What's Hot

    Circle Launches EURC on Stellar Network

    September 28, 2023

    Gemini Allocates $24 Million for Indian Expansion

    September 28, 2023

    Kraken Secures EMI License from Ireland and Spain

    September 28, 2023
    Facebook Twitter Instagram
    Facebook Twitter Instagram
    The Bull's GazetteThe Bull's Gazette
    Members Area
    • News
      1. Markets
      2. Policy & Economy
      3. Business
      4. Tech
      Featured

      Circle Launches EURC on Stellar Network

      News September 28, 2023
      Recent

      Circle Launches EURC on Stellar Network

      September 28, 2023

      Gemini Allocates $24 Million for Indian Expansion

      September 28, 2023

      Kraken Secures EMI License from Ireland and Spain

      September 28, 2023
    • Features
      • Opinion
    • Research
      • Publications
      • Market Analysis
      • Contribute
    • Finance & Crypto Guides
    • Consultation
    • Membership
    • Store
    The Bull's GazetteThe Bull's Gazette
    Home»News»EraLend Loses $3.4 Million in DeFi Protocol Attack
    News

    EraLend Loses $3.4 Million in DeFi Protocol Attack

    Anietie DavidBy Anietie DavidJuly 28, 2023Updated:July 28, 2023No Comments3 Mins Read
    EraLend Loses $3.4 Million in DeFi Protocol Attack
    Share
    Facebook Twitter LinkedIn Pinterest Email

    In a significant blow to the decentralized finance (DeFi) space, EraLend, formerly known as Nexon Finance, fell victim to a reentrancy attack on July 25th, resulting in the theft of approximately $3.4 million worth of cryptocurrency. The attack, one of the most common exploits against DeFi protocols, exposed the vulnerability of EraLend’s smart contract system.

    A reentrancy attack involves a malicious actor identifying a security flaw in a smart contract’s code, allowing them to repeatedly call a specific function within the contract before the completion of the previous function call. By manipulating the token prices within the smart contract, the attacker can withdraw an amount far exceeding what should be possible under normal circumstances.

    🚨Security Update: We've experienced a security incident on our platform today. The threat has been contained. We've suspended all borrowing operations for now and advise against depositing USDC. We're working with partners and cybersecurity firms to address this.
    More updates…

    — EraLend | The #1 Money Market on zkSync🥇 (@Era_Lend) July 25, 2023

    EraLend had touted itself as a low-risk zkSync decentralized lending protocol, choosing not to employ oracles, which are external data sources used to fetch off-chain information for smart contracts. According to their own website, this approach was believed to make the platform less susceptible to risks.

    However, the recent attack has severely challenged EraLend’s claims of security. The malicious actor targeted the platform’s USDC (USD Coin) stash, leading to the suspension of all borrowing operations following the breach. In response, EraLend’s development team promptly advised its community against depositing USDC on the platform until the security issue is thoroughly addressed and resolved.

    Reentrancy attacks have been an ongoing concern for DeFi protocols, emphasizing the importance of rigorous security measures and regular audits to safeguard user funds. The incident serves as a stark reminder of the risks associated with smart contract vulnerabilities and the potential impact on users and the overall DeFi ecosystem..

    Cybersecurity Firms Collaborate to Investigate EraLend Platform Attack

    In the wake of the attack, several cybersecurity firms and partners have joined forces to assist EraLend’s developers in recovering from the breach and potentially identifying the perpetrator behind the incident. BlockSec, a renowned cybersecurity firm, has stepped forward to confirm its involvement in conducting a post-mortem analysis of the attack.

    We are assisting @Era_Lend to this issue, and the root cause has been identified. The total loss is ~$3.4M.
    Specifically, this is a read-only re-entrancy attack.
    Another attack tx is:https://t.co/H4A2suVLai
    Attacker address:
    0xf1D076c9Be4533086f967e14EE6aFf204D5ECE7a https://t.co/InhCCW7QAy

    — BlockSec (@BlockSecTeam) July 25, 2023

    As of now, the exact extent of the financial damage inflicted by the attack remains unverified, and there are conflicting reports regarding the total value stolen, with suggestions that it may have reached approximately $3.4 million.

    Initial assessments by experts point to a possible cause of the breach being a read-only reentrancy vulnerability affecting the liquidity provider (LP) token pricing mechanism. However, the precise scale of the hack is yet to be fully determined, leaving some uncertainty in the cryptocurrency community. Researchers are diligently investigating the incident using various tools, including blockchain explorers, to unravel the scope of the attack.

    Compared to previous high-profile hacks like those impacting Ronin or Harmony ecosystems, the amount pilfered from EraLend may appear relatively modest. Nonetheless, the continuous occurrence of such attacks underscores the significance of even small amounts of stolen cryptocurrency, as they collectively contribute to the growing financial losses in the crypto space.

    Over the last year, the cumulative value pilfered from crypto investors surpassed a staggering $10 billion. This amount includes losses resulting from investment scams, fraudulent activities, and other malicious schemes that targeted unsuspecting crypto enthusiasts. Today’s attack serves as yet another stark reminder of the importance of conducting thorough research before investing hard-earned funds into any cryptocurrency platform.

    EraLend Hack Exploits
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Telegram Email
    Previous ArticleUS Authorities Advances Bills to Bring Clarity to Crypto Regulations
    Next Article Nigeria’s SEC Warns Citizens Against Using Binance
    Anietie David

    Anietie has worked in the blockchain industry for three years, gaining experience in blockchain technology, cryptocurrencies, DeFi, and NFTs. As a seasoned content writer, he is passionate about creating effective content strategies for blockchain brands. In addition to content writing, he also has a strong interest in front-end development. When he's not working, he spends his time reading horror novels or playing CODM.

    Related Posts

    Circle Launches EURC on Stellar Network

    September 28, 2023

    Gemini Allocates $24 Million for Indian Expansion

    September 28, 2023

    Kraken Secures EMI License from Ireland and Spain

    September 28, 2023
    Add A Comment

    Leave A Reply Cancel Reply

    Top Posts

    Hong Kong Monetary Authority (HKMA) Issues Warning on Misleading Crypto Banking Claims

    September 18, 2023

    Report Shows that 99% of Nigerians are Crypto Aware

    September 4, 2023

    Hong Kong Report Reveals Positive Impact of Bond Tokenization on Market

    August 26, 2023

    Our best content, straight to your inbox.

    Disclaimer

    Capital at risk. Content on this website does not constitute financial advice. Please do your due diligence before making any investment.

    Company
    Company

    At the forefront of news and analysis for emerging markets, business, crypto and tech - TBG is redefining financial information through resources for next-generation economics.

    Facebook Twitter Instagram LinkedIn TikTok Discord
    Links
    • About
    • Contribute
    • Advertise
    • Careers
    • Membership
    • Investor Relations
    • Frequently Asked Questions

    TBG Newsletter

    © 2023 The Bull's Gazette.
    • Terms and Privacy
    • Contact Us

    Type above and press Enter to search. Press Esc to cancel.