BlockSec, a cybersecurity firm, is stepping in to help Era_Lend address a recent security breach. Preliminary findings revealed that the attackers exploited a read-only re-entrancy attack, resulting in a loss of approximately $3.4 million. The attack transaction could be traced at the transaction link.
We are assisting @Era_Lend to this issue, and the root cause has been identified. The total loss is ~$3.4M.— BlockSec (@BlockSecTeam) July 25, 2023
Specifically, this is a read-only re-entrancy attack.
Another attack tx is:https://t.co/H4A2suVLai
EraLend, a prominent player in the decentralized finance (DeFi) space, has reportedly lost millions in the security exploit, emphasizing the pressing need for heightened security measures in the sector. Another alarming attack transaction, involving $1 million USDC, has also been flagged, escalating concerns about potential additional losses.
In light of this breach, EraLend has immediately suspended all borrowing functionalities on its platform. As a safety protocol, the platform recommended users refrain from depositing USDC until the issue is fully addressed. EraLend is currently liaising with cybersecurity experts and industry allies to rectify the situation and fortify defenses against future threats.
EraLend’s security lapse on ZkSync has inadvertently impacted other entities in the ecosystem, notably Overnight_fi. Having previously integrated EraLend akin to Aave’s function, Overnight_fi borrowed ETH against USDC and facilitated delta-neutral LP positions on Mute.io. Following the exploit, a triggered sell-off was witnessed on Overnight_fi’s USDC/ETH LP position, linked to EraLend.
In a responsive move, Overnight_fi has momentarily halted USD+ operations on zkSync and is in joint efforts with EraLend for optimal recovery strategies. However, it’s worth noting that chains outside zkSync remain unaffected by this breach.
Peckshield Alert, a revered blockchain security provider, pinpointed a price oracle anomaly tied to the exploit. The primary source of the breach has been traced back to a re-entrancy issue with a mismatched swap pool state, creating the loophole that culminated in the attack.