1. BITBILIHome
  2. Article

ZKSync-based Era Lend suffers $3.4 million loss in DeFi exploit

179 views

TL;DR Breakdown

  • Era Lend, a lending protocol on the zkSync network, suffered a $3.4 million loss due to a ‘read-only reentrancy attack’, which allowed the attacker to withdraw funds repeatedly.
  • The attack also impacted the stablecoin USDC+, issued by the Overnight Finance protocol, resulting in a potential loss of over $261,000.
  • In response, Era Lend paused its zkSync contracts to prevent further exploits, highlighting the ongoing security challenges in the DeFi sector.

Description

According to a recent report by blockchain security firm BlockSec, Era Lend, a decentralized lending protocol operating on the zkSync Layer 2 network, has fallen victim to a ‘read-only reentrancy attack’ resulting in a loss of $3.4 million.  The attacker exploited a vulnerability that allowed repeated calls to a function within a single transaction, withdrawing … Read more

According to a recent report by blockchain security firm BlockSec, Era Lend, a decentralized lending protocol operating on the zkSync Layer 2 network, has fallen victim to a ‘read-only reentrancy attack’ resulting in a loss of $3.4 million. 

The attacker exploited a vulnerability that allowed repeated calls to a function within a single transaction, withdrawing more funds than they were entitled to. Also, the exploit involved manipulating a contract to report outdated values that hadn’t been updated yet, taking advantage of a faulty price oracle that Era Lend relied upon.

The impact and response

The attack had repercussions on the stablecoin USDC+, issued by the Overnight Finance protocol, resulting in a potential loss of over $261,000, which represents 7.86% of the total value of the collateral supporting the stablecoin. 

In response to the attack, Era Lend paused the protocol’s zkSync contracts to prevent further exploits. The team also advised users that only the USDC pool was compromised. According to an official statement on Discord, the Era Lend team assured that the security of other assets remains intact—but borrowing operations on the platform have been temporarily halted.

“We have detected and confirmed a cyber attack on our platform. We want to assure you that the attack has been contained, and the threat actor can no longer continue their actions.”

Era Lend Team

The Era Lend exploit has raised concerns for other projects based on the Syncswap project, from which Era Lend is a fork. Security analysts have warned that these projects might also be susceptible to similar exploits. The incident underscores the need for auditors to utilize specialized software to identify these vulnerabilities more effectively, as read-only reentrancy attacks can evade traditional scrutiny and remain harder to identify during auditing processes.

Era Lend operates on the zkSync network, an Ethereum layer-2 rollup utilizing zero-knowledge proofs. As of April, the total value locked in the zkSync network surpassed $110 million. Despite the recent exploit, the network’s developers have ambitious plans to establish an ecosystem of interoperable chains named “Hyperchains” by December 2023.

Disclaimer. The information provided is not trading advice. Cryptopolitan.com holds no liability for any investments made based on the information provided on this page. We strongly recommend independent research and/or consultation with a qualified professional before making any investment decisions.

文章来源于互联网:ZKSync-based Era Lend suffers $3.4 million loss in DeFi exploit

Disclaimers:

1. You are solely responsible for your investment decisions and this info is not liable for any losses you may incur.

2. The copyright of this article belongs to the writer, it represents the writer's opinions only, not represents the site's ones. Not financial advice.

Previous 2023年7月26日 17:11
Next 2023年7月26日 18:31

Related articles

  • Atomic Wallet efforts to track and revert stolen funds

    TL;DR Breakdown Atomic Wallet and blockchain investigators have been working diligently to track and return the stolen funds. The company claims that less than 1% of its monthly active users were affected. Despite the Company’s official announcement, some users were still reporting losses at the time of writing. A recent hack targeting Atomic Wallet resulted in the theft of $35 million from its users since June 2. However, the company claims that less than 1% of its monthly active users were affected. Following the attack, Atomic Wallet and blockchain investigators have been working diligently to track and return the stolen funds. Exploiting the situation, several verified scam Twitter accounts impersonated Atomic Wallet and shared phishing links, falsely promising to assist users in recovering their lost funds. Despite Atomic Wallet’s official announcement, some users were still reporting losses at the time of writing. The community criticized the company for downplaying the extent of the damage, as users believed the hacker primarily targeted wallets with substantial funds. At the moment less than 1% of our monthly active users have been affected/reported. Last…

    Article 2023年6月9日

  • Ethereum co-founder’s massive ETH transfer raises questions amid crypto bear market

