Sturdy Finance, a decentralized lending protocol, suffered a security attack that resulted in 442 Ethereum losses.
Hackers Stole 442 Ethereum From Sturdy Finance
The anonymous attacker exploited a recentering vulnerability that facilitated the manipulation of an erroneous price indicator, thus allowing them to siphon funds.
In decentralized finance (DeFi) applications, price indicators are very important as they provide real-world price data. However, they also pose a potential target for hackers who could abuse them.
The attack on Sturdy Finance was initiated by the reentrancy attack, a method often used to illegally withdraw funds from DeFi protocols.
This type of attack takes advantage of the ability to repeatedly call a function within a single transaction before the original function call is complete. This allows the attacker to withdraw more funds than is legally entitled.
Sturdy Finance responded to the attack by suspending all its markets to prevent further potential losses, reassuring its users that no other funds were in danger as a result of the breach.
“All markets are paused; no additional funds are at risk and no user action is required at this time. We will share more information as soon as we get it,” the team said.
On-chain data after the attack shows that the attacker used the Tornado Cash mixer to hide the activity.
In 2022, Sturdy Finance raised $3 million in a series of rounds to create an interest-free borrowing and lending platform. The fund was led by Pantera and also saw participation from Y Combinator, SoftBank's Opportunity Fund, and KuCoin Ventures.
*Not investment advice.