Sturdy Finance, a decentralized finance (DeFi) protocol, has suffered an exploit resulting in the loss of 442 Ether (ETH), equivalent to nearly $800,000. The attack targeted a faulty price oracle, allowing the hacker to drain funds from the protocol. Sturdy Finance has temporarily paused its markets and assured users that no additional funds are at risk. The incident is currently under investigation, and further details are expected to be revealed.
Insights from blockchain security firms
Blockchain security firms, including Peckshield, 0xScope, and BlockSec, shed light on the attacker’s exploit and techniques. Peckshield initially identified the vulnerability related to a defective price oracle used to compute the asset price. Subsequently, the hacker transferred the stolen funds to Tornado Cash, a crypto-mixing protocol, and the Change Now exchange.
Further analysis by 0xScope confirmed the role of the faulty price oracle in the exploit. Meanwhile, BlockSec highlighted that the attack exhibited signs of a “typical Balancer’s read-only reentrancy” attack. The attacker borrowed over 100,000 staked Ethereum from Aave through a flash loan and then exploited a liquidity pool managed by Sturdy Finance’s team on the Balancer.
In other recent news, scammers gained control over eight Twitter accounts belonging to prominent crypto community members, including DJ Steve Aoki and Pudgy Penguins founder Cole Villemain, to promote crypto scams. These malicious actors reportedly managed to steal nearly $1 million in cryptocurrencies. Meanwhile, the United States Justice Department has charged Alexey Bilyuchenko and Aleksandr Verner in connection with the infamous Mt. Gox hack. The duo is accused of stealing and conspiring to launder 647,000 Bitcoin.