Carding
Professional
- Messages
- 2,870
- Reaction score
- 2,491
- Points
- 113
An attacker attacked the EraLend landing protocol on the zkSync Era network, stealing $3.4 million worth of digital assets.
Representatives of the project confirmed the hack. The developers have suspended all lending transactions and advised users not to make new deposits.
The EraLend team is currently working with security company BlockSec to investigate the incident.
It is likely that the hacker used a "read-only re-entry" exploit on the SynсSwap DEX. This allowed the attacker to manipulate the price oracle to withdraw wrapped ETH and USDC.
“The attacker changed the price of liquidity tokens during SyncSwap's burning or issuing [coins] activity, using their reserves to set their own rate. All projects using the code of the affected exchange must remain on the alert, ”BlockSec emphasized.
According to L2BEAT, since July 5, the total value locked in the zkSync Era L2 network has fallen from $735 million to $437 million over the past 20 days, a drop of 40%. Over the same period, competitor Starknet's figure increased by 80%, from $71 million to $128 million.
Recall that in July, a hacker withdrew $ 1.5 million from the Rodeo Finance DeFi protocol through manipulations with the oracle.
Later, the attacker attacked the Alphapo project. Losses from hacking amounted to about $ 60 million.
In the first half of 2023, the crypto industry faced 395 hacks, losing about $479.4 million as a result.
Representatives of the project confirmed the hack. The developers have suspended all lending transactions and advised users not to make new deposits.
The EraLend team is currently working with security company BlockSec to investigate the incident.
It is likely that the hacker used a "read-only re-entry" exploit on the SynсSwap DEX. This allowed the attacker to manipulate the price oracle to withdraw wrapped ETH and USDC.
“The attacker changed the price of liquidity tokens during SyncSwap's burning or issuing [coins] activity, using their reserves to set their own rate. All projects using the code of the affected exchange must remain on the alert, ”BlockSec emphasized.
According to L2BEAT, since July 5, the total value locked in the zkSync Era L2 network has fallen from $735 million to $437 million over the past 20 days, a drop of 40%. Over the same period, competitor Starknet's figure increased by 80%, from $71 million to $128 million.
Recall that in July, a hacker withdrew $ 1.5 million from the Rodeo Finance DeFi protocol through manipulations with the oracle.
Later, the attacker attacked the Alphapo project. Losses from hacking amounted to about $ 60 million.
In the first half of 2023, the crypto industry faced 395 hacks, losing about $479.4 million as a result.