    TL;DR Breakdown Ethereum co-founder Jeffrey Wilcke’s transfer of 22,000 ETH to Kraken sparks speculation and concern among the crypto community. The timing of Wilcke’s transfer, just before the SEC’s lawsuit against Binance, adds to the unease surrounding the move. Wilcke’s recent transfer follows the Ethereum Foundation’s sale of 15,000 ETH, fueling debates about the future of Ethereum. In a surprising turn of events, the crypto community was thrown into speculation as Jeffrey Wilcke, one of the co-founders of Ethereum (ETH), made a substantial transfer of 22,000 ETH to a Kraken address on Monday. The move has sent shockwaves through the industry, with investors questioning the motivations behind such a significant transfer during the ongoing crypto bear market. ETH, Ethereum’s native cryptocurrency, has been experiencing steady growth since the beginning of the year, gaining an impressive 51%. However, the recent actions of Wilcke have left ETH investors feeling uneasy. Just hours before the U.S. Securities and Exchange Commission (SEC) announced its lawsuit against Binance, the transfer timing exacerbated concerns within the community. Wilcke’s decision to move 22,000 ETH, valued at approximately…

    Article 2023年6月11日

  • Shiba Inu team reveals complexities behind BONE contract cancellation

    TL;DR Breakdown Shiba Inu’s lead developer has clarified the team’s position on the renunciation of BONE contracts, a topic under intense scrutiny. The update comes after Chief Developer Shytoshi Kusama promised to renounce the contract by August and mint the last 20 million BONE tokens. The Shiba Inu team plans to extensively test the renunciation feature before implementing it on the mainnet. Description Kaal Dhairya, the lead developer for Shiba Inu, clarified the development team’s stance on the highly anticipated renunciation of BONE contracts. Significantly, this move comes after increasing public pressure on the Shiba Inu team to abandon the contract for the BONE token to facilitate its listing on major platforms like Binance. Chief Developer Shytoshi Kusama … Read more Kaal Dhairya, the lead developer for Shiba Inu, clarified the development team’s stance on the highly anticipated renunciation of BONE contracts. Significantly, this move comes after increasing public pressure on the Shiba Inu team to abandon the contract for the BONE token to facilitate its listing on major platforms like Binance. Chief Developer Shytoshi Kusama promised the team would…

    Article 2023年9月17日

  • Brazil breaks gas price tie to US dollar – Details

    TL;DR Breakdown Brazil’s state-owned oil company, Petrobras, breaks fuel pricing ties to the US dollar, adopting new pricing benchmarks. The policy shift is part of President Lula’s efforts to lessen Brazil’s reliance on the U.S. dollar. In a seismic move reshaping the oil industry landscape, Brazil’s state-owned oil company, Petrobras, has unveiled a groundbreaking shift away from dollar-based fuel pricing, according to an announcement made by Brazilian President Luiz Inacio ‘Lula’ da Silva. This revolutionary move, called “Brazilianization,” will see the company set its internal fuel pricing structure independent of US dollar-pegged international prices. A new era for fuel pricing “We have regained our freedom to set prices. We have liberated ourselves from the single and exclusive factor, which was parity,” announced Petrobras president, Jean Paul Prates, during a press conference in Brasília. The company confirmed that they will be reducing the average price of diesel for distributors by R$0.44 per liter, taking it from R$3.46 to R$3.02. Similarly, the average price of gasoline will see a reduction of R$ 0.40 per liter, coming down from R$ 3.18 to R$…

    Article 2023年5月19日

  • Hong Kong’s trade frenzy begins! Discover the potentially eligible tokens

    TL;DR Breakdown Hong Kong’s new regulatory framework comes amid the city’s drive to become a global Web3 hub. Starting June 1st, Hong Kong’s SFC will allow crypto retail trading and accept applications from exchanges to offer such services. Traders and market analysts analyze the crypto coins that could be eligible for trade in Hong Kong. Hong Kong has allowed retail investors to trade crypto under its new rulebook for the sector, accelerating efforts to develop a digital-asset center even as the industry and regulators clash in other Asian nations. Tuesday, the Securities and Futures Commission (SFC) of the city presented the findings of a consultation on retail participation. Beginning on June 1, when a new licensing regime for virtual-asset platforms goes into effect, the agency will allow individual investors to purchase and sell larger tokens like bitcoin and ether. Hong Kong positions itself as a global crypto hub Hong Kong intends to reposition itself as a crucial crypto hub in the region by reopening retail trading. Given its relations with the People’s Republic of China, a historically anti-crypto nation, experts…

    Article 2023年5月26日
TOP