cointelegraph

Attacker drains $800K from DeFi protocol Sturdy Finance

Attacker drains $800K from DeFi protocol Sturdy Finance

Decentralized finance (DeFi) protocol Sturdy Finance lost 442 Ether (ETH), worth almost $800,000 at the time of writing, from a security exploit. The attacker exploited a vulnerability that eventually manipulated a faulty price oracle, allowing them to drain funds from the protocol. 

On June 12, blockchain security firm PeckShield alerted Sturdy Finance and reported a transaction that seemed to be related to price manipulation. Almost an hour later, the DeFi protocol said that they were aware of the exploit and responded by pausing all their markets and assuring its users that no additional funds were at risk.

Despite the swift response from the DeFi lending platform, PeckShield confirmed that the attacker was able to transfer almost $800,000 in ETH to the sanctioned crypto mixer Tornado Cash. The security firm also noted that the “root cause” of the exploit is a faulty price oracle. 

In addition, the blockchain security company BlockSec highlighted that the hack was done through a reentrancy attack, a common method hackers use to withdraw funds from DeFi protocols.

Through this method, hackers exploit the ability to repeatedly call a function in a single transaction before the initial function call is complete. With this, hackers will be able to withdraw more funds than they are allowed to take. 

Related: Atomic Wallet hacker sends crypto to mixer used by Lazarus Group: Elliptic

Meanwhile, scammers were able to take control of eight Twitter accounts by prominent crypto community members and promoted crypto scams. According to blockchain detective ZachXBT, the scammers have stolen almost $1 million in crypto after taking control of the accounts of DJ Steve Aoki, Pudgy Penguins founder Cole Villemain and even crypto hater Peter Schiff.

In other news, the United States Justice Department has recently charged two men who are allegedly involved in the Mt. Gox hack. According to the department, 43-year-old Alexey Bilyuchenko and 29-year-old Aleksandr Verner allegedly stole and conspired to launder 647,000 Bitcoin (BTC).

Magazine: $3.4B of Bitcoin in a popcorn tin — The Silk Road hacker’s story