Hypernative flagged the attack preparation prior to execution. Alchemix's automation responded before the exploit landed. By the time the damage was done, Alchemix was already out.
On March 2, 2026, DolaSavings contract on Ethereum was exploited through a sophisticated price manipulation attack. Alchemix held exposure to DOLA in Curve pools and was in the potential blast radius.
Hypernative detected the attacker's preparation phase before the exploit executed. Alchemix secured its exposed positions before the attack unfolded. The exploit's blast radius ultimately didn't reach Alchemix, but the team acted before that was knowable. The response was faster than the attack.
Hypernative began detecting suspicious activity well before the exploit, starting with suspicious contracts and transactions which were the initial failed transactions before the successful attack. The platform successfully paused the Alchemix protocol and notified us of the activity as it was occurring, which enabled us to withdraw treasury funds from liquidity pools before the exploit occurred.
Ov3rkoalafied, COO @ Alchemix
Alchemix is a decentralized finance protocol that enables users to borrow against future yield. By depositing collateral into yield-generating strategies, users can mint synthetic assets such as alUSD. Alchemix does not directly support sDOLA as collateral. However, alUSD is paired with sDOLA in Curve liquidity pools, where the Alchemix treasury maintains a position. This created indirect exposure to the DolaSavings ecosystem, even though the protocol itself was not directly at risk.
The DolaSavings exploit targeted a pricing mechanism that relied on live vault exchange rate data with no smoothing or safeguards. The attacker used a large flashloan to swap real collateral (sDOLA) in borrowers' positions for crvUSD, drained the sDOLA vault, then briefly donated funds back to artificially inflate the reported price while the vault was nearly empty. The protocol was tricked into treating positions as healthy when they weren't. Most affected positions were wiped out.
Alchemix had configured automated response playbooks on the Hypernative Platform, including a Disable Tokens action across all tokens in Alchemix markets. When Hypernative's alerts fired during the attacker's preparation phase, that automation executed without requiring manual intervention, disabling various actions in the Alchemix protocol before the attack unfolded.
Contagion effects are rarely clear until after the damage is done. Acting before the full picture emerges isn't overcaution, it's the only option that works.
Our exposure to sDOLA was through the treasury. However, it takes time to determine what the actual exploit is and what is affected. In this scenario, warnings were firing on alUSD/DOLA curve pools, which meant it could have been a DOLA, alUSD, or Curve issue. The pausing of the protocol prior to the attack meant that we could focus our efforts elsewhere, which is extremely valuable in a quickly-developing and evolving exploit situation. The specific alerts also pointed us directly to relevant transactions which gave us a big head start in determining what was actually going on.
Ov3rkoalafied, COO @ Alchemix
The DolaSavings exploit cost sDOLA lenders approximately $240K. Alchemix's losses: zero.
Early detection and pre-configured automation made the difference. By the time the attack executed, Alchemix was already out. Had the Dola team had the same automation and alerts their funds could have been saved.
We’ve been very happy with Hypernative. Alerts are on the precautionary side while still achieving good signal to noise ratios. Additionally, members of the Hypernative team have always been quick to join the chat to discuss what they are seeing and any additional context they have. That type of support and extra sets of eyes is invaluable when you are making fast decisions in real time during an active situation.
Ov3rkoalafied, COO @ Alchemix
Reach out for a demo of Hypernative’s solutions, tune into Hypernative’s blog and our social channels to keep up with the latest on cybersecurity in Web3.
Secure everything you build, run and own in Web3 with Hypernative.
Website | X (Twitter) | LinkedIn
