{"id":51832,"date":"2023-06-12T06:00:18","date_gmt":"2023-06-12T10:00:18","guid":{"rendered":"https:\/\/coinscreed.com\/staging\/?p=51832"},"modified":"2023-06-12T06:00:22","modified_gmt":"2023-06-12T10:00:22","slug":"sturdy-finance-loses-800k-in-oracle-attack","status":"publish","type":"post","link":"https:\/\/coinscreed.com\/staging\/sturdy-finance-loses-800k-in-oracle-attack\/","title":{"rendered":"Sturdy Finance loses $800K In Oracle Attack"},"content":{"rendered":"\n

Sturdy Finance, a decentralized lending platform, lost $800,000 in a security breach on Saturday. An unidentified hacker exploited a reentrancy vulnerability and manipulated a faulty price oracle<\/a> to drain funds from the Protocol.<\/p>\n\n\n\n

\"Sturdy<\/figure>\n\n\n\n

Sturdy Finance, a decentralized lending platform, suffered a major security breach on Saturday, losing 442 ether (ETH)<\/a>, worth about $800,000 at the time of the attack. <\/p>\n\n\n\n

Price oracles are essential components of decentralized finance (DeFi)<\/a> applications like Sturdy Finance, as they provide real-world price data for a variety of assets. However, they can also be vulnerable to attacks if not implemented securely.<\/p>\n\n\n\n

The unidentified hacker launched a reentrancy attack\r\n \r\n \r\n \r\n <\/g>\r\n \r\n \r\n \r\n <\/clipPath>\r\n <\/defs><\/svg><\/span><\/a>, a common method used to withdraw funds from DeFi protocols fraudulently. <\/p>\n\n\n\n

The hacker could call a function multiple times within a single transaction before completing the original function call.\u00a0By doing so, the hacker could withdraw more funds than they were entitled to.<\/p>\n\n\n\n

The hacker manipulated\u00a0the price oracle<\/use><\/svg><\/span><\/a> after gaining control over the function calls. <\/p>\n\n\n\n

Sturdy Finance used a separate \u201cread-only\u201d<\/strong> smart contract to derive its price oracle, which determined the market value of assets in a liquidity pool managed by the Protocol on the Balancer decentralized exchange. <\/p>\n\n\n\n

However, the hacker successfully tampered with the oracle, allowing them to siphon off funds from Sturdy Finance.<\/p>\n\n\n\n

According to blockchain security firm BlockSec, the root cause of the breach was the typical reentrancy vulnerability in Balancer\u2019s system, combined with the manipulation of the price of B-stETH-STABLE<\/use><\/svg><\/span><\/a>.<\/p>\n\n\n\n

How the Protocol Responded to the Breach<\/h4>\n\n\n\n

Sturdy Finance responded swiftly to the attack by pausing its markets to prevent further losses. The team assured users not to worry about additional funds or take any immediate action. They promised to provide more information as soon as possible.<\/p>\n\n\n\n

\n

We are aware of the reported exploit of the Sturdy protocol. All markets have been paused; no additional funds are at risk and no user actions are required at this time.

We will be sharing more information as soon as we have it.<\/p>— Sturdy \ud83e\uddf1 (@SturdyFinance) June 12, 2023<\/use><\/svg><\/span><\/a><\/blockquote>

Following the attack, on-chain data revealed that the hacker used the Tornado Cash Mixer<\/a> to conceal their activities. This aggregator is a tool used to enhance privacy and make it difficult to trace blockchain transactions.<\/p>\n\n\n\n

The Implications for DeFi Security<\/h4>\n\n\n\n

The incident highlights the ongoing challenges and risks associated with DeFi and the significance of robust security measures. Sturdy Finance\u2019s quick response in suspending the markets demonstrates its commitment to protecting user funds and mitigating potential losses. <\/p>\n\n\n\n

As the investigation unfolds, it is anticipated that further insights will be gained to prevent similar attacks and strengthen the overall security of decentralized lending protocols.<\/p>\n","protected":false},"excerpt":{"rendered":"

Sturdy Finance, a decentralized lending platform, lost $800,000 in a security breach on Saturday. An unidentified hacker exploited a reentrancy vulnerability and manipulated a faulty price oracle to drain funds from the Protocol. Sturdy Finance, a decentralized lending platform, suffered a major security breach on Saturday, losing 442 ether (ETH), worth about $800,000 at the […]<\/p>\n","protected":false},"author":44,"featured_media":51835,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[11476],"tags":[197,1496,12091,11246,14824],"class_list":["post-51832","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hacks-and-scams","tag-defi","tag-hack","tag-oracle","tag-security","tag-sturdy-finance"],"jetpack_featured_media_url":"https:\/\/coinscreed.com\/staging\/wp-content\/uploads\/2023\/06\/hacked-.jpg","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/posts\/51832","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/users\/44"}],"replies":[{"embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/comments?post=51832"}],"version-history":[{"count":0,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/posts\/51832\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/media\/51835"}],"wp:attachment":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/media?parent=51832"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/categories?post=51832"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/tags?post=51832"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}