From 08cee8cc716df747dc680a60e368c55680184b4b Mon Sep 17 00:00:00 2001
From: svg-arch <54551804+svg-arch@users.noreply.github.com>
Date: Sat, 2 Mar 2024 19:06:10 +0300
Subject: [PATCH 1/5] Create 2023-06-27-Themis-Protocol.md

---
 .../posts/2023-06-27-Themis-Protocol.md       | 40 +++++++++++++++++++
 1 file changed, 40 insertions(+)
 create mode 100644 content/attacks/posts/2023-06-27-Themis-Protocol.md

diff --git a/content/attacks/posts/2023-06-27-Themis-Protocol.md b/content/attacks/posts/2023-06-27-Themis-Protocol.md
new file mode 100644
index 000000000..7f6de1d66
--- /dev/null
+++ b/content/attacks/posts/2023-06-27-Themis-Protocol.md
@@ -0,0 +1,40 @@
+---
+date: 2023-06-27
+target-entities: Themis Protocol
+entity-types:
+  - DeFi
+  - Lending Platform
+attack-types:
+  - Smart Contract Exploit
+  - Flash Loan Attack
+title: "Themis Protocol Suffers $370,000 Loss in Exploit"
+loss: 370000
+---
+
+## Summary
+
+On June 27, 2023, Themis Protocol, a decentralized lending and borrowing platform on the Arbitrum One chain, fell victim to a sophisticated exploit involving a flawed price oracle, leading to a loss of approximately $370,000. The attacker manipulated the Balancer LP token price by exchanging tokens within the Balancer pool, thus affecting the oracle's valuation of the pool's tokens. By utilizing flash loans and a series of calculated transactions, the exploiter was able to inflate the price of the Balancer LP tokens and borrow assets far exceeding their collateral, eventually laundering a portion of the stolen assets through Tornado Cash.
+
+## Attackers
+
+The identity of the attacker is unknown. The following addresses are associated with this attack:
+
+Hacker Arbitrum Wallet:
+
+- [0xdb73eb484e7dea3785520d750eabef50a9b9ab33](https://arbiscan.io/address/0xdb73eb484e7dea3785520d750eabef50a9b9ab33)
+
+## Losses
+
+Themis Protocol lost approximately $370,000 in total.
+
+## Timeline
+
+- **June 27, 2023, 06:33:09 PM +UTC:** The [first malicious](https://arbiscan.io/tx/0xff368294ccb3cd6e7e263526b5c820b22dea2b2fd8617119ba5c3ab8417403d8) transaction occurred.
+- **June 27, 2023, 10:30 PM +UTC:** Themis Protocol [suspension of borrowing functions](https://twitter.com/ThemisProtocol/status/1673775788661800969).
+- **June 27, 2023, 10:39 PM +UTC:** PeckShield [published](https://twitter.com/peckshield/status/1673778002373509121?s=20) a report on the incident.
+- **June 28, 2023, 12:32 AM +UTC:** Themis Protocol [confirmed the hack](https://twitter.com/ThemisProtocol/status/1673806487540609024) and offered the hacker to return the funds.
+- **July 27, 2023:** Themis Protocol [announced](https://blog.themis.exchange/themis-2-0-official-launch-and-compensation-plan-23209983ef16) Themis 2.0 and compensation details
+
+## Security Failure Causes
+
+- **Flawed Price Oracle:** The root cause of the exploit is an inaccurate Balancer LP token price oracle. The attacker manipulated the LP token price by exchanging tokens within the Balancer pool, the price of which is determined by aggregating the total value of all tokens in the pool.

From 1567eb5947db7b8f4e3114d2f57a30d50d9caf35 Mon Sep 17 00:00:00 2001
From: svg-arch <54551804+svg-arch@users.noreply.github.com>
Date: Tue, 5 Mar 2024 19:40:33 +0000
Subject: [PATCH 2/5] Update 2023-06-27-Themis-Protocol.md

---
 content/attacks/posts/2023-06-27-Themis-Protocol.md | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/content/attacks/posts/2023-06-27-Themis-Protocol.md b/content/attacks/posts/2023-06-27-Themis-Protocol.md
index 7f6de1d66..71f0fb4f8 100644
--- a/content/attacks/posts/2023-06-27-Themis-Protocol.md
+++ b/content/attacks/posts/2023-06-27-Themis-Protocol.md
@@ -7,6 +7,7 @@ entity-types:
 attack-types:
   - Smart Contract Exploit
   - Flash Loan Attack
+  - Price Oracle Manipulation
 title: "Themis Protocol Suffers $370,000 Loss in Exploit"
 loss: 370000
 ---
@@ -30,9 +31,9 @@ Themis Protocol lost approximately $370,000 in total.
 ## Timeline
 
