Decentralized finance (DeFi) protocol Sturdy Finance lost 442 Ether worth nearly $800,000 due to a vulnerability that ultimately allowed the exploiter to manipulate a flawed price oracle and drain funds from the protocol.
PeckShield, a blockchain security company, alerted Sturdy Finance on June 12 about a transaction that appeared to be related to price manipulation. Almost an hour later, the DeFi protocol acknowledged the vulnerability, halted all of its markets, and assured its users that no additional funds were at risk.
PeckShield confirmed that the attacker could transmit nearly $800,000 in ETH to the cryptocurrency mixer Tornado Cash, despite a prompt response from the DeFi lending platform. The security firm also noted that a flawed price oracle was the “root cause” of the vulnerability.
In addition, the blockchain security firm BlockSec emphasized that the breach was carried out using a reentrancy attack, a standard method hackers use to withdraw funds from DeFi protocols.
Using this technique, hackers can repeatedly call a function in a single transaction before the initial function call is complete. This allows hackers to extract an excessive amount of funds.
Scammers seized control of eight prominent crypto community members’ Twitter accounts and used them to promote crypto scams.
According to blockchain detective ZachXBT, fraudsters took nearly $1 million in cryptocurrency after gaining access to the accounts of well-known DJ Steve Aoki, Pudgy Penguins founder Cole Villemain, and even crypto skeptic Peter Schiff.
In other news, the United States Department of Justice has recently charged two men with involvement in the Mt. Gox breach. According to the department, Alexey Bilyuchenko, 43, and Aleksey Verner, 29, are accused of stealing and conspiring to launder 647,000 Bitcoin.
