LML was attacked, incurring a $950,000 loss; the coin price plunged 99.6% in one day

PeckShieldAlert, an on-chain security monitoring platform, confirmed on April 1 that the LML token suffered a targeted attack, with losses of about $950,000. In a short period, the malicious price plunged by 99.6%, nearly to zero. The attacker immediately converted the stolen 950,000 USDT into 450.6 ETH, and deposited it into the privacy-mixing protocol Tornado Cash to break the on-chain fund-tracking chain.

Core Attack Technique: The Manipulable Gap Between TWAP and Spot Pricing

(Source: Trading View)

This attack exploited a typical design risk in DeFi staking protocols: the reward calculation logic uses a delayed TWAP or snapshot price, while the funds are actually sold using the immediate spot price. The price difference between the two creates an arbitrage window that can be manipulated.

When attackers can artificially drive up the token’s spot price within a short time, they can sell at the manipulated high spot price using the reward amount calculated by TWAP, gaining actual returns far beyond normal circumstances. More importantly, reward claiming and token selling can be completed atomically within the same transaction sequence, making traditional risk controls difficult to intervene before the arbitrage closes. BlockSec noted that this TWAP pricing design flaw is not unique to LML; it has been found across multiple DeFi protocols, but many have not yet sufficiently hardened against this type of attack vector.

Attack Steps Reconstructed: From Zero-Address Path Manipulation to Mixer Escape

According to BlockSec’s on-chain tracking and analysis, the attacker’s actions can be broken down into the following key steps:

Pre-staging Tokens to Establish a Position: deposit tokens into the target staking protocol in advance to obtain the eligibility to later call the claim function

Raise the Spot Price via a Zero-Address Recipient Path: by using a transaction path that sets the recipient as a zero address, artificially reduce circulating supply and push up the LML spot price

Call claim to Get Rewards at the High Price: at the manipulated spot high, based on the TWAP or snapshot-based reward logic, calculate a large amount of claimable tokens

Immediately Sell the Rewards at the High Spot Price: while the spot price remains artificially high, sell immediately and cash out about 950,000 USDT

Convert USDT to ETH and Deposit into a Mixer: convert 950,000 USDT into 450.6 ETH and deposit it into Tornado Cash to cut off on-chain tracking

The entire attack process is completed atomically on-chain, leaving no “failure window” in the traditional sense.

Tornado Cash Mixing Paths and Systematic Warnings for DeFi Security

The attacker’s choice of Tornado Cash as a fund-cleaning tool is a common route in DeFi attack incidents. Tornado Cash breaks the traceability of on-chain funds through zero-knowledge proofs, making it difficult for law enforcement agencies and security researchers to track the final destination, significantly increasing the difficulty of recovering assets.

The problem revealed by this LML attack has broad industry reference significance. Reliance on reward distribution mechanisms that use TWAP or snapshot pricing is generally accompanied by manipulation risks on tokens with lower liquidity—low liquidity means the cost for attackers to push up the spot price is relatively lower, while arbitrage returns can be extremely high. The core measures to defend against this kind of attack in DeFi protocols include introducing a time delay between reward claiming and token selling, limiting the maximum rewards that a single address can claim in a short time, and adding protections based on deviation thresholds between the real-time spot price and TWAP.

FAQ

How did the LML attack use the TWAP pricing mechanism?

The core of the attack is the inconsistency between the “reward calculation benchmark” and the “selling benchmark”: the protocol calculates the claimable reward amount using a delayed TWAP or snapshot price, but the token can be sold directly at the real-time spot price. After manipulating the spot high point, the attacker immediately claims and sells, making it possible to profit from “calculating at a slow price but selling at a manipulated high price.” The loss in a single incident is as high as $950,000.

Why did the attacker use a zero-address path to push up the LML spot price?

Transactions that set the recipient to a zero address are, technically, a form of “burning”—the tokens are transferred to an address no one controls and disappear from circulation. This causes the visible circulating supply in the market to drop sharply, artificially driving up the spot price. Attackers typically use flash loans to support the cost of this operation, completing the price manipulation without holding any assets. The entire process can be completed within a single transaction block.

After depositing into Tornado Cash, is the attacker’s funds completely untraceable?

Tornado Cash greatly increases the difficulty of tracking, but it does not mean the funds are completely untraceable. On-chain security firms can perform correlation analysis using entry time, amount characteristics, and subsequent on-chain behaviors. If the attacker needs to transfer the ETH to a centralized exchange to cash out, the KYC process may still reveal their identity. Organizations such as PeckShield and BlockSec continue to monitor the subsequent activities of the related addresses.