The DeFi world was hit by a surprise recently when Era Lend, a decentralized lending protocol operating on #zkSync Layer 2, suffered a significant security breach.
The hacker drained $3.4 million from the platform in a cunning reentrancy attackš±.
This all began with a read-only reentrancy vulnerability that the attacker manipulated cleverly.
Typically, these read-only functions are seen as safe, as they only perform viewing actions. However, this incident throws such assumptions out the window. This exploit allowed repeated calls within a single transaction to drain funds, resulting in this shocking lossš.
In this case, the attacker distorted the LPās price on another decentralized exchange called #SyncSwap during the burn/mint actions. This led to the draining of assets from Era Lend. Lei Wu, the co-founder and CTO of BlockSec, advises, āAll projects that utilize the SyncSwap code should remain alert.ā š
Post-attack, Era Lend confirmed the situation via a statement on Discord, saying,
"We have detected and confirmed a cyber attack on our platform. We want to assure you that the attack has been contained, and the threat actor can no longer continue their actions." ā
Era Lend also clarified that only the #USDC pool was compromised, while the other assets remain secureš. As a precautionary measure, the team advised users to hold off depositing USDC for the time being, while borrowing operations have been temporarily halted.š
If you found this article helpful, interesting, or just plain entertaining, show us some love! Hit that "like" buttonš, drop a commentš and share the articleš!
