The DeFi world was hit by a surprise recently when Era Lend, a decentralized lending protocol operating on #zkSync Layer 2, suffered a significant security breach.
The hacker drained $3.4 million from the platform in a cunning reentrancy attack😱.
This all began with a read-only reentrancy vulnerability that the attacker manipulated cleverly.
Typically, these read-only functions are seen as safe, as they only perform viewing actions. However, this incident throws such assumptions out the window. This exploit allowed repeated calls within a single transaction to drain funds, resulting in this shocking loss💔.
In this case, the attacker distorted the LP’s price on another decentralized exchange called #SyncSwap during the burn/mint actions. This led to the draining of assets from Era Lend. Lei Wu, the co-founder and CTO of BlockSec, advises, “All projects that utilize the SyncSwap code should remain alert.” 👀
Post-attack, Era Lend confirmed the situation via a statement on Discord, saying,
"We have detected and confirmed a cyber attack on our platform. We want to assure you that the attack has been contained, and the threat actor can no longer continue their actions." ✅
Era Lend also clarified that only the #USDC pool was compromised, while the other assets remain secure🔒. As a precautionary measure, the team advised users to hold off depositing USDC for the time being, while borrowing operations have been temporarily halted.🛑
If you found this article helpful, interesting, or just plain entertaining, show us some love! Hit that "like" button👍, drop a comment📝 and share the article🔃!