Sturdy Finance, a decentralized finance (DeFi) protocol, recently suffered a security breach that resulted in the loss of 442 ETH, equivalent to over $800,000. The breach was a result of a flaw in the protocol’s price oracle, which allowed the hacker to exploit the vulnerability and drain funds from the platform.
On June 12, 2023, blockchain security company, PeckShield, detected a suspicious transaction related to price manipulation and promptly notified Sturdy Finance.
Hi @SturdyFinance, you may want to take a look: https://t.co/XiJppu6Ww3
The issue seems to be related to the price manipulation
— PeckShield Inc. (@peckshield) June 12, 2023
In response, the DeFi protocol swiftly halted all its markets and reassured its customers that no additional funds were at risk.
We are aware of the reported exploit of the Sturdy protocol. All markets have been paused; no additional funds are at risk and no user actions are required at this time.
We will be sharing more information as soon as we have it.
— Sturdy ???? (@SturdyFinance) June 12, 2023
PeckShield revealed that despite the immediate action taken by the DeFi lending network, the attacker successfully transferred approximately $800,000 worth of ETH to the cryptocurrency mixer Tornado Cash. The security company identified the flawed price oracle as the root cause of the exploit.
BlockSec, another blockchain security firm, pointed out that the hack employed a reentrancy attack, a technique commonly used by hackers to exploit DeFi protocols and extract funds. This technique allows hackers to execute multiple function calls within a single transaction, bypassing the completion of the initial function call and enabling them to withdraw more funds than normally permitted.
1/ @SturdyFinance was attacked and the loss is ~442 ETH. The root cause is due to the typical Balancer’s read-only reentrancy, while the price of B-stETH-STABLE was manipulated! pic.twitter.com/5l9mVfhpQN
— BlockSec (@BlockSecTeam) June 12, 2023
Earlier, another DeFi protocol, Jimbo Protocol, was exploited via a vulnerability, and it resulted in an unauthorized withdrawal of 4,000 Ether, valued at approximately $7.5 million at the time. The exploit occurred on May 28, 2023, within an Arbitrum-based DeFi application, and the hacker capitalized on the absence of a slippage restriction on liquidity conversions to execute the attack. Jimbos Protocol has offered a reward of 10% of stolen funds for information leading to the identification of the hacker.
In a separate incident, scammers targeted eight prominent members of the cryptocurrency community by compromising their Twitter accounts and using them to propagate fraudulent schemes. Blockchain investigator ZachXBT reported that the hackers gained control of accounts belonging to notable figures such as DJ Steve Aoki, Cole Villemain (the entrepreneur behind Pudgy Penguins), and even crypto critic Peter Schiff. It is estimated that these breaches resulted in the theft of approximately $1 million in cryptocurrency.
If you want to read more news articles like this, visit DeFi Planet and follow us on Twitter, LinkedIn, Facebook, Instagram, and CoinMarketCap Community.
“Take control of your crypto portfolio with MARKETS PRO, DeFi Planet’s suite of analytics tools.”
