© 2023 FINBIA. All Rights Reserved.
HomeDeFiDeFi Protocol Sturdy Finance Hacked, $768,800 Worth of ETH Stolen
DeFi

DeFi Protocol Sturdy Finance Hacked, $768,800 Worth of ETH Stolen

By Naseem Sheikh     June 12, 2023, at 2:27 PM     Updated June 12, 2023, at 2:27 PM
0
16
Arkham

Arkham

Summary:
Sturdy Finance, a DeFi lending platform, suffered a vulnerability that allowed 442 ETH (about $768,800) to be stolen. The attacker gained access to Sturdy's funds by manipulating the pricing oracle of a collateral pool and borrowing money from Sturdy using B-stETH-STABLE as collateral.

A vulnerability was found in the DeFi lending protocol Sturdy Finance, and 442 ETH (about $768,800) were stolen. Sturdy Finance admitted the attack and suspended operations on the DeFi platform while they examined the problem, while blockchain security organizations such as PeckShield and BlockSec reported the vulnerability.

The protocol allows users to use LP tokens from exchanges like Curve and Balancer as collateral for loans. The decentralized platform provides access to two marketplaces for lending: Ethereum and stablecoins tied to the US dollar.

Discord channel post by pgpsam, a key member of the Sturdy Finance team: “from our investigation so far the stablecoin market is unaffected.” The Sturdy pools are now unavailable for stablecoin and ETH withdrawals.

Pricing Oracle Manipulated

Moreover, According to preliminary investigations, the attacker gained access to Sturdy’s funds by manipulating the pricing oracle of a collateral pool. This morning, the BlockSec team revealed the assault’s after-action report on Twitter, writing that it was a “typical Balancer’s read-only reentrancy” attack.

The attacker here contacted the B-stETH-STABLE pool repeatedly before the earlier transactions had completed, leading the pool’s price oracle to become corrupted and incorrectly display a tripling of the price.

Hacker Gained from Gap Between Inflated Value

Moreover, the assailant had borrowed money from Sturdy using B-stETH-STABLE as collateral. The attacker removed collateral from Sturdy’s pool as the price rose. The hacker now stands to gain from the gap between the inflated value of their collateral and its true worth.

Also, the hacker used a 50,000 wstETH and 60,000 WETH flash loan from Aave (equivalent to around $191 million) to finance the assault.

Handpicked News: Economist Peter Schiff Warns of Impending Collapse of US Banking System

According to PeckShield, the hackers transferred the stolen cash using Tornado Cash. It is an Ethereum mixer that protects user anonymity by masking transaction origin and destination addresses. Tornado Cash was used by the North Korean hacker outfit Lazarus and many other hackers. Thus the United States authorities banned it last year.

TagsblockchainDeFIHackTornado Cash
Previous Article

Economist Peter Schiff Warns of Impending Collapse of US Banking System

Next Article

Swyftx Adds Bone ShibaSwap (BONE) Token to List of Crypto Offerings

Naseem Sheikh

About us

We are a Global Media Agency offering Latest Unbiased News and Updates on Crypto and Blockchain World. Follow us and stay ahead of the pack. We also cover NFT, Metaverse, and Web 3.0.

Get in touch

Mail: [email protected]
Advertise: [email protected]
Join Us: [email protected]

Our vision

We’re a diverse team of crypto fanatics with qualifications varying from journalism to engineering. We see blockchain and cryptocurrency as fundamentally altering the global industry. 

© 2023 finbia.com. All Rights Reserved.