 - **June 27, 2023, 06:33:09 PM +UTC:** The [first malicious](https://arbiscan.io/tx/0xff368294ccb3cd6e7e263526b5c820b22dea2b2fd8617119ba5c3ab8417403d8) transaction occurred.
-- **June 27, 2023, 10:30 PM +UTC:** Themis Protocol [suspension of borrowing functions](https://twitter.com/ThemisProtocol/status/1673775788661800969).
-- **June 27, 2023, 10:39 PM +UTC:** PeckShield [published](https://twitter.com/peckshield/status/1673778002373509121?s=20) a report on the incident.
-- **June 28, 2023, 12:32 AM +UTC:** Themis Protocol [confirmed the hack](https://twitter.com/ThemisProtocol/status/1673806487540609024) and offered the hacker to return the funds.
+- **June 27, 2023, 08:30 PM +UTC:** Themis Protocol [suspension of borrowing functions](https://twitter.com/ThemisProtocol/status/1673775788661800969).
+- **June 27, 2023, 08:39 PM +UTC:** PeckShield [published](https://twitter.com/peckshield/status/1673778002373509121?s=20) a report on the incident.
+- **June 28, 2023, 10:32 AM +UTC:** Themis Protocol [confirmed the hack](https://twitter.com/ThemisProtocol/status/1673806487540609024) and offered the hacker to return the funds.
 - **July 27, 2023:** Themis Protocol [announced](https://blog.themis.exchange/themis-2-0-official-launch-and-compensation-plan-23209983ef16) Themis 2.0 and compensation details
 
 ## Security Failure Causes

From d03081bf91fda26e953d68a433a726abef76412a Mon Sep 17 00:00:00 2001
From: svg-arch <54551804+svg-arch@users.noreply.github.com>
Date: Sun, 10 Mar 2024 12:31:26 +0000
Subject: [PATCH 3/5] Update 2023-06-27-Themis-Protocol.md

---
 content/attacks/posts/2023-06-27-Themis-Protocol.md | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/content/attacks/posts/2023-06-27-Themis-Protocol.md b/content/attacks/posts/2023-06-27-Themis-Protocol.md
index 71f0fb4f8..38988bf77 100644
--- a/content/attacks/posts/2023-06-27-Themis-Protocol.md
+++ b/content/attacks/posts/2023-06-27-Themis-Protocol.md
@@ -30,11 +30,11 @@ Themis Protocol lost approximately $370,000 in total.
 
 ## Timeline
 
-- **June 27, 2023, 06:33:09 PM +UTC:** The [first malicious](https://arbiscan.io/tx/0xff368294ccb3cd6e7e263526b5c820b22dea2b2fd8617119ba5c3ab8417403d8) transaction occurred.
-- **June 27, 2023, 08:30 PM +UTC:** Themis Protocol [suspension of borrowing functions](https://twitter.com/ThemisProtocol/status/1673775788661800969).
-- **June 27, 2023, 08:39 PM +UTC:** PeckShield [published](https://twitter.com/peckshield/status/1673778002373509121?s=20) a report on the incident.
-- **June 28, 2023, 10:32 AM +UTC:** Themis Protocol [confirmed the hack](https://twitter.com/ThemisProtocol/status/1673806487540609024) and offered the hacker to return the funds.
-- **July 27, 2023:** Themis Protocol [announced](https://blog.themis.exchange/themis-2-0-official-launch-and-compensation-plan-23209983ef16) Themis 2.0 and compensation details
+- **June 27, 2023, 06:33:09 PM UTC:** The [first malicious](https://arbiscan.io/tx/0xff368294ccb3cd6e7e263526b5c820b22dea2b2fd8617119ba5c3ab8417403d8) transaction occurred.
+- **June 27, 2023, 08:30 PM UTC:** Themis Protocol [suspension of borrowing functions](https://twitter.com/ThemisProtocol/status/1673775788661800969).
+- **June 27, 2023, 08:39 PM UTC:** PeckShield [published](https://twitter.com/peckshield/status/1673778002373509121?s=20) a report on the incident.
+- **June 27, 2023, 10:32 AM UTC:** Themis Protocol [confirmed the hack](https://twitter.com/ThemisProtocol/status/1673806487540609024) and offered the hacker to return the funds.
+- **July 27, 2023:** Themis Protocol [announced](https://blog.themis.exchange/themis-2-0-official-launch-and-compensation-plan-23209983ef16) Themis 2.0 and compensation details.
 
