DeFi Protocol Sturdy Finance Loses $800,000 in ETH Due to Security Exploit
Sturdy Finance, a decentralized finance (DeFi) protocol, has suffered a security exploit resulting in the loss of approximately $800,000 worth of Ether (ETH). The attacker took advantage of a vulnerability that manipulated a faulty price oracle, enabling them to drain funds from the protocol.
On June 12, blockchain security firm PeckShield alerted Sturdy Finance about a suspicious transaction related to price manipulation. About an hour later, the DeFi protocol responded by pausing all of its markets and reassuring its users that no additional funds were at risk.
Despite the swift response from Sturdy Finance, PeckShield confirmed that the attacker managed to transfer nearly $800,000 worth of ETH to the crypto mixer Tornado Cash. The security firm identified a faulty price oracle as the “root cause” of the exploit.
BlockSec, another blockchain security company, highlighted that the hack employed a reentrancy attack, a commonly used method by hackers to withdraw funds from DeFi protocols. This attack exploits the ability to repeatedly call a function in a single transaction before the initial function call is completed, allowing hackers to withdraw more funds than should be possible.
In a separate incident, scammers gained control of eight Twitter accounts belonging to prominent figures in the crypto community and used them to promote crypto scams. Notably, DJ Steve Aoki, Pudgy Penguins founder Cole Villemain, and even crypto critic Peter Schiff had their accounts compromised. According to blockchain detective ZachXBT, these scammers managed to steal almost $1 million in cryptocurrencies.
In related news, the United States Justice Department recently pressed charges against two individuals allegedly involved in the Mt. Gox hack. The department accused Alexey Bilyuchenko (43 years old) and Aleksandr Verner (29 years old) of stealing and conspiring to launder 647,000 Bitcoin.
1 Comment