$800K lost following Sturdy Finance security breach

$800K lost following Sturdy Finance security breach
фото показано с : invezz.com

2023-6-12 11:59

Decentralized lending platform Sturdy Finance suffered a serious security breach earlier today that cost it 442 Ethereum (ETH), worth about $800,000. An unidentified hacker launched the attack, taking advantage of the system’s reentrancy vulnerability to control a flawed price oracle and steal money.

Essentially, price oracles play a crucial role in decentralized finance (DeFi) applications like Sturdy Finance by providing actual price data. However, they can also be a top target for hackers looking to take advantage of flaws and jeopardize the platform’s security.

How the Study Finance attack was orchestrated

Reentrancy attacks, which are frequently used to fraudulently withdraw money from DeFi protocols, were used to launch the attack on Sturdy Finance. This kind of attack makes use of the capability to make multiple calls to the same function within a single transaction before the initial function call has finished. The attacker was able to withdraw more money than they were legally allowed to by taking advantage of this flaw.

The attacker then used their control over the function calls to take advantage of the price oracle. Sturdy Finance derived its price oracle from a separate “read-only” smart contract, which was in charge of accurately estimating the market value of assets in a liquidity pool run by the Balancer protocol. The attacker, however, was successful in manipulating the oracle, allowing them to steal funds from Study Finance.

Security Company BlockSec identified the root cause of the breach as the typical reentrancy vulnerability in Balancer’s system, combined with the manipulation of the price of B-stETH-STABLE.

According to on-chain data, the attacker then went ahead to use the embattled Tornado Cash mixer to obfuscate their activities.

Sturdy Finance responded to the attack right away by suspending all of its markets in order to limit potential losses. Users received assurances from the team that no additional funds were in danger and that no immediate action was needed on their part. They promised to share more details as soon as they were made available.

The post $800K lost following Sturdy Finance security breach appeared first on Invezz.

Similar to Notcoin - Blum - Airdrops In 2024

origin »

SherLOCK Security (LOCK) на Currencies.ru

$ 0.1387 (+1.71%)
Объем 24H $13
Изменеия 24h: 10.06 %, 7d: -33.06 %
Cегодня L: $0.1387 - H: $0.1387
Капитализация $0 Rank 3458
Доступно / Всего 0 LOCK / 4.969m LOCK

security finance breach sturdy system advantage attack

security finance → Результатов: 126


Revolutionary Collaboration: MetaMask Institutional and Fireblocks Unite to Provide Unparalleled DeFi and Web3 Opportunities for Institutional Investors and Builders

ConsenSys and Fireblocks have joined forces to provide institutional investors and builders with unparalleled access to decentralized finance (DeFi) and Web3. By integrating MetaMask Institutional (MMI), an enterprise-grade web3 wallet, with Fireblocks’ platform for blockchain product development and crypto operations management, they offer a comprehensive solution for wallet security, portfolio management, and connectivity to over […] Сообщение Revolutionary Collaboration: MetaMask Institutional and Fireblocks Unite to Provide Unparalleled DeFi and Web3 Opportunities for Institutional Investors and Builders появились сначала на Coinstelegram.

2023-6-9 16:30


Hundred Finance hacked on Optimism, suffers $7 million loss

Hundred Finance, a decentralized finance (DeFi) multi-chain lending protocol utilizing the veHND model, has experienced a significant security breach on the Optimism layer-2 scaling solution. The protocol, which integrates with Chainlink oracles to ensure market health and stability, announced via their official Twitter account on Saturday, April 15, that they had been hacked with losses […] The post Hundred Finance hacked on Optimism, suffers $7 million loss appeared first on CryptoSlate.

2023-4-16 22:38


1 quadrillion yUSDT minted in Yearn Finance exploit

The hack was detected by blockchain security firm PeckShield. The hacker swapped the yUSDT to other stablecoins. The hacker has also transferred 1,000 Ether to Tornado Cash. Blockchain Security firm PeckShield recently detected an exploit on the lending platform Yearn Finance that resulted in an irregular minting of over 1 quadrillion Yearn Tether (yUSDT) using […] The post 1 quadrillion yUSDT minted in Yearn Finance exploit appeared first on CoinJournal.

2023-4-13 17:05


Kokomo Finance Pulls Exit Scam, Takes $4 Million In Investor Funds With It

The deployer of Kokomo Finance, a non-custodial lending protocol on Optimism and Arbitrum, which are popular layer-2 platforms on Ethereum, has rugged users of $4 million. Kokomo Finance Exit Scams, Stealing $4 Million CertiK, a blockchain security firm, tweeted on March 26 that Kokomo Finance exited the protocol and stole $4 million in user funds.  […]

2023-3-27 12:10


Sovryn Introduces Decentralized Bitcoin-Backed Sovryn Dollar, to Combat Centralized Stablecoins

London, United Kingdom, 16th March, 2023, Chainwire Sovryn, the leading Bitcoin-based decentralized finance (DeFi) platform, launches the Sovryn Dollar (DLLR). The Sovryn Dollar introduces a new standard of stablecoin, 100% backed by Bitcoin to provide unparalleled censorship-resistance, security, and reliability.

2023-3-16 18:04