Share this article
ZkSync's Largest Lender Struck by $3.4M Exploit
EraLend said the threat has been contained, but advises against deposits.
Updated Jul 25, 2023, 1:48 p.m. Published Jul 25, 2023, 1:34 p.m. 1 min read
EraLend, the largest lending protocol on Ethereum scaling blockchain zkSync, has been hit by a $3.4 million read-only reentrancy attack, according to blockchain security firm CertiK.
The total amount of capital locked on EraLend slumped to $10.75 million from $18.5 million following the exploit, DefiLlama data indicate.
"We've experienced a security incident on our platform today. The threat has been contained. We've suspended all borrowing operations for now and advise against depositing USDC. We're working with partners and cybersecurity firms to address this. More updates to follow," EraLend wrote in a tweet.
A read-only reentrancy bug allows an attacker to manipulate asset prices by flooding a smart contract with repeated calls in order to steal assets.
Decentralized finance (DeFi) protocol Conic Finance was hit by a similar attack last week with the total loss of $3.6 million.
UPDATE (July 25, 13:50 UTC): Removes space from EraLend's name throughout.
Plus pour vous
Bubblemaps investigators led by Nicolas Vaiman, discovered 80 bets on Polymarket with a 98% win rate that he said is statistically impossible to achieve.
Ce qu'il:
- Analysts at Bubblemaps say a cluster of 80 highly accurate bets on U.S. military actions against Iran on the Polymarket platform are so precise that “luck alone cannot explain” the results.
- Bubblemaps’ CEO warns that adversaries could mine prediction markets for clues to U.S. war plans, turning them into tools...
Top Stories