 ## Security Failure Causes
 

From 62390a6bd623c69ed48996c121363e2732ac7f77 Mon Sep 17 00:00:00 2001
From: svg-arch <54551804+svg-arch@users.noreply.github.com>
Date: Mon, 11 Mar 2024 23:55:42 +0300
Subject: [PATCH 4/5] Update 2023-06-27-Themis-Protocol.md

---
 content/attacks/posts/2023-06-27-Themis-Protocol.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/content/attacks/posts/2023-06-27-Themis-Protocol.md b/content/attacks/posts/2023-06-27-Themis-Protocol.md
index 38988bf77..c0f0f81ab 100644
--- a/content/attacks/posts/2023-06-27-Themis-Protocol.md
+++ b/content/attacks/posts/2023-06-27-Themis-Protocol.md
@@ -30,7 +30,7 @@ Themis Protocol lost approximately $370,000 in total.
 
 ## Timeline
 
-- **June 27, 2023, 06:33:09 PM UTC:** The [first malicious](https://arbiscan.io/tx/0xff368294ccb3cd6e7e263526b5c820b22dea2b2fd8617119ba5c3ab8417403d8) transaction occurred.
+- **June 27, 2023, 06:33 PM UTC:** The [first malicious](https://arbiscan.io/tx/0xff368294ccb3cd6e7e263526b5c820b22dea2b2fd8617119ba5c3ab8417403d8) transaction occurred.
 - **June 27, 2023, 08:30 PM UTC:** Themis Protocol [suspension of borrowing functions](https://twitter.com/ThemisProtocol/status/1673775788661800969).
 - **June 27, 2023, 08:39 PM UTC:** PeckShield [published](https://twitter.com/peckshield/status/1673778002373509121?s=20) a report on the incident.
 - **June 27, 2023, 10:32 AM UTC:** Themis Protocol [confirmed the hack](https://twitter.com/ThemisProtocol/status/1673806487540609024) and offered the hacker to return the funds.

From 1a15c5c4028d06c3d8099b24706664b9f1fc376e Mon Sep 17 00:00:00 2001
From: Evgeny Dmitriev <56804873+evgenydmitriev@users.noreply.github.com>
Date: Sun, 14 Apr 2024 14:28:01 +0300
Subject: [PATCH 5/5] Update 2023-06-27-Themis-Protocol.md

---
 content/attacks/posts/2023-06-27-Themis-Protocol.md | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/content/attacks/posts/2023-06-27-Themis-Protocol.md b/content/attacks/posts/2023-06-27-Themis-Protocol.md
index c0f0f81ab..f0185a717 100644
--- a/content/attacks/posts/2023-06-27-Themis-Protocol.md
+++ b/content/attacks/posts/2023-06-27-Themis-Protocol.md
@@ -20,8 +20,6 @@ On June 27, 2023, Themis Protocol, a decentralized lending and borrowing platfor
 
 The identity of the attacker is unknown. The following addresses are associated with this attack:
 
-Hacker Arbitrum Wallet:
-
 - [0xdb73eb484e7dea3785520d750eabef50a9b9ab33](https://arbiscan.io/address/0xdb73eb484e7dea3785520d750eabef50a9b9ab33)
 
 ## Losses
@@ -38,4 +36,4 @@ Themis Protocol lost approximately $370,000 in total.
 
 ## Security Failure Causes
 
-- **Flawed Price Oracle:** The root cause of the exploit is an inaccurate Balancer LP token price oracle. The attacker manipulated the LP token price by exchanging tokens within the Balancer pool, the price of which is determined by aggregating the total value of all tokens in the pool.
+- **Price Oracle Vulnerability:** The root cause of the exploit is a weakness in the Balancer LP token price oracle. The attacker manipulated the LP token price by exchanging tokens within the Balancer pool, the price of which is determined by aggregating the total value of all tokens in the pool.