July 25th 2023

Decentralized crypto lender, Eralend has endured a $3.4 million hack on its network. In a Tuesday Twitter post, EraLend confirmed the breach and vowed to commence full investigations immediately. The attacker reportedly exploited a read-only reentrancy vulnerability in the project’s network to steal the funds.

Microsoft Cloud Gaming: Where Imagina…
Customer Stunned by Electric Vehicle …
This Massive US Company Will Now Lay …
NTT DATA and Beyond ONE forge strateg…
Zukuma: A revoluÃ§Ã£o do novo gÃªnero…

Security Update: We've experienced a security incident on our platform today. The threat has been contained. We've suspended all borrowing operations for now and advise against depositing USDC. We're working with partners and cybersecurity firms to address this.
More updates…
— EraLend | The #1 Money Market on zkSync (@Era_Lend) July 25, 2023

Occasioned by the vulnerability, the attacker withdrew more than the required funds within a single transaction. Also, the hacker, as reported, also leverage the faulty price oracle operated by EraLend to aid the attack on the network.

EraLend suspends lending operations on its network

Meanwhile, EraLend assured users that it has curtailed the attack and stressed that the exploitation only affected its USDC pool. Its team added that it has temporarily suspended lending operations on the network and urged users to avoid depositing USDC for now. Also, EraLend wants to launch a full investigation into circumstances that led to the breach.

Worth noting that EraLend, with this breach, joins the list of DeFi firms that have suffered exploitations on their networks. Earlier, a South Korean-based crypto exchange, GDAC witnessed a similar exploitation on its hot wallet. Then, the exchange said the attacker stole about $13.1 million worth of Bitcoin, Ethereum, Wemix, and USDT. It also added that the attacker transferred the stolen funds to an unknown wallet.

Also in March, the CEO of Safemoon, John Karony confirmed the exploitation of the protocol’s liquidity pool. In the hack, attackers withdrew 27,000 BNB worth $9 million from the pool by leveraging a bug in Safemoon’s smart contract. Just like EraLend, attackers also exploited the Poly network and swapped about 5,196 Ethereum amounting to $10 million. The attackers reportedly compromised the vulnerability of the smart contract to steal the funds. This vulnerability allowed the hacker to design dubious parameters containing a malicious validator, thereby evading the verification process.

Bitrue is also spared from the alarming rate of exploitations in the industry. Then, the attack stole $23 million worth of assets from its hot wallet. Some of the assets stolen from the exchange during the exploitation include ETH, QNT, GALA, SHIB, HOT, and MATIC. With the latest attack unfolding on EraLend, it is pertinent that DeFi platforms improve their security mechanisms.

Read More:

Kriptomat partners 1inch to aid web3 gaming
U.K government kicks against recommendation to regulate crypto like gambling
ASIC cancels FTX financial license in Australia

The post EraLend suffers $3.4 million hack appeared first on BinBits.

This post first appeared on BinBits, please read the originial post: here