1. BITBILIHome
  2. Article

Popular DeFi platform Sturdy Finance hacked losing $800,000

140 views

TL;DR Breakdown

  • Sturdy Finance, a decentralized lending protocol, experienced a significant security breach today, resulting in a loss of 442 ether, equivalent to approximately $800,000.
  • The attack began with a reentrancy attack, a method commonly employed to fraudulently withdraw funds from DeFi protocols.
  • BlockSec, a security firm, identified the root cause of the breach as the typical reentrancy vulnerability in Balancer’s system.

Sturdy Finance, a decentralized lending protocol, experienced a significant security breach today, resulting in a loss of 442 ether, equivalent to approximately $800,000. The attack was carried out by an unknown individual who exploited a reentrancy vulnerability within the system, enabling them to manipulate a faulty price oracle and siphon off funds.

In decentralized finance (DeFi) applications like Sturdy Finance, price oracles play a crucial role by providing real-world price data. However, they can also serve as a prime target for hackers seeking to exploit vulnerabilities and compromise the security of the platform.

The attack on Sturdy Finance began with a reentrancy attack, a method commonly employed to fraudulently withdraw funds from DeFi protocols. This type of attack takes advantage of the ability to call a function repeatedly within a single transaction before the original function call is completed. By leveraging this loophole, the attacker was able to withdraw more funds than they were legitimately entitled to.

Sturdy Finance security breach

Once the attacker gained control over the function calls, they proceeded to exploit the price oracle. Sturdy Finance relied on a separate “read-only” smart contract to derive its price oracle, which was responsible for accurately determining the market value of assets in a liquidity pool managed by the protocol on the Balancer decentralized exchange. However, the attacker successfully manipulated the oracle, allowing them to drain funds from Sturdy Finance.

BlockSec, a security firm, identified the root cause of the breach as the typical reentrancy vulnerability in Balancer’s system, combined with the manipulation of the price of B-stETH-STABLE.

In response to the attack, Sturdy Finance took immediate action by suspending all of its markets to prevent further potential losses. The team assured users that no additional funds were at risk and that no immediate action was required from the users. They pledged to provide more information as soon as it became available.

Following the attack, on-chain data revealed that the attacker utilized the Tornado Cash mixer to obfuscate their activities. This mixer is a tool used to enhance privacy and make it difficult to trace transactions on the blockchain.

The incident highlights the ongoing challenges and risks associated with decentralized finance and the importance of robust security measures. Sturdy Finance’s swift response in suspending the markets demonstrates its commitment to protecting user funds and mitigating potential losses. As the investigation unfolds, it is hoped that further insights will be gained to prevent similar attacks in the future and strengthen the overall security of decentralized lending protocols.

Disclaimer. The information provided is not trading advice. Cryptopolitan.com holds no liability for any investments made based on the information provided on this page. We strongly recommend independent research and/or consultation with a qualified professional before making any investment decisions.

文章来源于互联网:Popular DeFi platform Sturdy Finance hacked losing $800,000

Disclaimers:

1. You are solely responsible for your investment decisions and this info is not liable for any losses you may incur.

2. The copyright of this article belongs to the writer, it represents the writer's opinions only, not represents the site's ones. Not financial advice.

Previous 2023年6月14日 15:11
Next 2023年6月14日 16:10

Related articles

  • Lawsuit: Evan Singh Luthra seeks $16,000,000 that was stolen by Bitget

    Description Evan Luthra, the renowned blockchain influencer, has finally had enough of Bitget’s alleged charades and backdoor games. The 28-year-old who was recently featured in Forbes’ 30 Under 30, has taken a stand against what he perceives to be a massive act of fraud and theft, through a colossal lawsuit of $16 million. So, let’s unpack. … Read more Evan Luthra, the renowned blockchain influencer, has finally had enough of Bitget’s alleged charades and backdoor games. The 28-year-old who was recently featured in Forbes’ 30 Under 30, has taken a stand against what he perceives to be a massive act of fraud and theft, through a colossal lawsuit of $16 million. So, let’s unpack. Contents hide 1 Bitget’s betrayal: More than just numbers 2 A scandal bigger than you think: Understanding the $16m lawsuit 2.1 Count One: Theft of Funds 2.2 Count Two: Defamation and Lies 2.3 Count Three: Manipulation of REELT and Market Fraud 2.4 Count Four: Regulatory Violations 3 Luthra takes a stand Bitget’s betrayal: More than just numbers It’s not just about the money for Evan. It’s…

