Velocore DEX
Summary
Velocore was a ve(3,3) decentralized exchange deployed on zkSync Era and Linea that suffered a critical smart contract exploit on June 2, 2024, resulting in the theft of approximately $6.8 million in ETH. A vulnerability in the protocol's Balancer-style CPMM pool fee calculation logic allowed an attacker to manipulate the feeMultiplier parameter beyond 100%, enabling draining of all volatile liquidity pools. Stolen funds were laundered through Tornado Cash with no recovery, and the hack triggered a controversial unilateral block production halt by Linea's sequencer operator Consensys.
Connected Entities
1 entities · 10 linked investigationsTimeline(8 events)
2023-05-28
Velocore announces V2 expansion to Linea, describing it as independent from the zkSync Era deployment.
Velocore Medium2024-06-02
Exploit occurs: attacker manipulates CPMM fee calculation via velocore__execute(), drains all volatile pools on zkSync Era and Linea. Approximately 1,807 ETH (~$6.8–6.9M) stolen.
Rekt News2024-06-02
Linea (Consensys) halts block production and censors attacker addresses to prevent further bridging of stolen funds.
CryptoSlate2024-06-02
Attacker bridges stolen funds from zkSync Era and Linea to Ethereum mainnet via Across Protocol, converting to ~1,807 ETH total before depositing into Tornado Cash.
Merkle Science2024-06-03
Velocore publishes incident post-mortem, offers 10% white-hat bounty (~$680K) to attacker for return of funds. Attacker does not respond.
The Block2024-06-05
Linea reaffirms decentralization roadmap following widespread criticism over its unilateral sequencer halt.
The BlockDecision Log
- hash: FysnoEPUHJN1aZSjHi7GCvmpb1CrshFFXt5mR9tdN2TV
This investigation is cryptographically anchored to the Solana blockchain and source URLs are archived via the Internet Archive.
model: claude-sonnet-4-6
generated: 5/31/2026, 7:00:20 AM
last updated: 5/31/2026, 7:00:23 AM
avoid.net — verified advice for a post-truth world