Attacker Exploits Vulnerability in Sturdy Finance Protocol
Sturdy Finance, a well-known decentralized finance (DeFi) protocol, has become the latest victim of a substantial security exploit. An attacker was able to drain 442 Ether, equivalent to nearly $800,000 at the time of writing. This was made possible due to a vulnerability in the protocol that the attacker exploited, leading to a manipulation of a faulty price oracle.
PeckShield Alerts Sturdy Finance and the Swift Response
On June 12, blockchain security firm PeckShield became aware of a suspicious transaction seemingly related to price manipulation. The firm promptly alerted Sturdy Finance. Approximately an hour later, the DeFi protocol acknowledged the exploit and took immediate action. It suspended all its markets and assured its user base that no further funds were at risk.
The Mechanics of the Hack and How Funds were Transferred
Even though Sturdy Finance acted quickly, PeckShield confirmed that the attacker was successful in transferring almost $800,000 in Ether (ETH) to the crypto mixer Tornado Cash. According to the security firm, the main catalyst of this exploit was a faulty price oracle.
BlockSec, another blockchain security company, shed light on the nature of the attack. The culprit used a reentrancy attack, a common hacking method used to extract funds from DeFi protocols. This approach allows hackers to call a function repeatedly in a single transaction before the original function call is completed, leading to an excessive withdrawal of funds.
Other Noteworthy Crypto Scams and Hacks
In the midst of the Sturdy Finance exploit, eight Twitter accounts belonging to high-profile members of the crypto community were hijacked and used to promote crypto scams. Renowned DJ Steve Aoki, Pudgy Penguins founder Cole Villemain, and even crypto critic Peter Schiff were among the victims. According to blockchain detective ZachXBT, the scammers were able to steal nearly $1 million in crypto after taking control of these accounts.
In other news, the United States Justice Department recently charged two men for their alleged involvement in the Mt. Gox hack. The department accuses 43-year-old Alexey Bilyuchenko and 29-year-old Aleksandr Verner of stealing and conspiring to launder 647,000 Bitcoin.