design without authorization. Please proceed with caution, as unauthorized copies may pose risks.

ChainCatcher message, Velocore stated on X that after the recent exploitation incident, most of Velocore's functionalities have been disabled to prevent further losses, leaving only the withdrawal function. The front-end exchange was unable to correct the imbalance and de-pegging of the stable pool through arbitrage, resulting in additional losses for LPs.On the Linea chain, since the admin privileges of the Diamond Proxy contract have been revoked, we can only change the exchange rate to zero and cannot make fundamental updates. This requires us to prevent further potential damage and provide a unified withdrawal method for all users. Upon re-examining the contract, we discovered another vulnerability that could lead to the theft of all assets. To mitigate this risk, we conducted a white-hat operation and securely deposited the assets into a separate Safe vault. Affected LPs can now claim funds based on the LP snapshots of the relevant blocks.The Telos chain was not attacked and was patched without waiting for a time lock. Assets will be returned 1:1 to their owners, unrelated to the overall LP compensation. Efforts are underway to accurately capture snapshots and update the claims functionality accordingly. Regarding compensation for LP victims from the previous exploitation, it will be decided by community vote whether to restart or liquidate. All remaining assets will be consolidated into a single vault for collective decision-making.

ChainCatcher message, Velocore announced on social platforms the launch of ZK airdrop claims for ZKsync users. The official statement indicates a 100% protocol airdrop, along with an allocation of 100,000 tokens for developer wallets, added to the initial compensation pool. Although this may not be enough, further injections into the compensation pool will continue once the funds are in place. Please refer to the official claim website.Previously, Velocore may have been attacked on the zkSync and Linea chains, resulting in all LPs being exhausted. It is reported that veDEX is based on zkSync Era and Linea's veDEX.

ChainCatcher message, Velocore has released an update on the recent security incident on platform X: "For the safety investigation, we cannot share all information on social media, but based on on-chain/off-chain logs and interactions with multiple protocols, we are tracking with security partners and continuing negotiations through on-chain messages.We still have more sources of information, and as the investigation progresses, we will release more announcements.We will upload snapshots of the pre-attack state to the GitHub repository. In Linea, there will be two snapshot blocks, as different trading pairs were involved in two separate transactions. Additionally, although it is not directly related to LP, snapshots are also being taken for voters and holders who suffered losses due to the sell-off. This snapshot will serve as a benchmark for future liquidation or restart."Previously, Velocore released a vulnerability incident analysis report. Velocore experienced a security vulnerability incident on June 2, resulting in a loss of approximately $6.8 million worth of ETH. The root cause of this vulnerability was a flaw in the Balancer-style CPMM pool contract.

ChainCatcher message, yesterday the Ethereum L2 chain Linea temporarily stopped block production and paused the operation of the sequencer after being hacked on Velocore. In response, Slow Mist founder Cosine posted on the X platform: "It is understandable in the early stages to stop losses for an ecological project that has been hacked and choose to pause the L2 and blacklist related addresses, but as time goes on, it becomes less and less possible, and the need for the impossible grows. The challenges of security and trust are indeed that great."

ChainCatcher news, according to information from Velocore communicating with the hacker on-chain, if the hacker returns the remaining funds before 4 PM Beijing time on June 3, they are willing to offer a 10% white hat bounty. The hacker has not yet responded.Previous news, Velocore released a vulnerability incident analysis report, stating that the protocol encountered a security vulnerability on June 2, resulting in a loss of approximately 6.8 million dollars worth of ETH.

ChainCatcher message, Linea has released a Velocore event update on platform X, noting that current network security only affects third-party DApps. During the attack, the operation of the sorter was suspended due to the inability to contact the Velocore team temporarily.Linea emphasized: "Most L2s, including Linea, still rely on centralized technologies to operate, which can be used to protect ecosystem participants. The core value of Linea is a permissionless and censorship-resistant environment, so our decision was not made lightly."

ChainCatcher message, Velocore released a vulnerability incident analysis report, indicating that the protocol encountered a security vulnerability on June 2, resulting in a loss of approximately 6.8 million dollars worth of ETH. The root cause of this vulnerability is a flaw in the Balancer-style CPMM pool contract. The main reason for the incident is a logical error in the "velocore__execute()" function of the ConstantProductPool, and measures have been taken to ensure that this vulnerability cannot be exploited again.The platform is currently actively investigating and tracking the hacker, while attempting to conduct on-chain negotiations and requesting cooperation from various protocols and trading platforms to investigate the activities of the attacker. They are also maintaining close communication with security partners and the foundation.For the affected users, the platform has taken a snapshot before the incident occurred. Once operations are restored, an appropriate compensation plan will be implemented to address the losses suffered by users.

ChainCatcher message, Velocore stated that the team has identified the root cause of the hacking incident and has taken measures to prevent imitators from using the same method (to carry out attacks). The team is coordinating with other security partners to determine the appropriate time to release the post-incident analysis article.Meanwhile, all buttons except for withdrawals have been disabled. The Telos side has not been affected and will be restored after the release of the post-incident analysis article.

ChainCatcher message, Velocore posted on platform X: "There are many comments under our tweet, but none of them are from official accounts. Any messages offering refunds and directing you to external links or asking you to contact via DM/email are scams. Please only refer to the official X account tweets and Discord links."Previously, Velocore confirmed on platform X that its protocol had been attacked, resulting in significant liquidity loss.Afterward, Velocore posted on platform X that it has identified the exploit mechanism and is establishing an on-chain negotiation process to track the exploiters using the clues left behind. Velocore on the Telos mainnet was not affected.

ChainCatcher news, according to Ember monitoring, Velocore hackers transferred the stolen 1807 ETH to Tornado Cash 45 minutes ago.

ChainCatcher message, Velocore tweeted that they have identified the vulnerability attack mechanism and are establishing an on-chain negotiation process. Post-incident analysis is ongoing. They are tracking the attacker through the clues left behind.In addition, Velocore on the Telos mainnet was not affected, and the team is working with the foundation while functionalities are frozen.

ChainCatcher news, according to on-chain analyst Yu Jin's monitoring, the DEX Velocore deployed on zkSync and Linea was suspected to have been hacked 4 hours ago, with users' LP stolen.The hacker converted all stolen assets into ETH and then transferred the ETH to the Ethereum mainnet via a cross-chain bridge. Currently, the hacker has transferred all ETH to the address 0xe40...2b3, totaling 1807 ETH (approximately 6.88 million USD).Earlier reports indicated that Velocore was suspected to have been attacked on the zkSync and Linea chains, leading to the depletion of liquidity.Subsequently, Velocore confirmed on the X platform that its protocol had been attacked, resulting in significant liquidity loss. Its CPMM pool has been affected, but the stable pool remains unaffected, allowing funds to be withdrawn from the stable pool.Additionally, the Velocore team is collaborating with security teams and foundations and has requested CEX to freeze the stolen assets. Velocore will continue to take all necessary measures to address this issue.

ChainCatcher message, DEX protocol Velocore confirms that the protocol has been attacked, resulting in significant liquidity loss. The protocol's CPMM pool has been affected, but the stable pool remains unaffected, so funds can be withdrawn from our stable pool.Additionally, the team is working with security teams and the foundation and has requested CEX to freeze the stolen assets.According to previous reports, Velocore was attacked on the zkSync and Linea chains, resulting in a loss of approximately 10 million (USD).

ChainCatcher message, SlowMist founder Yu Xian posted on X platform: "Velocore seems to have been hacked, the losses look significant. An analysis of the reasons is underway."According to the retweeted post, Officer's Notes revealed that Velocore may have been attacked on the zkSync and Linea chains.