1. BITBILIHome
  2. Article

Popular DeFi platform Sturdy Finance hacked losing $800,000

59 views

TL;DR Breakdown

  • Sturdy Finance, a decentralized lending protocol, experienced a significant security breach today, resulting in a loss of 442 ether, equivalent to approximately $800,000.
  • The attack began with a reentrancy attack, a method commonly employed to fraudulently withdraw funds from DeFi protocols.
  • BlockSec, a security firm, identified the root cause of the breach as the typical reentrancy vulnerability in Balancer’s system.

Sturdy Finance, a decentralized lending protocol, experienced a significant security breach today, resulting in a loss of 442 ether, equivalent to approximately $800,000. The attack was carried out by an unknown individual who exploited a reentrancy vulnerability within the system, enabling them to manipulate a faulty price oracle and siphon off funds.

In decentralized finance (DeFi) applications like Sturdy Finance, price oracles play a crucial role by providing real-world price data. However, they can also serve as a prime target for hackers seeking to exploit vulnerabilities and compromise the security of the platform.

The attack on Sturdy Finance began with a reentrancy attack, a method commonly employed to fraudulently withdraw funds from DeFi protocols. This type of attack takes advantage of the ability to call a function repeatedly within a single transaction before the original function call is completed. By leveraging this loophole, the attacker was able to withdraw more funds than they were legitimately entitled to.

Sturdy Finance security breach

Once the attacker gained control over the function calls, they proceeded to exploit the price oracle. Sturdy Finance relied on a separate “read-only” smart contract to derive its price oracle, which was responsible for accurately determining the market value of assets in a liquidity pool managed by the protocol on the Balancer decentralized exchange. However, the attacker successfully manipulated the oracle, allowing them to drain funds from Sturdy Finance.

BlockSec, a security firm, identified the root cause of the breach as the typical reentrancy vulnerability in Balancer’s system, combined with the manipulation of the price of B-stETH-STABLE.

In response to the attack, Sturdy Finance took immediate action by suspending all of its markets to prevent further potential losses. The team assured users that no additional funds were at risk and that no immediate action was required from the users. They pledged to provide more information as soon as it became available.

Following the attack, on-chain data revealed that the attacker utilized the Tornado Cash mixer to obfuscate their activities. This mixer is a tool used to enhance privacy and make it difficult to trace transactions on the blockchain.

The incident highlights the ongoing challenges and risks associated with decentralized finance and the importance of robust security measures. Sturdy Finance’s swift response in suspending the markets demonstrates its commitment to protecting user funds and mitigating potential losses. As the investigation unfolds, it is hoped that further insights will be gained to prevent similar attacks in the future and strengthen the overall security of decentralized lending protocols.

Disclaimer. The information provided is not trading advice. Cryptopolitan.com holds no liability for any investments made based on the information provided on this page. We strongly recommend independent research and/or consultation with a qualified professional before making any investment decisions.

文章来源于互联网:Popular DeFi platform Sturdy Finance hacked losing $800,000

Disclaimers:

1. You are solely responsible for your investment decisions and this info is not liable for any losses you may incur.

2. The copyright of this article belongs to the writer, it represents the writer's opinions only, not represents the site's ones. Not financial advice.

Previous 2023年6月14日 15:11
Next 2023年6月14日 16:10

Related articles

  • Best Twitter threads of the day – August 7th

    Description Is Huobi insolvent? What happened in the NFT world this week? $113 million has now been bridged to Coinbase’s Base Is Huobi insolvent? 1/16 So why is Tether selling off? Likely Huobi insolvency. -Binance started selling off USDT in bulk.-We found out that Huobi execs (and Tron personnel questioned by police)-This is not long after Sun’s stUSDT launch-And weird balance shifts at Huobi in the last month pic.twitter.com/f3HViYS93a — Adam Cochran (adamscochran.eth) (@adamscochran) August 5, 2023 2/16 Just like with FTT Binance is often the first to know about risky assets or issues within the industry due to its scales and connections. And if we look at the time stamps of Friday’s rapid sell off of USDT, it’s after the time Huobi employees would have been questioned. — Adam Cochran (adamscochran.eth) (@adamscochran) August 5, 2023 3/16 And its after weeks of steady USDT decline in Huobi pic.twitter.com/MpVeA23Rhm — Adam Cochran (adamscochran.eth) (@adamscochran) August 5, 2023 4/16 And after Sun launched “stUSDT” which is USDT he claims is sitting in government bonds gaining a 4.29% yield. His website claims there…

