The DeFi protocol Sturdy Finance has lost 442 Ether worth $800,000. The lending platform has seized all the transactions for now. To avoid more fund losses, the activities are seized for some time and no more user action is needed this time.
The vulnerability analyst, Blockchain Security Company PeckShield, noted this issue related to price manipulation. The company notified Sturdy Finance on Twitter about the losses. PeckShield tweeted that their community contributor has reported a profanity attack on KP3R.
The DeFi Protocol Paused Activity
Sturdy is a protocol working on EVM-compatible chains for lending and borrowing stablecoins. Earlier, Sam Forman, CEO of Sturdy announced a $3.9M raise in the seed and the strategic rounds, and that they will work to enhance the protocol in which lenders can earn more and borrowers have to pay less.
After the alert on June 12th about the manipulated money transactions, the DeFi protocol has paused the activities. This action was taken within an hour of information from PeckShield with the company’s reply that they are aware of the coup, and have halted their market so that no further risks happen with users.
PeckShield further confirmed the schemer had transferred 442.6 ETH to Tornado Cash. Sturdy has cited no response on behalf of this. Tornado Cash is a cryptocurrency mixer which works on Ethereum Blockchain.
It provides a facility for hidden transactions. In order to keep the identity anonymous, the transactions are mixed before transferring it to an individual wallet. The exploiter has used this cryptocurrency mixer for processing the loss.
Another blockchain security company, BlockSec, has highlighted the harm is done by a reentrancy attack. In this attack, a flaw in the contract is created by calling the same function, again and again. Thus, the attacker can change the contract’s information and can take out funds.
Beside Sturdy’s Halt, Some Twitter Accounts Also Hacked
Besides this loss of $800K, previously eight prominent Twitter accounts were also hijacked. ZachXBT, cryptocurrency detective, highlighted the $1M stolen amount in crypto. DJ Steve Aoki, Cole Villemain, Mira Murati, and Peter Schiff are some among the ones who lost control over their accounts. The slow action from Twitter support is one of the reasons cited by the blockchain community.
One of the other cases of stolen digital assets include 647,000 Bitcoin stolen from the exchange. The Justice Department charged two men Alexey Bilyuchenco and Aleksandr Verner for taking control and hacking the Mt. Gox server.
Smart contract flaws, complexity risks, regulatory risks and vulnerability to bad actors are some of the common reasons cited as risks of DeFi protocol. In Sturdy Finance, the quoted reason by BlockSec is reentrancy, related with smart contract flaws.
Source: https://www.thecoinrepublic.com/2023/06/12/defi-protocol-sturdy-finance-at-halt-exploiter-strains-800k/