Evolving Security Incident: Sturdy Finance’s Exploitation
Sturdy Finance, a well-known DeFi lending protocol, recently faced an unfortunate incident – a security attack by an anonymous hacker, resulting in a loss of 442 ETH, equivalent to around $800,000. The alleged hacker took advantage of the protocol’s re-entrancy vulnerability to manipulate a price oracle incorrectly.
PeckShield, a reputable blockchain analytics company, publicized the incident on Twitter, highlighting the exploitation Sturdy Finance had undergone. According to PeckShield’s analysis, the exploit didn’t reveal any classic signs of a smart contract hack or security breach. Instead, it appears that price manipulation was the issue. Additionally, the analysis identified the hacker’s address and noted that the offender had transferred the 442.6 ETH to Tornado Cash, a decentralized crypto mixer, effectively obscuring the transaction details.
Sturdy Finance Responds to the Security Incident
In response to the unfortunate event, Sturdy Finance promptly halted its trading services to prevent any additional losses. The platform reassured its community, stating “no additional funds are at risk,” and promised to provide more information once they resolved the issue. Furthermore, the team comforted its users by assuring them that no immediate action was required from their end.
Analysis of the Security Breach and the Broader DeFi Landscape
BlockSec, a security firm, identified the root cause of the exploit as the typical Balancer’s read-only re-entrancy, alongside manipulation of the B-stETH-STABLE price. They stated that the exploiter managed to steal the ETHs through this manipulation.
In a broader context, DeFi REKT Database’s recent analysis highlighted that there have been almost nine DeFi attacks this month alone. Among these, the most devastating was the Atomic Wallet exploit on June 4, one of the most significant crypto exploits in history, leading to a loss of over $35 million.
