Lodestar Finance, an algorithmic borrowing and lending platform built on Arbitrum, has wound down its interest rates to zero after deposits on the platform were drained in an exploit on Sunday. 

Taking advantage of a faulty oracle developed by Lodestar, the hacker had manipulated the exchange rate of a token, “plvGLP” in order to depress its price relative to another, related token. The attacker then “borrowed” a huge sum of the token from Lodestar at lower prices. (That is—requiring less collateral to back the loan.) 

Data from DeFi Llama shows that Total Value Locked (TVL) in Lodestar Finance fell from $6.92 million to just $11.07 after the attack. The platform’s native token LODE lost more than 65% of its value following the exploit. At press time, LODE was trading at $0.16.

The Twitter account for the protocol said it planned to reach out to the hacker and attempt to negotiate a potential bug bounty, with the goal of recovering more funds.

The plvGLP token, developed by layer 2 project PlutusDAO is a derivative contract of GLP, which in itself is a liquidity solution developed by decentralized exchange GMX. The contract, audited by Solidity Finance, automatically reinvests ETH rewards three times a day and offers a higher yield. As of Dec. 8, Lodestar Finance accounted for 50% of all plvGLP.

Solidity Finance published its own analysis of the Lodestar exploit, saying that the GLP “oracle” determining the exchange rate between the two derivatives had been easy to exploit by overwhelming with a large order.  

“The attacker flashborrowed a large sum of funds and manipulated the price on the GLPOracle to increase the value of their collateral far beyond realistic values. As a result of this they were able to borrow more than they should have based upon the true value of their collateral,” explained Solidity Finance.