Key Points:
- Sturdy Finance fell victim to a hack today.
- The platform was hacked for 442 ETH or about $800,000.
- The attacker took advantage of a reentrancy vulnerability to repeatedly invoke commands, thereby hijacking the platform’s oracle system.
Sturdy Finance, a decentralized lending system, was the victim of a security breach today, resulting in a loss of 442 ETH, or around $800,000.
According to reports, the current DeFi attack has targeted the Sturdy Finance platform. PeckShield, a blockchain security startup, issued a notice on the newest DeFi attack on June 12.
While the Sturdy Finance platform has been compromised, it does not seem to be a smart contract attack or security breach.
Price oracles are critical in decentralized financial applications because they give real-time pricing data. They are, however, a possible target for hackers who can exploit them.
A reentrancy attack triggered the assault on Sturdy Finance, which is a mechanism often used to unlawfully extract cash from DeFi protocols. This attack exploits the ability to call a function several times inside a single transaction before the initial function call is finished. As a result, the attacker is able to extract more cash than they are legally allowed to.
The anonymous attacker specifically exploited a reentrancy flaw, which subsequently permitted the manipulation of a defective pricing oracle, allowing them to siphon off cash, then alter the oracle to reflect the incorrect value of the asset (here, stETH in the platform’s B-stETH-STABLE pool), enabling them to withdraw money unlawfully.
After gaining control of the function calls, the attacker went on to exploit the pricing oracle. Sturdy Finance derives its price oracle from a separate “read-only” smart contract, which is responsible for precisely establishing the market value of assets in a liquidity pool administered by the protocol on the Balancer decentralized exchange. The attacker, however, was able to manipulate the oracle, enabling them to drain cash from Sturdy Finance.
The primary cause of the compromise, according to BlockSec, was a standard reentrancy weakness in Balancer’s system, paired with price manipulation of B-stETH-STABLE.
Strong Finance responded immediately to the assault by halting all of its markets in order to avoid additional possible losses. The team informed customers that no more monies were in jeopardy and that no urgent action was necessary on their part. They brag that they will share further information as soon as it becomes available.
On-chain data indicated that the attacker used the Tornado Cash mixer to conceal their activity after the hack. This mixer is a tool for increasing privacy and making it harder to track blockchain transactions.
DISCLAIMER: The information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.
Join us to keep track of news: https://linktr.ee/coincu
Harold
Coincu News
Source: https://news.coincu.com/194236-sturdy-finance-was-attacked/