Coinbase’s Layer 2 network, known as the ‘Base’ chain, has fallen victim to a significant price manipulation attack, resulting in a loss of around $1 million. The breach occurred when an unverified loan contract was targeted and manipulated. CertiK Alert, a monitoring service, alerted users about the attack, stating that the Base chain, specifically the unverified loan contract at address 0x5c52, had been affected. The attacker manipulated the price of WETH and Sui tokens, leading to a gain of approximately $1 million through excessive borrowing.
CertiK also revealed that the oracle used in the lending contract verification had limited liquidity since its deployment 6 days ago, with only around $400K available. This incident marks the second contract manipulation case reported by the platform within two days. On October 24, suspicious transactions on Polygon’s unverified NAS contract (0x5d6084Bf..F36Ac7) were identified, where the attacker acquired a substantial amount of NAS tokens and traded them for USDT.
As of now, Base has not issued any statements regarding this attack. The platform had recently announced its permissionless Fault Proofs upgrade, set to launch on October 30. This update aims to enhance security by eliminating the need for trusted third parties and allows users to monitor and challenge invalid withdrawals.