Decentralized exchange Level Finance experienced a security breach in its "LevelReferralControllerV2" smart contract, allowing an attacker to drain more than 214,000 of the exchange's LVL tokens valued at over $1 million and swap them into Binance Coin.

Blockchain security firm Peckshield confirmed the bug that allowed for repeated referral claims from the same epoch. The exchange has temporarily shut down the referral program and will deploy a new implementation of the referral contract within the next 12 hours.

The attack was isolated from other contracts and did not affect the exchange's liquidity pools and related DAOs. Level Finance has asked users to stand by for a full post mortem.