1. BITBILIHome
  2. Article

ZKSync-based Era Lend suffers $3.4 million loss in DeFi exploit

41 views

TL;DR Breakdown

  • Era Lend, a lending protocol on the zkSync network, suffered a $3.4 million loss due to a ‘read-only reentrancy attack’, which allowed the attacker to withdraw funds repeatedly.
  • The attack also impacted the stablecoin USDC+, issued by the Overnight Finance protocol, resulting in a potential loss of over $261,000.
  • In response, Era Lend paused its zkSync contracts to prevent further exploits, highlighting the ongoing security challenges in the DeFi sector.

Description

According to a recent report by blockchain security firm BlockSec, Era Lend, a decentralized lending protocol operating on the zkSync Layer 2 network, has fallen victim to a ‘read-only reentrancy attack’ resulting in a loss of $3.4 million.  The attacker exploited a vulnerability that allowed repeated calls to a function within a single transaction, withdrawing … Read more

According to a recent report by blockchain security firm BlockSec, Era Lend, a decentralized lending protocol operating on the zkSync Layer 2 network, has fallen victim to a ‘read-only reentrancy attack’ resulting in a loss of $3.4 million. 

The attacker exploited a vulnerability that allowed repeated calls to a function within a single transaction, withdrawing more funds than they were entitled to. Also, the exploit involved manipulating a contract to report outdated values that hadn’t been updated yet, taking advantage of a faulty price oracle that Era Lend relied upon.

The impact and response

The attack had repercussions on the stablecoin USDC+, issued by the Overnight Finance protocol, resulting in a potential loss of over $261,000, which represents 7.86% of the total value of the collateral supporting the stablecoin. 

In response to the attack, Era Lend paused the protocol’s zkSync contracts to prevent further exploits. The team also advised users that only the USDC pool was compromised. According to an official statement on Discord, the Era Lend team assured that the security of other assets remains intact—but borrowing operations on the platform have been temporarily halted.

“We have detected and confirmed a cyber attack on our platform. We want to assure you that the attack has been contained, and the threat actor can no longer continue their actions.”

Era Lend Team

The Era Lend exploit has raised concerns for other projects based on the Syncswap project, from which Era Lend is a fork. Security analysts have warned that these projects might also be susceptible to similar exploits. The incident underscores the need for auditors to utilize specialized software to identify these vulnerabilities more effectively, as read-only reentrancy attacks can evade traditional scrutiny and remain harder to identify during auditing processes.

Era Lend operates on the zkSync network, an Ethereum layer-2 rollup utilizing zero-knowledge proofs. As of April, the total value locked in the zkSync network surpassed $110 million. Despite the recent exploit, the network’s developers have ambitious plans to establish an ecosystem of interoperable chains named “Hyperchains” by December 2023.

Disclaimer. The information provided is not trading advice. Cryptopolitan.com holds no liability for any investments made based on the information provided on this page. We strongly recommend independent research and/or consultation with a qualified professional before making any investment decisions.

文章来源于互联网:ZKSync-based Era Lend suffers $3.4 million loss in DeFi exploit

Disclaimers:

1. You are solely responsible for your investment decisions and this info is not liable for any losses you may incur.

2. The copyright of this article belongs to the writer, it represents the writer's opinions only, not represents the site's ones. Not financial advice.

Previous 2023年7月26日 17:11
Next 2023年7月26日 18:31

Related articles

  • Social Media sentiment holds the key to Crypto profits – study

    TL;DR Breakdown The study found that sentiment expressed on social media platforms was a strong predictor of crypto returns, whereas sentiment derived from news media did not have the same impact. Despite being considered a highly volatile asset, the researchers found that market exuberance positively influenced momentum without significantly affecting volatility. The paper posits that sentiment impacts crypto returns primarily through price perception and demand shocks, rather than through the traditional risk premium channel. Description A recent study conducted by researchers at Pennsylvania State University delved into the relationship between social media, attitudes, emotions, and the cryptocurrency market. The findings of their analysis may challenge conventional wisdom regarding similar trends in other financial markets. The research paper highlighted the significant role that social media platforms play in cryptocurrency adoption and … Read more A recent study conducted by researchers at Pennsylvania State University delved into the relationship between social media, attitudes, emotions, and the cryptocurrency market. The findings of their analysis may challenge conventional wisdom regarding similar trends in other financial markets. The research paper highlighted the significant role that…

