Security Attack Robs Lending Protocol Sturdy Finance of $800k in Crypto

Don’t invest unless prepared to lose all the money you invest. This is a high-risk investment, you shouldn’t expect to be protected if something goes wrong.

Security Attack Robs Lending Protocol Sturdy Finance of $800k in Crypto
Security Attack Robs Lending Protocol Sturdy Finance of $800k in Crypto

Join Our Telegram channel to stay up to date on breaking news coverage

The crypto industry saw another major hack recently, and this time, the target was a decentralized lending protocol, Sturdy Finance.

The project suffered a security attack that robbed it of 442 ETH, or approximately $800,000.

At this time, the attacker is still not identified, but it is known that they took advantage of a reentrancy vulnerability.

They then proceeded to manipulate a faulty price oracle, which allowed them to steal the funds.

What did the attacker do?

Price oracles play a major role in decentralized finance, providing real-time price data for digital assets.

However, online criminals can also exploit them should they manage to find a vulnerability that can be exploited.

This happened to Sturdy Finance, as the project suffered a reentrancy attack, a method commonly used for illicit withdrawal of funds from DeFi protocols.

The attack essentially misuses the ability to call a function repeatedly within a single transaction before the first function call gets completed.

That way, they get to withdraw more funds than they are supposed to.

After the attacker realized that they could manipulate function calls in such a way, they exploited the price oracle derived from a special read-only smart contract that Sturdy Finance uses.

The oracle was created to determine the accuracy of the market value of assets stored in a liquidity pool that the project’s team manages on the Balancer DEX.

In doing so, the oracle facilitates the trading of staked ETH. However, by exploiting it, the attacker managed to drain funds from Sturdy, as explained by a security company BlockSec.

The security company noted that “the root cause is due to the typical Balancer’s read-only reentrancy, while the price of B-stETH-STABLE was manipulated.”

Sturdy Finance froze the markets to prevent further losses

After realizing it was under attack, Sturdy Finance reacted by suspending all markets to prevent further exploits and even greater losses. It also assured the users that no other funds were endangered during the breach. The team stressed that All markets have been paused, no additional funds are at risk, and no user actions are required at this time. We will be sharing more information as soon as we have it..”

Following the attack, many have started using block explorers to try and track down the attacker.

However, the on-chain data revealed that the attacker had already used Tornado Cash mixer to hide the coins and likely split the amount they stole into multiple transactions so that they would get lost in the traffic.

As for Sturdy Finance itself, it managed to raise $3 million last year in a series of rounds. Its goal was to create an interest-free borrowing and lending platform.

The funding rounds were led by Pantera, with other major participants, including SoftBank’s Opportunity Fund, KuCoin Ventures, and Y Combinator.

Related

Newest Meme Coin ICO - Wall Street Pepe

Rating

Wall Street Pepe
  • Audited By Coinsult
  • Early Access Presale Round
  • Private Trading Alpha For $WEPE Army
  • Staking Pool - High Dynamic APY
Wall Street Pepe

Join Our Telegram channel to stay up to date on breaking news coverage

Read next

Please enter Coingecko & CoinMarketcap Api Key to get this plugin works