In April 2025, Impermax V3 suffered a flash loan attack, resulting in approximately $300,000 stolen from the protocol's liquidity pools. The attacker exploited a flaw in the protocol's calculation of collateral value for Uniswap V3 LP positions. The attack followed a systematic approach: first manipulating the LP pool's price tick, then accumulating substantial fees through swaps, borrowing against the LP position, incorrectly reinvesting fees, and finally triggering a self-liquidation of the position. This sequence caused the position value to plummet, forcing the protocol into bad debt and allowing the attacker to extract funds without risk.
Share this post
Inside the Impermax V3 Hack
Share this post
In April 2025, Impermax V3 suffered a flash loan attack, resulting in approximately $300,000 stolen from the protocol's liquidity pools. The attacker exploited a flaw in the protocol's calculation of collateral value for Uniswap V3 LP positions. The attack followed a systematic approach: first manipulating the LP pool's price tick, then accumulating substantial fees through swaps, borrowing against the LP position, incorrectly reinvesting fees, and finally triggering a self-liquidation of the position. This sequence caused the position value to plummet, forcing the protocol into bad debt and allowing the attacker to extract funds without risk.