DeFi Platform EraLend on zkSync Loses $3.4 Million in Blockchain Exploit

DeFi
Last updated:
Author
Fredrik Vold
Author Categories
About Author

Last updated:
Why Trust Cryptonews
Cryptonews has covered the cryptocurrency industry topics since 2017, aiming to provide informative insights to our readers. Our journalists and analysts have extensive experience in market analysis and blockchain technologies. We strive to maintain high editorial standards, focusing on factual accuracy and balanced reporting across all areas - from cryptocurrencies and blockchain projects to industry events, products, and technological developments. Our ongoing presence in the industry reflects our commitment to delivering relevant information in the evolving world of digital assets. Read more about Cryptonews
Source: Adobe / _Danoz

Decentralized finance (DeFi) protocol EraLend has lost $3.4 million worth of crypto in a so-called re-entrancy attack.

The attack, which happened on Tuesday, exploited a vulnerability that allowed the hacker to make multiple calls to a function within one single transaction, enabling the person or group to withdraw more money than what should have been possible.

Only deposits in the form of the stablecoin USD Coin (USDC) appears to have been affected for now.

News of the hacking attack was first shared by an individual community member on Twitter, with the EraLend later responding and thanking the user for his “swift action in flagging this attack.”

“As we continue to work with multiple parties to resolve this, we hope that you […] will continue to keep a close eye on this ongoing investigation,” the team wrote.

The news was then reported on by the blockchain security firm BlockSec, which said it is assisting EraLend in the handling of a “read-only re-entrancy attack”:

Attack has been ‘contained’, team says

In a post on EraLend’s Discord server, the EraLend team said the attack has been “contained,” while assuring users that the attackers are “no longer able to continue their actions.”

“As a precautionary measure, we have temporarily suspended all borrowing operations to ensure the safety of funds,” the team wrote, adding that users are advised to avoid depositing USDC until further notice.

“We are actively investigating this matter and will provide timely updates to our community as more information becomes available,” the post said.

A lending and borrowing protocol that operates on the zkSync layer 2 network, EraLend claims to be among the most capital efficient solutions in the DeFi space with a smaller difference between lending and borrowing rates.

The protocol also claims to be a safer choice than competing protocols, saying on its website that it is less risky because it does not depend on oracles and external liquidity.

Conic Finance suffered same attack

A reentrancy attack is the same type of exploit as the DeFi protocol Conic Finance suffered over the weekend.

In Conic Finance’s case, hackers drained $3.2 million worth of Ether (ETH) from the protocol in two separate attacks that exploited an Omnipools vulnerability.

“In response to this and given today’s ETH exploit, we immediately enforced maximum safety measures and temporarily shutdown all Omnipools,” the Conic Finance team said at the time.

More Articles

Press Releases
Web3 Wallet Best Wallet Presale Funding Hits $9.5M – 35 Hours Left to Secure Lower Price
2025-02-11 15:50:27
Price Analysis
XRP Price Set to Explode to $10? Attorney Predicts Lawsuit Will End Before ETF Approval
Simon Chandler
Simon Chandler
2025-02-11 15:46:26
Crypto News in numbers
editors
Authors List + 66 More
2M+
Active Monthly Users Around the World
250+
Guides and Reviews Articles
8
Years on the Market
70
International Team Authors