    Article 2023年7月11日

  • Pro-XRP lawyer falls victim to latest cyber intrusion

    TL;DR Breakdown Pro-XRP lawyer John Deaton faced a phone hack on June 4, which occurred during a relentless cyberattack that spanned several days. Deaton has gained recognition for his strong stance against regulatory enforcement measures implemented by US agencies. The incident highlights the importance of cybersecurity within the crypto industry and the need for vigilance in safeguarding personal accounts and information. Pro-XRP lawyer John Deaton faced a phone hack on June 4, which occurred during a relentless cyberattack that spanned several days. Deaton, known for representing over 76,000 XRP token holders in the Ripple vs. SEC lawsuit, experienced unauthorized access to his Twitter account. The hackers used his account to promote a cryptocurrency called $LAW token, which currently has a negligible market cap. CryptoLaw, an account associated with Deaton and managed by his legal team, promptly responded to the hacker’s tweets, clarifying that the messages did not originate from Deaton himself. The team assured followers that immediate steps were being taken to rectify the situation and address the breach. 🚨John Deaton’s phone has been hacked today after a relentless cyberattack…

    Article 2023年6月8日

  • OpenAI devotes $1m to cybersecurity startups

    TL;DR Breakdown OpenAI has pledged $1 million to the Cybersecurity Grant Program, aiming to boost AI-powered cybersecurity capabilities. The initiative seeks to empower defenders with advanced AI tools, develop methods for quantifying the cybersecurity capabilities of AI models. OpenAI, the pioneering artificial intelligence research organization, has pledged $1 million in support of cybersecurity startups in a bid to reshape the power dynamics within the cybersecurity landscape. The initiative, titled the Cybersecurity Grant Program, aims to harness the potential of AI to transform defense mechanisms in the digital world, while also providing a platform for informed and strategic discourse on the convergence of AI and cybersecurity. OpenAI bridging AI and cybersecurity OpenAI’s mission with this program transcends just the financial backing. The organization seeks to foster a global collaborative network to ensure that cutting-edge AI capabilities are first and foremost available to defenders. This not only fortifies existing cybersecurity protocols but also ensures a proactive stance towards potential threats. Moreover, OpenAI is looking to streamline the quantification of cybersecurity capabilities of AI models. This would help stakeholders understand and improve their…

    Article 2023年6月8日

  • Microsoft’s urgent plea to lawmakers and companies over AI

    TL;DR Breakdown Brad Smith, Microsoft’s president, has urged governments to move faster in their regulations concerning AI. Microsoft also called for corporations to initiate safety brakes for AI technology and develop a more comprehensive regulatory and legal framework governing AI. There remains a debate over the benefits and the troubles that come with AI adoption. Brad Smith, Microsoft President, recently called for better regulation of Artificial intelligence from government officials and lawmakers. This week, the tech industry bigwig went to Washington, DC, where he urged the officials to put up policies to regulate and provide better risk management of technologies governing generative applications such as ChatGPT. Smith’s plea to governments and corporations Microsofts president has urged governments to move faster in their regulations while at the same time asking corporations to step up amidst rapid AI development. Speaking before a panel of lawmakers on May 25, Smith highlighted two things that ought to be of major concern in the United States to mitigate the unforeseen risks presented by AI.  He stated that the first issue would be to enable innovation with…

    Article 2023年5月29日

  • UBS’s Credit Suisse takeover set to conclude in a week

    TL;DR Breakdown UBS is set to finalize its takeover of Credit Suisse by June 12, creating a Swiss banking giant with a $1.6 trillion balance sheet. Deal hinges on approval from U.S. Securities and Exchange Commission; UBS shares rise 1.1%, Credit Suisse up 0.7% in anticipation. The merger is seen as significant step toward integration, despite the change in UBS’s risk profile. The long-anticipated unification of two Swiss banking titans, UBS and Credit Suisse, is scheduled to conclude in a week. This colossal merger, fostered by a government-backed salvage operation earlier this year, is set to birth a behemoth in the banking industry, boasting a balance sheet that tips the scales at $1.6 trillion. Preparing for a monumental merger The impending closure of the deal is hinged on the affirmation of the registration statement by the U.S. Securities and Exchange Commission. This statement pertains to the shares that are to be transferred as part of the deal, among other closing conditions, according to a Monday statement from UBS. The conclusion of the takeover will mark the assimilation of Credit Suisse…

    Article 2023年6月10日
TOP