EraLend, a decentralized finance (DeFi) protocol, suffered a loss of $3.4 million in crypto due to a re-entrancy attack.
This attack, which took place on Tuesday, leveraged a loophole that permitted the attacker to initiate multiple calls to a specific function within a singular transaction. This exploit allowed the perpetrator(s) to extract funds surpassing the permissible withdrawal limit.
Presently, it seems that only deposits made in the stablecoin USD Coin (USDC) have been impacted by this breach.
An individual from the community was the first to bring attention to the hacking incident on Twitter. EraLend subsequently acknowledged and expressed gratitude to the user for their prompt alert regarding the attack.
In their response, the EraLend team stated, “As we collaborate with various entities to address this issue, we earnestly hope that the community will stay vigilant and closely follow the ongoing investigation.”
The incident later caught the attention of BlockSec, a blockchain security company. They reported on the breach and mentioned that they are aiding EraLend in managing what they termed a “read-only re-entrancy attack.”
Attack has been ‘contained’, team says
The EraLend team addressed the hacking incident on their Discord server, confirming that they’ve managed to “contain” the attack and reassuring their users that the perpetrators are no longer able to continue their malevolent activities.
For the safety of their community, the team stated, “We’ve proactively halted all borrowing functions temporarily to ensure the protection of funds.” They further advised their users to refrain from depositing USDC until they provide an update.
The team remains committed to clarity and transparency, stating, “We are in the midst of a thorough investigation and promise to keep our community updated as more details emerge.”
EraLend, which runs on the zkSync layer 2 network, positions itself as a leading solution in the DeFi sector. They pride themselves on offering a model with minimal disparity between lending and borrowing rates, hence making it more capital efficient. Additionally, in a bid to stand out from their competitors, EraLend’s platform advertises its superiority in terms of safety. They highlight their independence from oracles and external liquidity, which, according to them, diminishes potential risks.
Conic Finance suffered same attack
A reentrancy attack, which EraLend recently fell victim to, is the same modus operandi observed during the breach of the DeFi protocol, Conic Finance.
Over the past weekend, Conic Finance was hit hard when attackers exploited a vulnerability in Omnipools, siphoning off $3.2 million worth of Ether (ETH) during two distinct breaches.
Following these incidents, the Conic Finance team took immediate action. They stated, “Given the recent ETH exploit, we have implemented stringent safety protocols and have temporarily halted all Omnipools operations as a precaution.”