Technology

zkSync EraLend lending protocol under attack

By Lily Adric

L2 crypto lending protocol zkSync, EraLend was the target of a attack type read-only reentrancy. Result: a flight of assets estimated at 2.76 million dollars. Users withdraw in response.

The consequences of a hack are not limited to the direct damage inflicted by the hackers. The effects on TVL are also significant. EraLend is a case in point. Before the attack, the lending protocol had a Total Value Locked of over $18 million.

Read:  Official opening of Base, Coinbase's L2 Ethereum

DefiLlama now values it at $4.6 million. Main lending service on zkSync, EraLend was the victim of a so-called “read-only reentrance” attack, a technique frequently used against DeFi protocols.

Total Value Locked Eraland – Defillama

Price of the oracle manipulated by the attacker

The blockchain security company CertiK estimates the 3.4 million in damages. On Twitter, EraLend gives another estimate, in the order of 2.76 million dollars. This is still a considerable sum for a protocol whose TVL peaked at under 20 million.

After an initial investigation, we identified the illegal attack as a read-only re-entry exploit. The attacker manipulated the oracle price, leading to an exploit of around $2.76 million in the USDC pool. All other pools remain secure and unaffected.” clarifies EraLend.

According to the evidence gathered, the attacker has since distributed the stolen funds between several wallets on different chains via several bridges.

Currently, the funds are spread across 3 blockchains and 8 addresses, which we are closely monitoring,” says the protocol team.

Service interruptions and interest rates on the decline

“We are actively collaborating with bridges, security teams, exchanges and law enforcement to investigate and trace the flow of funds. Our main objective is to recover funds for our 500,000 protocol users,” she adds.

Read:  Re-staking protocol EigenLayer raises $50M

Following the attack, EraLend has taken the decision to “temporarily” suspend borrowing, USDC supply and SyncSwap LP supply.

In addition, we have significantly reduced the USDC pool interest rate to protect affected borrowing positions from potential liquidation during this period,” the developers further state.

A week earlier, Conic Finance, a protocol on Ethereum, suffered a similar attack, recording an estimated loss of $3.2 million. Same cause, same consequence: Conic Finance’s TVL immediately fell drastically.

To follow theCrypto news and Web3find RoyalsBlue.com on TwitterLinkedin, Facebook or Telegram

The Best Online Bookmakers September 21 2023

BetMGM Casino

Bonus

$1,000

Hundred Heroes postponed to the second quarter of 2024. – That’s Gaming

Chevrolet releases new version of the Bolt -.