    Article 2023年8月8日

  • Lawsuit: Evan Singh Luthra seeks $16,000,000 that was stolen by Bitget

    Description Evan Luthra, the renowned blockchain influencer, has finally had enough of Bitget’s alleged charades and backdoor games. The 28-year-old who was recently featured in Forbes’ 30 Under 30, has taken a stand against what he perceives to be a massive act of fraud and theft, through a colossal lawsuit of $16 million. So, let’s unpack. … Read more Evan Luthra, the renowned blockchain influencer, has finally had enough of Bitget’s alleged charades and backdoor games. The 28-year-old who was recently featured in Forbes’ 30 Under 30, has taken a stand against what he perceives to be a massive act of fraud and theft, through a colossal lawsuit of $16 million. So, let’s unpack. Contents hide 1 Bitget’s betrayal: More than just numbers 2 A scandal bigger than you think: Understanding the $16m lawsuit 2.1 Count One: Theft of Funds 2.2 Count Two: Defamation and Lies 2.3 Count Three: Manipulation of REELT and Market Fraud 2.4 Count Four: Regulatory Violations 3 Luthra takes a stand Bitget’s betrayal: More than just numbers It’s not just about the money for Evan. It’s…

    Article 2023年8月1日

  • ICP price analysis: ICP shows bullish potential at $3.891

    TL;DR Breakdown ICP price analysis is bearish today. The strongest resistance is present at $5.340. The trading price of ICP is $3.891. ICP price analysis on June 13, 2023, an analysis of the price of Internet Computer (ICP) indicated a noticeable bullish trend, implying an upward trajectory for the cryptocurrency as a result of favorable momentum in the market. Over the span of several hours, the price of ICP demonstrated consistently high levels and experienced a sudden surge from $3.663 to $3.762. Moreover, there were indications of further growth in the market, as ICP managed to increase its value, reaching $3.891 and coming close to the $4 mark. This development signifies a positive outlook for ICP’s market capitalization. As of today, June 13, 2023, the price of Internet Computer (ICP) stands at $3.89, with a 24-hour trading volume of $66.93M. The market capitalization of ICP is estimated at $1.70B, contributing to a market dominance of 0.16%. Over the past 24 hours, the price of ICP has experienced a positive increase of 5.78%. Currently, the sentiment for Internet Computer’s price prediction…

    Article 2023年6月16日

  • Legal experts weigh Ripple’s strong defense against SEC’s interlocutory appeal

    TL;DR Breakdown John Deaton highlights a crucial argument in Ripple’s latest filing that could weaken the SEC’s position. Ripple’s statement questions the SEC’s long-held belief about classifying digital assets. Attorney Fred Rispoli believes Judge Torres may favor Ripple over the SEC based on legal analysis. Description A new twist has emerged in the ongoing legal battle between the Securities and Exchange Commission (SEC) and Ripple (XRP). John Deaton, the founder of CryptoLaw and attorney for XRP holders, has spotlighted a pivotal argument in Ripple’s recent filing. This argument, Deaton suggests, could significantly weaken the SEC’s stance. Ripple and its top executives … Read more A new twist has emerged in the ongoing legal battle between the Securities and Exchange Commission (SEC) and Ripple (XRP). John Deaton, the founder of CryptoLaw and attorney for XRP holders, has spotlighted a pivotal argument in Ripple’s recent filing. This argument, Deaton suggests, could significantly weaken the SEC’s stance. Ripple and its top executives Brad Garlinghouse and Chris Larsen have opposed the SEC’s motion. They challenge the idea of certifying an interlocutory appeal. A specific…

    Article 2023年9月3日

  • Avalanche price analysis: Upswing carries AVAX price above $14.4 threshold

    TL;DR Breakdown Avalanche price analysis shows uptrend. Price has heightened up to $14.4. Support is retained at $14.4 FOR AVAX/USD. According to the latest  Avalanche price analysis, there are clear indications of an upward trend, as the price has experienced a substantial surge in the past 24 hours. The bullish momentum has resulted in a notable enhancement of the price, which now stands at $14.4. Although there were certain instances of decline yesterday, with the price briefly dropping to $13.96, overall, the market has been largely influenced by bullish sentiment. It is anticipated that the price may surpass even higher levels in the near future. AVAX/USD 1-day price chart: Bullish drive launches price above $14.4 level The 1-day Avalanche price analysis shows that in the last 24 hours, the cryptocurrency has witnessed a tremendous increase in value, thanks to the persistent bullish momentum. Since yesterday, the price has been consistently rising, leading to a notable uptrend. As a result, the coin’s value has surged by 2.85 percent within this timeframe, reaching a successful level of $14.4. It is worth mentioning…

    Article 2023年5月30日
TOP