An attacker attacked the EraLend landing protocol on the zkSync Era network, stealing $3.4 million worth of digital assets.
Project representatives confirmed breaking into. The developers have suspended all lending transactions and advised users not to make new deposits.
The EraLend team is currently working with security company BlockSec to investigate the incident.
It is likely that the hacker used a “read-only re-entry” exploit on DEX SyncSwap. This allowed the attacker to manipulate the price oracle to withdraw wrapped ETH and USDC.
“The attacker changed the price of liquidity tokens during SyncSwap’s burning or issuing actions [монет]using your reserves to set your own course. All projects using the code of the affected exchange must remain on the alert, ”BlockSec emphasized.
According to the data L2BEAT, since July 5, the total blocked cost in the zkSync Era L2 network over the past 20 days has fallen from $735 million to $437 million – by 40%. Over the same period, Starknet competitor’s performance increased by 80%from $71 million to $128 million.
Recall that in July, a hacker withdrew $ 1.5 million from the Rodeo Finance DeFi protocol through manipulations with the oracle.
Later, the attacker attacked the Alphapo project. Losses from hacking amounted to about $ 60 million.
In the first half of 2023, the crypto industry faced 395 hacks, losing about $479.4 million as a result.
Found a mistake in the text? Select it and press CTRL+ENTER
Cryplogger Newsletters: Keep your finger on the pulse of the bitcoin industry!