DeFi protocol Sturdy Finance falls victim to $800k security attack
Decentralized lending platform Sturdy Finance has suffered a major security breach resulting in the loss of approximately $800,000 worth of ether (ETH).
The attack, executed by an unidentified individual, exploited a reentrancy vulnerability within the system, ultimately manipulating a faulty price oracle and siphoning funds.
The incident sheds light on the vulnerabilities inherent in decentralized finance (DeFi) applications, where price oracles serve as crucial components for providing real-world price data. However, they can also become prime targets for hackers aiming to exploit weaknesses and compromise platform security.
Sturdy Finance hit by security breach
A detailed analysis conducted by cybersecurity firm BlockSec traced the root cause of the breach to a reentrancy vulnerability present in Balancer’s system, combined with the manipulation of B-stETH-STABLE price data.
The attacker seized the opportunity to repeatedly call a function within a single transaction before completing the initial function call. Exploiting this loophole, they managed to withdraw more funds than they were legitimately entitled to. Once in control of the function calls, the attacker successfully manipulated the price oracle, effectively draining funds from Sturdy Finance.
Responding swiftly to the breach, Sturdy Finance immediately suspended all of its markets to prevent further potential losses. The platform’s team reassured users that no additional funds were at risk and that no immediate action was required on their part.
Further investigation revealed that the attacker employed the Tornado Cash mixer to obscure their activities. This privacy-enhancing tool added layer of complexity, making it challenging to trace the attacker’s transactions on the blockchain.
The security breach is a stark reminder of the constant threats DeFi platforms face. On June 4, Crypto wallet provider Atomic Wallet experienced a significant hack resulting in the theft of approximately $35 million worth of cryptocurrencies such as bitcoin, ether, tether, dogecoin, litecoin, BNB coin, and polygon.
As the crypto industry continues to evolve, it becomes increasingly vital for protocols to prioritize security measures and undertake comprehensive audits to identify and address vulnerabilities before malicious actors exploit them.