EraLend, the largest lending protocol on the Ethereum scaling blockchain zkSync, suffered a $3.4 million “read-only re-centering” attack yesterday, according to blockchain security firm CertiK.
By exploiting a vulnerability in the protocol's smart contract, hackers were able to manipulate the interest rate and withdraw more money than they had deposited. According to DefiLlama data, the attack caused the total value locked in EraLend to drop from $18.5 million to $10.75 million.
EraLend Developers Offer Hacker 10% Of The Amount Stolen As A Reward
Surprisingly, EraLend developers today made an offer to hackers asking them to return 90% of the stolen funds and keep 10% as a white hat hacker reward.
The developers claim they have evidence of the hacker's identity and on and off-chain activities, and have contacted security experts, exchanges, law enforcement, and the DeFi community for assistance.
The developers wrote a letter to the hacker from their official Twitter accounts, stating:
“We realize that during yesterday's attack you could have exhausted all the available liquidity and you would rather use only some of it. We interpret this as an expression of your 'goodwill' or potential concern for the victims or the wider impact of such a serious attack.
However, your action was unlawful and had devastating effects, affecting not only 500,000 EraLend users, but the DeFi community as a whole.
We've contacted security professionals, CEXs, the broader DeFi security community, and law enforcement. We're tracking the traces you left before and after the attack. Both on-chain and off-chain.
Here is our offer:
Return 90% of the funds to the address listed below by July 27 at 17:00 CEST and we'll unfollow you. You can peacefully hold 10% of the stolen funds as a white hat reward.
If funds are not returned by the deadline, we will have no choice but to escalate the matter. The deal will be terminated and we will immediately set another reward for any person or entity that helps us prosecute you and recover stolen funds.”
*Not investment advice.