Crypto Lending Protocol EraLend Hacked to the Tune of $3.4 Million

Crypto Lending Protocol EraLend Hacked to the Tune of $3.4 Million

On the 25th of July, EraLend was hit by a reentrancy attack that allowed an unknown bad actor to make off with about $3.4 million worth of crypto.

A reentrancy attack, a type of cyberattack affecting smart contracts, is one of the most common exploits against DeFi protocols.

In it, a bad actor identifies a security vulnerability in a smart contract’s code in order to repeatedly call a function within the contract before the completion of a previous function call. When executed (im)properly, these function calls can manipulate the price of tokens within the smart contract, allowing the attacker to withdraw far more from the protocol than should be possible.

Lack of Oracles Exploited

EraLend, an allegedly (according to their own website) low-risk zkSync decentralized lending protocol formerly known as Nexon Finance, eschewed the use of oracles, claiming that this made them less risky.

“Our lending platform is less risky because it does not depend on oracle and liquidation (external liquidity).”

Unfortunately for them – or rather, for their unfortunate users – their marketing was put to the test and found wanting.

Since the attack, which targeted the platform’s USDC stash, all borrowing operations have been suspended. Furthermore, the EraLend devs advised their community against depositing USDC on the platform until the issue is addressed.

Cybersecurity Firms on The Case

In order to help EraLend devs get their platform back in order – and maybe even uncover the identity of the person behind the attack – several cybersecurity firms and other partners have been in contact. BlockSec has confirmed its involvement with the post-mortem of the attack.

The exploit was originally announced by cybersecurity researchers Spreek and Saul. It’s still unconfirmed if the total loss of value stopped at $3.4 million.

“Apparently likely cause is read-only reentrancy affecting the LP token pricing. not sure about the size of the hack, might be much larger. still trying to figure out this rug block explorer rip.”

Although the amount stolen pales in comparison to hacks like those affecting the Ronin or Harmony, every bit of swiped crypto adds up.

Last year the total amount of value stolen from crypto investors broke the $10 billion barrier once investment scams, outright fraud, and other malicious schemes were taken into account. Today’s attack serves as yet another reminder to do your own research before investing your hard-earned money into any platform.


Binance Free $100 (Exclusive): Use this link to register and receive $100 free and 10% off fees on Binance Futures first month (terms).

PrimeXBT Special Offer: Use this link to register & enter CRYPTOPOTATO50 code to receive up to $7,000 on your deposits.

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button

Adblock Detected

Please consider supporting us by disabling your ad blocker