In a shocking turn of events, EraLend on ZkSync, a popular lending app, has become the latest target of a crippling security breach, leaving a staggering loss of $3.4 million in its wake.
The exploit, executed through a cunning read-only reentrancy method, dealt a severe blow to the lending market, sending shockwaves through the cryptocurrency community.
The attacker’s modus operandi involved manipulating LP token pricing, effectively draining massive sums of cryptocurrency from the platform. The incident has raised concerns about the vulnerability of DeFi protocols and the need for robust security measures.
🚨Security Update: We've experienced a security incident on our platform today. The threat has been contained. We've suspended all borrowing operations for now and advise against depositing USDC. We're working with partners and cybersecurity firms to address this.
More updates…— EraLend | The #1 Money Market on zkSync🥇 (@Era_Lend) July 25, 2023
In the aftermath of the attack, cybersecurity experts have rallied to the aid of EraLend, with Blocksec, a reputable cybersecurity firm, leading the charge in investigating the breach. The experts have successfully pinpointed the root cause of the exploit, confirming the use of the read-only re-entrancy attack to gain unauthorized access to LP token pricing.
We are assisting @Era_Lend to this issue, and the root cause has been identified. The total loss is ~$3.4M.
Specifically, this is a read-only re-entrancy attack.
Another attack tx is:https://t.co/H4A2suVLai
Attacker address:
0xf1D076c9Be4533086f967e14EE6aFf204D5ECE7a https://t.co/InhCCW7QAy— BlockSec (@BlockSecTeam) July 25, 2023
As the investigation unfolds, EraLend and its partners are working tirelessly to contain the threat and prevent further losses. This incident serves as a sobering reminder to the entire crypto industry of the ongoing risks posed by malicious actors, emphasizing the urgency for enhanced security measures and continuous vigilance in the ever-evolving landscape of digital finance.