Search Inside Bitcoins

Sentiment Breached To The Tune Of $500 Million

Donโ€™t invest unless prepared to lose all the money you invest. This is a high-risk investment, you shouldnโ€™t expect to be protected if something goes wrong.

sentiment hack
sentiment hack

Join Our Telegram channel to stay up to date on breaking news coverage

The lending protocol, Sentiment, seems to fall victim to a security attack, leading to the loss of over $500 million in cryptocurrencies. The Sentiment team took to Twitter, confirming the unusual borrowing activity identified as a malicious exploit. The exploit is said to have transferred 536,738.41001 USD Coin (USDC) from the Synapse Bridge, which can be traced back to several Arbitrum transactions that drained funds from Sentiment. 

However, according to Arbiscan, the wallet responsible for the attack is known as” Sentimentxyz Exploiter.” Further, the Sentiment team has paused the main contract and disabled all functionality except withdrawals to deal with the issue. 

The attacker stole the tokens through a re-entrance vulnerability and later transferred them to the Ethereum Chain. This is according to a Twitter user referred to as Officer’s Notes, who relied on another Twitter User identified as FrankResearcher, to arrive at this conclusion. 

How the Attack Went Down on Sentiment Protocol

Some investigations reveal that the attacker might have stolen the lending protocol’s deployer key. The attacker commenced by deploying a contract to the Arbitrum network at the stated address: 0xa4d063b9468b93aee2a87ec7072c3dabd5ee5968

They called the “run” function on the contract a minute later. However, the function call did not go through as it provided a “Fail with error ‘BAL#420” response. Further, the attacker went on and called the “self-destruct” function on the contract, which succeeded. This wiped away all of the contract’s code from the blockchain. 

Nonetheless, after the attacker destroyed this contract, the individual redeployed at the following address: 0x9f626F5941FAfe0A5b839907d77fbBD5d0deA9D0. This led to the attacker calling for the “run” function again. This time, it went through, causing the contract to carry out several transactions. However, in one of the several transactions conducted, it changed admin for a BeaconProxy contract located at the address: 

0xdf346f8d160424c79cb8e8b49b13dd0ca61c3b8c

This suggests the attack may have occurred due to the stolen deployer key of Sentiment’s lending protocol. Additionally, after the contract was upgraded, the malicious smart contract approved the attacker to transfer various tokens, which led to the loss of funds from Sentiment. The stolen funds are said to have been moved via the Synapse bridge to the Ethereum blockchain. After completing the transactions, the attacker once again destroyed the contract code. 

The Platform’s Efforts to Identify the Hacker

However, Sentiment is now working with law enforcement to identify the hacker and restore the stolen funds. In collaboration with third-party security auditors, the team released a fix resolving the vulnerability, enabling the users to repay debts and unwind their positions.

 Sentiment has sent a notice to the hacker, offering them a deal. The protocol has told the attacker to keep 10% of the stolen funds as a bounty if they return the remaining funds. As per the letter, the platform promised a $95,000 payment if the assets were returned by April 6. However, the prize will not be returned, but, Sentiment has noted that it will distribute it to those who will provide the information regarding the attacker. Nonetheless, Sentiment has a total locked volume of $5.8 million from $10.76 million as on April 4. 

Further, Sentiment is a liquidity protocol that provides permissionless undercollateralized lending on-chain. It aims to address capital inefficiencies in DeFi by offering a solution for undercollateralized on-chain credit. Notably, the platform mitigates the counterparty risk challenge by implementing on-chain hypothecation. 

More News

Most Searched Crypto Launch - Pepe Unchained

Rating

Pepe Unchained
  • Layer 2 Meme Coin Ecosystem
  • Featured in Cointelegraph
  • SolidProof & Coinsult Audited
  • Staking Rewards - pepeunchained.com
  • $40+ Million Raised at ICO - Ends December
Pepe Unchained

Join Our Telegram channel to stay up to date on breaking news coverage

Read next

Please enter Coingecko Free Api Key to get this plugin works