• 05 December, 2024
News

BlockSec Assists EraLend in Recovering From $3.4M Attack

BlockSec Assists EraLend in Recovering From $3.4M Attack

BlockSec, a cybersecurity firm, is stepping in to help Era_Lend address a recent security breach. Preliminary findings revealed that the attackers exploited a read-only re-entrancy attack, resulting in a loss of approximately $3.4 million. The attack transaction could be traced at the transaction link

EraLend, a prominent player in the decentralized finance (DeFi) space, has reportedly lost millions  in the security exploit, emphasizing the pressing need for heightened security measures in the sector. Another alarming attack transaction, involving $1 million USDC, has also been flagged, escalating concerns about potential additional losses.

In light of this breach, EraLend has immediately suspended all borrowing functionalities on its platform. As a safety protocol, the platform recommended users refrain from depositing USDC until the issue is fully addressed. EraLend is currently liaising with cybersecurity experts and industry allies to rectify the situation and fortify defenses against future threats.

EraLend’s security lapse on ZkSync has inadvertently impacted other entities in the ecosystem, notably Overnight_fi. Having previously integrated EraLend akin to Aave’s function, Overnight_fi borrowed ETH against USDC and facilitated delta-neutral LP positions on Mute.io. Following the exploit, a triggered sell-off was witnessed on Overnight_fi’s USDC/ETH LP position, linked to EraLend.

In a responsive move, Overnight_fi has momentarily halted USD+ operations on zkSync and is in joint efforts with EraLend for optimal recovery strategies. However, it’s worth noting that chains outside zkSync remain unaffected by this breach.

Peckshield Alert, a revered blockchain security provider, pinpointed a price oracle anomaly tied to the exploit. The primary source of the breach has been traced back to a re-entrancy issue with a mismatched swap pool state, creating the loophole that culminated in the attack.

Bittrex Urges US Customers to Withdraw Funds Amid Bankruptcy and Regulatory Turmoil
Read Previous

Bittrex Urges US Customers to Withdraw Funds Amid Bankruptcy and Regulatory Turmoil

Taking a step towards amplifying customer experience
Read Next

Taking a step towards amplifying customer experience