Key Points:
According to reports, the current DeFi attack has targeted the Sturdy Finance platform. PeckShield, a blockchain security startup, issued a notice on the newest DeFi attack on June 12.
While the Sturdy Finance platform has been compromised, it does not seem to be a smart contract attack or security breach.
Price oracles are critical in decentralized financial applications because they give real-time pricing data. They are, however, a possible target for hackers who can exploit them.
A reentrancy attack triggered the assault on Sturdy Finance, which is a mechanism often used to unlawfully extract cash from DeFi protocols. This attack exploits the ability to call a function several times inside a single transaction before the initial function call is finished. As a result, the attacker is able to extract more cash than they are legally allowed to.
The anonymous attacker specifically exploited a reentrancy flaw, which subsequently permitted the manipulation of a defective pricing oracle, allowing them to siphon off cash, then alter the oracle to reflect the incorrect value of the asset (here, stETH in the platform’s B-stETH-STABLE pool), enabling them to withdraw money unlawfully.
After gaining control of the function calls, the attacker went on to exploit the pricing oracle. Sturdy Finance derives its price oracle from a separate “read-only” smart contract, which is responsible for precisely establishing the market value of assets in a liquidity pool administered by the protocol on the Balancer decentralized exchange. The attacker, however, was able to manipulate the oracle, enabling them to drain cash from Sturdy Finance.
The primary cause of the compromise, according to BlockSec, was a standard reentrancy weakness in Balancer’s system, paired with price manipulation of B-stETH-STABLE.
Strong Finance responded immediately to the assault by halting all of its markets in order to avoid additional possible losses. The team informed customers that no more monies were in jeopardy and that no urgent action was necessary on their part. They brag that they will share further information as soon as it becomes available.
On-chain data indicated that the attacker used the Tornado Cash mixer to conceal their activity after the hack. This mixer is a tool for increasing privacy and making it harder to track blockchain transactions.
DISCLAIMER: The information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.
Join us to keep track of news: https://linktr.ee/coincu
Harold
Coincu News
Learn how to get Goerli ETH Testnet Tokens for testing decentralized applications and smart contracts,…
LABEL Foundation, a prominent IT company led by software development company Clesson, announces its bold…
These innovative automated systems use various strategies to capitalize on transactions on the blockchain. In…
BounceBit is a Bitcoin restaking protocol that blends CeFi and DeFi features to enhance the…
Bitcoin (BTC) investors are offloading their holdings, Dogecoin receives $700 million in inflows, and ETFSwap…
Users can check eligibility and claim Taiko TKO tokens within specified periods, supported by the…
This website uses cookies.