PREFACE Lava is a lending protocol that focuses on enabling the collateralization of AMM liquidity positions. This comes with different challenges and risks that the protocol has various controls for and aims to continuously mitigate in order to unlock an important and unique asset type. This report is divided into two sections: an operational response review and a technical incident report that details which controls and how those controls were circumvented in the USDC-USDC.e LP contract and what mitigations have been introduced in order to prevent future incidents. OPERATIONAL RESPONSE The incident was reported by PeckShield Alert to the protocol on March 28, 2024. Within 15 minutes of reviewing the report, all lending markets on the protocol were paused to prevent any further exploits. Lava community members reached out to contacts at major exchanges to identify the exploit address and prevent potential off-ramping of assets. Within an hour and with coordination of major exchanges, law enforcement incidents were filed. The address has also been listed as a malicious address on the blockchain explorer Arbiscan (Etherscan). All affected addresses were identified and a contingency plan was enacted for compensation by the Insurance Fund, not dependent on the successful return of funds by the attacker.