Skip to content
Est. MMXXVIVol. VI · № 273RSS
Blockchain Breaches

An archive of cryptocurrency security incidents — hacks, exploits, bridge failures and rug pulls, documented with on-chain evidence.

Dossier № 109Oracle Manipulation

Sovryn Lending Pool Manipulation

$1.1M drained from Sovryn, a Bitcoin-DeFi protocol on RSK, via AMM/oracle price manipulation that let the attacker borrow against inflated collateral.

Date
Victim
Sovryn
Chain(s)
RSK
Status
Partially Recovered

On October 21, 2022, Sovryn — a DeFi protocol built on RSK (Rootstock), the Bitcoin-sidechain smart-contract platform — lost approximately $1.1 million through a price-manipulation attack on its lending pool. The attacker manipulated the AMM-derived price feed Sovryn used for collateral valuation, then borrowed against the inflated value.

What happened

Sovryn provides margin trading, lending and AMM functionality on RSK, with assets bridged from Bitcoin. Its lending markets valued collateral using AMM-derived prices from Sovryn's own liquidity pools.

The attack followed the canonical oracle-manipulation pattern:

  1. The attacker manipulated the relevant Sovryn AMM pool price by trading into it with sufficient capital.
  2. The lending market's collateral valuation, reading the manipulated pool price, over-valued the attacker's collateral.
  3. The attacker borrowed out the pool's available assets against the inflated valuation.
  4. Total extracted: approximately $1.1M in RBTC and other assets.

A portion of the funds was recovered through the protocol's response and coordination; the realised net loss was lower than the gross drain.

Aftermath

  • Sovryn paused affected lending pools and published a post-mortem.
  • The team implemented oracle hardening and partial user compensation.
  • Sovryn is one of relatively few protocols in the catalogue operating on RSK — a comparatively low-activity Bitcoin sidechain — illustrating that the DeFi-security failure modes are chain-agnostic.

Why it matters

Sovryn's incident is a small but representative entry demonstrating that the oracle-manipulation playbook applies identically on every chain, including low-activity Bitcoin-adjacent sidechains. The same structural pattern that drained Cream Finance on Ethereum, Vee Finance on Avalanche, Moola Market on Celo, and Lodestar on Arbitrum, applied equally to Sovryn on RSK: a lending market that values collateral from a manipulable on-chain pool is exploitable by anyone who can move that pool.

The broader lesson the catalogue keeps reinforcing through these geographically-diverse small incidents: DeFi security knowledge does not propagate across ecosystems automatically. Every chain's DeFi builders tend to re-learn oracle manipulation, reentrancy, and access-control bugs independently — RSK's small ecosystem no less than the larger ones. The cost is a recurring, chain-by-chain tax, paid in real user funds, for lessons that were already documented and freely available before the vulnerable code shipped.

Sources & on-chain evidence

  1. [01]halborn.comhttps://www.halborn.com/blog/post/explained-the-sovryn-hack-october-2022
  2. [02]cryptopotato.comhttps://cryptopotato.com/bitcoin-defi-protocol-sovryn-gets-hacked-for-over-1-million/
  3. [03]rekt.newshttps://rekt.news/sovryn-rekt

Related filings