The largest lending protocol in zkSync was hacked for $3.4 million
Date: 2023-07-26 Author: Karina Ziganova Categories: BLOCKCHAIN, IN WORLD
The largest lending protocol on the zkSync blockchain, EraLend, has been subjected to a $3.4 million "read-only re-entry" exploit.
A "read-only re-entry" error on the decentralized exchange (DEX) SyncSwap allowed the attacker to manipulate prices by filling the smart contract with repeated calls to steal assets. The EraLend attacker has targeted a vulnerability in the project's smart contract, which controls the token burning and minting functions used for lending and borrowing according to the protocol.
According to DefiLlama, the total amount of capital locked in EraLend fell almost threefold after the hacker attack to $6.96 million from $18.5 million.
Representatives of EraLend confirmed a security incident on the platform. However, they assured that the hacker threat has already been eliminated.
"At the moment, we have suspended all borrowing operations and advise you not to make deposits in USDC. We are working with partners and cybersecurity firms to address this issue. We will announce additional updates later," the message says.
Conic Finance hack
Other protocols attacked this month included AnubisDAO, Rodeo Finance, ArcadiaFi and Conic Finance. The latter faced a similar problem to EraLend: the cause of the attack was price manipulation caused by "read-only re-entry".
As a result, Conic Finance's decentralized finance (DeFi) protocol lost 1700 Ether (ETH) worth more than $3.6 million at current prices. The attack affected one of his omnipools.
How many crypto hackers stole
In total, in the first half of the year, total losses from hacks, phishing scams and rag pulls amounted to $655.61 million. Hackers carried out 108 attacks on protocols, 110 rag pulls and a number of phishing scams and embezzled $471.43 million, $75.87 million and $108 million, respectively.
In addition, since the beginning of the year, hackers have been able to launder about $244.5 million in cryptocurrency in the first half of 2023. Most of all, the attackers laundered as part of the hacking of the Harmony Bridge cross-chain bridge (about $ 100 million). In second place is the incident around the Atomic Wallet with $65 million, the top three closed the Uranium Finance project, which lost $12.8 million in cryptocurrency.
