Levyathan Finance: Exposed Private Key + Minting + emergencyWithdraw Bug
Levyathan Finance lost $1.5M after developers committed a minting private key to a public GitHub repo — an attacker found it four months later and used it to mint and dump LEV, then a secondary `emergencyWithdraw` bug wiped out the remaining staked funds.
Summary #
Levyathan Finance suffered a Yield Farming / Staking on 2021-06-01, resulting in a loss of approximately $2M.
What happened #
Levyathan Finance lost $1.5M after developers committed a minting private key to a public GitHub repo — an attacker found it four months later and used it to mint and dump LEV, then a secondary `emergencyWithdraw` bug wiped out the remaining staked funds.
Linked factors #
- RD-F-004 — causal : Audit count likely 0; floor display [via dashboard_risk_factors/Vulnerability in audited or unaudited code: Unaudited]
- RD-F-007 — related : Bug bounty absent — baseline integrity gap [via dashboard_risk_factors/Bug bounty: None]
- RD-F-126 — causal : Is-a-fork-of (Cat 8 anchor) [via dashboard_risk_factors/Forked?: Yes — generic yield farm fork (MasterChef style)]