Scam Alert

The Total Damage Of Sentiment Exploitation Come To Nearly $1 Million

Key Points:

  • On April 4, the Sentiment liquidity mechanism on the Arbitrum blockchain was attacked for over $1 million in different tokens.
  • To carry out the theft, the exploiter seems to have exploited a re-entry vulnerability.
  • Sentiment contacted the hacker and offered them 10% of the stolen monies as a reward.
Detailed investigation revealed that DeFi lending protocol Sentiment liquidity protocol on the Arbitrum blockchain was attacked on April 4 for almost $1 million in various tokens, including wrapped Bitcoin and Ether, and several different stablecoins.
The Total Damage Of Sentiment Exploitation Come To Nearly $1 Million 2

The attacker seems to have stolen the tokens via a re-entrancy vulnerability, then switched them and bridged them to the Ethereum main chain.

According to CertiK, the fundamental reason is Balancer’s read-only reentry.

In order to determine the price, the price oracle employed depends on the balances of the assets in the pool and the total quantity of the LP tokens (B-33WETH-33WBTC-33USDC).

To influence the price, the exploiter used 606 WBTC, 10,000 WETH, and 18 million USDC to use the Balancer vault’s ‘joinPool’ function, increasing the overall supply of the LP coin. He then withdrew the funds by using ‘exitPool(),’ which sent 606.8 WBTC, 1,000 ETH, and 17.9 million USDC consecutively.

Among these transactions, moving ETH back will activate the exploiter contract’s fallback feature. Since the overall supply is reduced in the fallback function, but the recorded balances of WBTC, WETH, and USDC are not changed in the pool, the price is tilted, and the attacker may borrow numerous assets at the slanted price.

Sentiment is now examining the protocol’s stolen cash. The team has made efforts to determine the core cause of the breach and prevent the possibility of subsequent losses. The team has contacted law enforcement and has collaborated with third-party auditors and security organizations.

Sentiment sent a message to the hacker a few hours ago, promising to let them retain 10% of the stolen monies as a reward if they returned the remainder. The letter promised a $95,000 payment if the assets were returned before 8 a.m. UTC on April 6. If the prize is not returned, Sentiment will be distributed to individuals who provide information on the hacker.

DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.

Join us to keep track of news: https://linktr.ee/coincu

Harold

Coincu News

Harold

With a passion for untangling the complexities of the financial world, I've spent over four years in financial journalism, covering everything from traditional equities to the cutting edge of venture capital. "The financial markets are a fascinating puzzle," I often say, "and I love helping people make sense of them." That's what drives me to bring clear and insightful financial journalism to the readers of Coincu.

Recent Posts

Analyst Sounds Major Breakout Alert Amid Shiba Inu, WallitIQ, And Dogecoin Price Recoveries

Analysts highlight a breakout alert as Shiba Inu (SHIB), and Dogecoin show signs of recovery…

32 minutes ago

SEC Chair Gary Gensler Will Lose Power From January 20

SEC Chair Gary Gensler will step down on January 20, 2025, coinciding with President-elect Donald…

34 minutes ago

MicroStrategy Convertible Notes Now Out of Stock With $3B Raised

The MicroStrategy convertible notes offering, initially set at $1.75 billion, was increased to $2.6 billion…

1 hour ago

Qubetics, Cosmos, and Chainlink: Why These Cryptos Are Your Best Bet for November 2024

Discover why Qubetics, Cosmos, and Chainlink are the best cryptos to buy in November 2024.…

4 hours ago

Best Cryptos to Buy in December 2024: Qubetics Presale Goes Ballistic as Ethereum and Quant Look to Build Momentum

Best Cryptos to Buy in December 2024: Qubetics ($TICS) presale explodes, Ethereum (ETH) eyes a…

7 hours ago

USDC and CCTP to launch on Aptos, with Stripe adding Aptos support in crypto products

Palo Alto, California, 21st November 2024, Chainwire

10 hours ago

This website uses cookies.