Decentralized Finance Protocol Sturdy Finance Loses $800K to Attacker
Decentralized finance (DeFi) protocol Sturdy Finance has lost 442 Ether (ETH), worth almost $800,000, to a security exploit. The attacker exploited a vulnerability that manipulated a faulty price oracle, enabling them to drain funds from the protocol.
On June 12, blockchain security firm PeckShield notified Sturdy Finance about a transaction that appeared to be related to price manipulation. Approximately an hour later, the DeFi protocol confirmed its awareness of the exploit and promptly paused all markets, assuring users that no additional funds were at risk.
Despite the swift response from the DeFi lending platform, PeckShield verified that the attacker successfully transferred almost $800,000 in ETH to the crypto mixer Tornado Cash. The security firm identified a faulty price oracle as the “root cause” of the exploit.
Additionally, blockchain security company BlockSec emphasized that the hack was executed through a reentrancy attack, a common method employed by hackers to withdraw funds from DeFi protocols. This method allows hackers to repeatedly call a function in a single transaction before the initial function call is complete, enabling them to withdraw more funds than should be possible.
Meanwhile, scammers have gained control of eight Twitter accounts belonging to prominent members of the crypto community, promoting crypto scams. According to blockchain detective ZachXBT, the scammers have managed to steal nearly $1 million in crypto by compromising the accounts of well-known DJ Steve Aoki, Pudgy Penguins founder Cole Villemain, and even crypto critic Peter Schiff.
In other news, the United States Justice Department has recently filed charges against two individuals allegedly involved in the Mt. Gox hack. The department claims that 43-year-old Alexey Bilyuchenko and 29-year-old Aleksandr Verner conspired to steal and launder 647,000 Bitcoin.