Key Points:
According to reports, the current DeFi attack has targeted the Sturdy Finance platform. PeckShield, a blockchain security startup, issued a notice on the newest DeFi attack on June 12.
While the Sturdy Finance platform has been compromised, it does not seem to be a smart contract attack or security breach.
Price oracles are critical in decentralized financial applications because they give real-time pricing data. They are, however, a possible target for hackers who can exploit them.
A reentrancy attack triggered the assault on Sturdy Finance, which is a mechanism often used to unlawfully extract cash from DeFi protocols. This attack exploits the ability to call a function several times inside a single transaction before the initial function call is finished. As a result, the attacker is able to extract more cash than they are legally allowed to.
The anonymous attacker specifically exploited a reentrancy flaw, which subsequently permitted the manipulation of a defective pricing oracle, allowing them to siphon off cash, then alter the oracle to reflect the incorrect value of the asset (here, stETH in the platform’s B-stETH-STABLE pool), enabling them to withdraw money unlawfully.
After gaining control of the function calls, the attacker went on to exploit the pricing oracle. Sturdy Finance derives its price oracle from a separate “read-only” smart contract, which is responsible for precisely establishing the market value of assets in a liquidity pool administered by the protocol on the Balancer decentralized exchange. The attacker, however, was able to manipulate the oracle, enabling them to drain cash from Sturdy Finance.
The primary cause of the compromise, according to BlockSec, was a standard reentrancy weakness in Balancer’s system, paired with price manipulation of B-stETH-STABLE.
Strong Finance responded immediately to the assault by halting all of its markets in order to avoid additional possible losses. The team informed customers that no more monies were in jeopardy and that no urgent action was necessary on their part. They brag that they will share further information as soon as it becomes available.
On-chain data indicated that the attacker used the Tornado Cash mixer to conceal their activity after the hack. This mixer is a tool for increasing privacy and making it harder to track blockchain transactions.
DISCLAIMER: The information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.
Join us to keep track of news: https://linktr.ee/coincu
Harold
Coincu News
BlockDAG crosses $170.5M in presale success with BDAG250 bonus and Whitepaper V3 launch! Solana grows…
Discover why Qubetics, Toncoin, and XRP are the best coins to invest in right now.…
Over the years, meme coins have evolved from inside jokes into serious investment opportunities.
Discover BlockDAG's five-tier bonus program's closing phases that enhance buyer holdings. Gain insights on the…
Discover why Qubetics, Solana, and Cardano are redefining the crypto landscape. Learn about milestones, price…
Discover why Qubetics, NEAR Protocol, and Immutable X are the best altcoins to join today,…
This website uses cookies.