Astaria, a platform that allows users to borrow and lend cryptocurrencies and NFTs, announced that it has successfully recovered from an attack that exploited a vulnerability in its smart contract code.
The attack, which occurred on June 20 at 07:42 Turkish time, caused the platform to enter a state of pause and prevented the creation of new loans.
According to the official statement made by Astaria on Twitter, the attacker managed to manipulate the beacon of the BeaconProxy.sol contract, which is used to update the working logic of the platform's contracts. The attacker then uploaded a rogue app that lets them call the contract to self-destruct, effectively deactivating that contract.
However, Astaria assured its users that no funds or NFTs were lost in the attack and that they do not need to take any action at this time.
The platform said that all liquidity providers and borrowers are running a whitehat recovery script that recovers all ERC20 and ERC721 tokens. The script used an updated contract implementation and recovery code that pulls all assets into the Astaria multisig wallet.
Astaria said it is working on a distribution method to return funds and NFTs to the right users and will follow up with more details as soon as possible. The platform also said it is keeping in touch with the white line community, which helps keep its protocol safe, and can communicate with affected people via Twitter or Discord.
*Not investment advice.