    Article 2023年8月1日

  • Group behind the Tornado Cash lawsuit loses to the US Treasury

    TL;DR Breakdown A lawsuit against the US Treasury by 6 individuals backed by Coinbase goes south in a mega loss. Judge Robert Pitman states that Tornado Cash is a legal entity that has a property interest in its smart contracts.  The judge rejected the Treasury Department’s claim that Tornado Cash is not an entity, saying that the mixer’s DAO was designated. Last year, OFAC sanctioned Tornado Cash for assisting North Korea’s Lazarus Group launder crypto cash from decentralized exchanges and games like Axie Infinity. Coinbase Chief Legal Officer Paul Grewal says that the company will support an appeal. Description A federal judge in Texas has sided with the United States Department of the Treasury by granting a motion for summary judgment in a lawsuit brought by six individuals sponsored by the cryptocurrency exchange Coinbase against Tornado Cash. The group of crypto investors and developers backed by Coinbase argued the U.S. Treasury Department abused its … Read more A federal judge in Texas has sided with the United States Department of the Treasury by granting a motion for summary judgment in…

    Article 2023年8月18日

  • Bitcoin miners celebrate as U.S. drops controversial Bitcoin tax proposal

    TL;DR Breakdown Bitcoin miners in the United States can heave a sigh of relief as a proposed tax on crypto mining failed to make its way into a bill aimed at raising the U.S. debt ceiling. The DAME tax faced significant opposition due to concerns that it could potentially lead to an increase in global emissions.  The news of the tax proposal’s exclusion from the bill came after Pierre Rochard, the vice president of research at Bitcoin miner Riot Platforms, noticed its absence.  Bitcoin miners in the United States can heave a sigh of relief as a proposed tax on crypto mining failed to make its way into a bill aimed at raising the U.S. debt ceiling. The tax proposal, known as the Digital Assets Mining Energy (DAME) excise tax, intended to levy a tax on crypto miners equivalent to 10% of their electricity costs in 2024, with plans to increase it to 30% in 2026. The DAME tax faced significant opposition due to concerns that it could potentially lead to an increase in global emissions. Critics argued that if…

    Article 2023年6月8日

  • Crypto community divided: BlackRock ETF’s impact on DeFi remains uncertain

    TL;DR Breakdown BlackRock’s spot Bitcoin ETF has the potential to revolutionize the crypto market If approved. The majority of the crypto community is pleased by the news, but some mistrust persists. Some experts believe the SEC could approve the ETF to allow more conventional financial institutions to enter the market. While US regulators are filing lawsuits against crypto platforms for alleged violations of securities laws, BlackRock, the world’s largest asset manager with over US$10 trillion under management, has filed to launch the first publicly traded spot Bitcoin exchange-traded fund (ETF) in the US. After weeks of gloom and a huge governmental onslaught, the crypto market has received positive news. If BlackRock’s proposed Bitcoin ETF receives the go-light, it could completely transform the industry. A game-changing Blackrock ETF BlackRock, the largest US crypto exchange with $9.5 trillion in assets under management in the first quarter of 2023, is collaborating with Coinbase (COIN). The ETF will leverage Coinbase Custody and rely on spot market data from the exchange for pricing, with BNY Mellon as the cash custodian. In August of last year,…

    Article 2023年6月19日

  • Gary Gensler’s old video on digital assets resurfaces

    TL;DR Breakdown A video where Gary Gensler talked about digital assets has resurfaced amid regulatory concerns. Controversy surrounds past statements and current enforcement. A recently circulated video featuring Gary Gensler, the current chair of the United States Securities and Exchange Commission (SEC), has sparked discussions within the crypto community. The video, believed to be from a 2018 event hosted by Bloomberg, shows Gensler stating that several cryptocurrencies are “not securities.” Gary Gensler says BTC and ETH are not securities During the event, Gensler, who was a professor at the Massachusetts Institute of Technology at the time, mentioned Bitcoin, Ether, Litecoin, and Bitcoin Cash as examples of cryptocurrencies that he considered not to be securities. However, it should be noted that this video predates Gary Gensler’s appointment as the chair of the SEC by approximately two years. The resurfacing of this video seems contradictory to Gensler’s recent actions as the head of the SEC. In recent months, the SEC has intensified its enforcement actions in the crypto space, leading to the classification of at least 68 cryptocurrencies as securities in various…

    Article 2023年6月16日
TOP