/cdn.vox-cdn.com/uploads/chorus_asset/file/24016885/STK093_Google_04.jpg)
/cdn.vox-cdn.com/uploads/chorus_asset/file/24808816/Starfield__The_Settled_Systems___Supra_Et_Ultra_____Starfield__The_Settled_Systems___Supra_Et_Ultra_2023_7_25_94252.263_1440p_streamshot.png)
Decentralized finance (DeFi) protocol Sturdy Finance has lost 442 ether (ETH), worth around $800,000, when it was written off for a security exploit. The attacker exploited a vulnerability that ultimately manipulated a faulty price oracle, allowing them to extort funds from the protocol.
Blockchain security firm PeckShield on June 12 alerted Sturdy Finance and reported a transaction that appears to be related to price manipulation. About an hour later, the DeFi protocol said it was aware of the exploit and responded by halting all of its markets and assuring its users that no additional funds were at risk.
We are aware of the alleged exploitation of Sturdy Protocol. All markets have been halted; No additional funds are at risk and no user action is required at this time.
We will share as soon as we have more information.
— Sturdy (@SturdyFinance) June 12, 2023
Despite swift response from DeFi lending platform, PeckShield Confirmed That the attacker was able to transfer approximately $800,000 in ETH to crypto mixer Tornado Cash. The security firm also noted that the “root cause” of the exploit was a faulty price prediction.
Additionally, blockchain security company BlockSec highlighted that the hack was carried out through a refinancing attack, a common method hackers use to extort funds from DeFi protocols.
1/ @SturdyFinance Attacked and loss is ~442 ETH. The root cause is due to the read-only reentrancy of the specific balancer, while the price of B-stETH-STABLE was manipulated! pic.twitter.com/5l9mVfhpQN
— BlockSec (@BlockSecTeam) June 12, 2023
Through the method, hackers exploit the ability to repeatedly call a function in a transaction before the initial function call has completed. This allows hackers to withdraw more funds than necessary.
Connected: Atomic Wallet Hacker Sends Crypto to Mixer Used by Lazarus Group: Elliptic
Meanwhile, the scammers were able to take control of eight Twitter accounts of prominent crypto community members and promote crypto scams. According to blockchain sleuth ZachXBT, scammers have stolen nearly $1 million in crypto after taking control of the accounts of famed DJ Steve Aoki, Puddy Penguins founder Cole Willeman, and even crypto hater Peter Schiff.
In other news, the United States Department of Justice recently charged two people allegedly involved in the Mt. Gox hack. According to the department, Alexey Bilyuchenko, 43, and Aleksandr Werner, 29, allegedly committed and conspired to steal 647,000 bitcoin (BTC).
magazine: $3.4B Bitcoin in a Popcorn Tin – The Story of the Silk Road Hacker
