DeFi Hack Worth $3.4M Strikes EraLend, zkSync’s Top Lender
Share this article
EraLend, a lending protocol on Ethereum’s scaling blockchain, zkSync, faced a substantial exploit that resulted in a loss of $3.4 million, according to an analysis by CertiK, a leading firm in blockchain security.
The incident was described as a read-only reentrancy attack, a complex strategy allowing the perpetrator to tamper with asset prices via repeated calls to a smart contract, effectively looting assets.
🔔 #EraLend Update: ZkSync attack resulted in $1.7M loss. Verify your assets for reimbursement here https://t.co/gAnpA0tpph Check even if no loss. #zkSyncEra pic.twitter.com/h249rQ2DLe
— zkSync ∎ (@_zksnyc) July 25, 2023
EraLend’s total capital locked on the platform took a considerable hit, dropping to $10.75 million from an earlier $18.5 million, as shown in data from DefiLlama.
The lending platform confirmed the security incident in an official statement on social media, noting that the threat was under control.
The tweet read: “We’ve experienced a security incident on our platform today. The threat has been contained. We’ve suspended all borrowing operations for now and advise against depositing USDC. We’re working with partners and cybersecurity firms to address this. More updates to follow.”
Conic Finance was also exploited last week, losing 1700 ETH due to a comparable exploit. The thief initiated a flash loan of 20,000 staked ETH, redirecting these funds to Conic’s price oracle, which set the stage for the exploit.
This vulnerability was subsequently leveraged, together with a manipulation of Conic’s price oracle that sources its data from a read-only smart contract provided by a third party.
Share this article
The information on or accessed through this website is obtained from independent sources we believe to be accurate and reliable, but Decentral Media, Inc. makes no representation or warranty as to the timeliness, completeness, or accuracy of any information on or accessed through this website. Decentral Media, Inc. is not an investment advisor. We do not give personalized investment advice or other financial advice. The information on this website is subject to change without notice. Some or all of the information on this website may become outdated, or it may be or become incomplete or inaccurate. We may, but are not obligated to, update any outdated, incomplete, or inaccurate information.
You should never make an investment decision on an ICO, IEO, or other investment based on the information on this website, and you should never interpret or otherwise rely on any of the information on this website as investment advice. We strongly recommend that you consult a licensed investment advisor or other qualified financial professional if you are seeking investment advice on an ICO, IEO, or other investment. We do not accept compensation in any form for analyzing or reporting on any ICO, IEO, cryptocurrency, currency, tokenized sales, securities, or commodities.
See full terms and conditions.