{"id":51850,"date":"2023-06-12T07:32:14","date_gmt":"2023-06-12T11:32:14","guid":{"rendered":"https:\/\/coinscreed.com\/staging\/?p=51850"},"modified":"2023-06-12T07:32:16","modified_gmt":"2023-06-12T11:32:16","slug":"defi-protocol-sturdy-finance-sees-800k-hack","status":"publish","type":"post","link":"https:\/\/coinscreed.com\/staging\/defi-protocol-sturdy-finance-sees-800k-hack\/","title":{"rendered":"DeFi Protocol Sturdy Finance Sees $800K Hack"},"content":{"rendered":"\n

Decentralized finance<\/a> (DeFi) protocol Sturdy Finance lost 442 Ether worth nearly $800,000 due to a vulnerability that ultimately allowed the exploiter to manipulate a flawed price oracle and drain funds from the protocol.\u00a0<\/p>\n\n\n\n

\"DeFi
DeFi Protocol Sturdy Finance Sees $800K Hack<\/figcaption><\/figure>\n\n\n\n

PeckShield, a blockchain security company, alerted Sturdy Finance on June 12 about a transaction that appeared to be related to price manipulation. Almost an hour later, the DeFi protocol acknowledged the vulnerability, halted all of its markets, and assured its users that no additional funds were at risk.<\/p>\n\n\n\n

\n

We are aware of the reported exploit of the Sturdy protocol. All markets have been paused; no additional funds are at risk and no user actions are required at this time.

We will be sharing more information as soon as we have it.<\/p>— Sturdy \ud83e\uddf1 (@SturdyFinance) June 12, 2023\r\n \r\n \r\n \r\n <\/g>\r\n \r\n \r\n \r\n <\/clipPath>\r\n <\/defs><\/svg><\/span><\/a><\/blockquote>

PeckShield confirmed that the attacker could transmit nearly $800,000 in ETH to the cryptocurrency mixer Tornado Cash<\/a>, despite a prompt response from the DeFi lending platform. The security firm also noted that a flawed price oracle was the “root cause” of the vulnerability.<\/p>\n\n\n\n

In addition, the blockchain security firm BlockSec emphasized that the breach was carried out using a reentrancy attack, a standard method hackers use to withdraw funds from DeFi protocols.<\/p>\n\n\n\n

\n

1\/ @SturdyFinance<\/use><\/svg><\/span><\/a> was attacked and the loss is ~442 ETH. The root cause is due to the typical Balancer's read-only reentrancy, while the price of B-stETH-STABLE was manipulated! pic.twitter.com\/5l9mVfhpQN<\/use><\/svg><\/span><\/a><\/p>— BlockSec (@BlockSecTeam) June 12, 2023<\/use><\/svg><\/span><\/a><\/blockquote>

Using this technique, hackers can repeatedly call a function in a single transaction before the initial function call is complete. This allows hackers to extract an excessive amount of funds. <\/p>\n\n\n\n

Scammers seized control of eight prominent crypto community members' Twitter accounts and used them to promote crypto scams. <\/p>\n\n\n\n

According to blockchain detective ZachXBT, fraudsters took nearly $1 million in cryptocurrency after gaining access to the accounts of well-known DJ Steve Aoki, Pudgy Penguins founder Cole Villemain, and even crypto skeptic Peter Schiff.<\/p>\n\n\n\n

In other news, the United States Department of Justice<\/use><\/svg><\/span><\/a> has recently charged two men with involvement in the Mt. Gox breach. According to the department, Alexey Bilyuchenko, 43, and Aleksey Verner, 29, are accused of stealing and conspiring to launder 647,000 Bitcoin.\u00a0<\/p>\n","protected":false},"excerpt":{"rendered":"

Decentralized finance (DeFi) protocol Sturdy Finance lost 442 Ether worth nearly $800,000 due to a vulnerability that ultimately allowed the exploiter to manipulate a flawed price oracle and drain funds from the protocol.\u00a0 PeckShield, a blockchain security company, alerted Sturdy Finance on June 12 about a transaction that appeared to be related to price manipulation. […]<\/p>\n","protected":false},"author":12,"featured_media":51868,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[73],"tags":[],"class_list":["post-51850","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-defi-news"],"jetpack_featured_media_url":"https:\/\/coinscreed.com\/staging\/wp-content\/uploads\/2023\/06\/hjj.png","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/posts\/51850","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/comments?post=51850"}],"version-history":[{"count":0,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/posts\/51850\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/media\/51868"}],"wp:attachment":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/media?parent=51850"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/categories?post=51850"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/tags?post=51850"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}