Bitcoin

Crypto Lending Protocol EraLend Hacked to the Tune of $3.4 Million

2 Mins read


On the 25th of July, EraLend was hit by a reentrancy attack that allowed an unknown bad actor to make off with about $3.4 million worth of crypto.

A reentrancy attack, a type of cyberattack affecting smart contracts, is one of the most common exploits against DeFi protocols.

In it, a bad actor identifies a security vulnerability in a smart contract’s code in order to repeatedly call a function within the contract before the completion of a previous function call. When executed (im)properly, these function calls can manipulate the price of tokens within the smart contract, allowing the attacker to withdraw far more from the protocol than should be possible.

Lack of Oracles Exploited

EraLend, an allegedly (according to their own website) low-risk zkSync decentralized lending protocol formerly known as Nexon Finance, eschewed the use of oracles, claiming that this made them less risky.

“Our lending platform is less risky because it does not depend on oracle and liquidation (external liquidity).”

Unfortunately for them – or rather, for their unfortunate users – their marketing was put to the test and found wanting.

Since the attack, which targeted the platform’s USDC stash, all borrowing operations have been suspended. Furthermore, the EraLend devs advised their community against depositing USDC on the platform until the issue is addressed.

Cybersecurity Firms on The Case

In order to help EraLend devs get their platform back in order – and maybe even uncover the identity of the person behind the attack – several cybersecurity firms and other partners have been in contact. BlockSec has confirmed its involvement with the post-mortem of the attack.

The exploit was originally announced by cybersecurity researchers Spreek and Saul. It’s still unconfirmed if the total loss of value stopped at $3.4 million.

“Apparently likely cause is read-only reentrancy affecting the LP token pricing. not sure about the size of the hack, might be much larger. still trying to figure out this rug block explorer rip.”

Although the amount stolen pales in comparison to hacks like those affecting the Ronin or Harmony, every bit of swiped crypto adds up.

Last year the total amount of value stolen from crypto investors broke the $10 billion barrier once investment scams, outright fraud, and other malicious schemes were taken into account. Today’s attack serves as yet another reminder to do your own research before investing your hard-earned money into any platform.

SPECIAL OFFER (Sponsored)

Binance Free $100 (Exclusive): Use this link to register and receive $100 free and 10% off fees on Binance Futures first month (terms).

PrimeXBT Special Offer: Use this link to register & enter CRYPTOPOTATO50 code to receive up to $7,000 on your deposits.



Source link

Related posts
Bitcoin

Solana's First Layer 2 Prepares to Drive the 2024 Meme Coin Cycle

4 Mins read
Join Our Telegram channel to stay up to date on breaking news coverage While Ethereum-based tokens dominated previous cycles, with Shiba Inu…
Bitcoin

Crypto All-Stars Blockbuster Presale Raises $26M

2 Mins read
Crypto All-Stars is launching its native token, $STARS, on the decentralized exchange (DEX) Uniswap today at 2 pm UTC.  Ahead of the…
Bitcoin

Can Ethereum Break $3,500 Before End Of '24? Analyst Weighs In

2 Mins read
Este artículo también está disponible en español. As 2024 nears its conclusion, Ethereum price fluctuations are being closely monitored. The trajectory of…

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *