Key Points:
According to blockchain security firm CertiK, the attack exploited a vulnerability in EraLend’s smart contract code, allowing the attacker to withdraw more funds than authorized within a single transaction. As a result of the exploit, the total amount of locked capital on EraLend dropped from $18.5 million to $7.7 million, as reported by DefiLlama.
The vulnerability that the attacker took advantage of involved a read-only function, typically considered safe due to its inability to modify the contract’s state. These functions perform view actions, such as calculating token balances, without altering any data. However, the hacker manipulated this function through a reentrancy exploit, repeatedly calling it to drain assets from EraLend. The exploit focused on a faulty price oracle that EraLend relied on, ultimately allowing the attacker to siphon off significant funds from the protocol.
Era Lend addressed the incident promptly, suspending all borrowing operations and warning users against depositing USDC (USD Coin) until the issue is resolved. The team is actively working with cybersecurity firms and partners to investigate the attack and implement necessary security measures.
In the wake of the attack, Era Lend reassured its users that only the USDC pool was compromised, and the security of assets other than USDC remains intact. As a precautionary step, the platform temporarily halted borrowing operations to prevent further losses.
The attack on EraLend bears a resemblance to a similar incident that targeted the decentralized finance (DeFi) protocol Conic Finance the previous week, resulting in a total loss of $3.6 million. It highlights the need for increased security measures within the DeFi space as attackers continue to exploit vulnerabilities in smart contract code.
Despite the setback, EraLend remains committed to enhancing its security infrastructure to protect user funds and bolster the confidence of its community. As the DeFi ecosystem evolves, it is evident that constant vigilance and proactive security measures are essential to safeguarding users’ assets and the overall integrity of decentralized platforms.
DISCLAIMER: The information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.
Best Cryptos to Buy in December 2024: Qubetics ($TICS) presale explodes, Ethereum (ETH) eyes a…
Palo Alto, California, 21st November 2024, Chainwire
Best Cryptos to Buy: Qubetics presale rockets ahead, Bitcoin nears $100k, and Avalanche prepares to…
London, United Kingdom, 21st November 2024, Chainwire
The move will see developers utilize USDC on Aptos in creating dApps on a wide…
Abu Dhabi, UAE, 21st November 2024, Chainwire
This website uses cookies.