Sturdy Finance Loses $800K in DeFi Attack

Sturdy Finance, a protocol for decentralized finance (DeFi), has lost 442 ether, worth nearly $800,000 at the time of writing, due to a security flaw.

The perpetrator exploited a vulnerability that ultimately allowed them to manipulate a flawed price oracle and drain funds from the protocol.

PeckShield, a blockchain security company, alerted Sturdy Finance on June 12 about a transaction that appeared to be related to price manipulation.

Almost an hour later, the DeFi protocol acknowledged the vulnerability, halted all of its markets, and assured its users that no additional funds were at risk.

PeckShield confirmed that the attacker could transmit nearly $800,000 in ETH to the cryptocurrency mixer Tornado Cash, despite a prompt response from the DeFi lending platform.

The security firm also noted that a flawed price oracle was the “root cause” of the vulnerability.

In addition, the blockchain security firm BlockSec emphasized that the breach was carried out using a reentrancy attack, which is a standard method used by hackers to withdraw funds from DeFi protocols.

Using this technique, hackers can repeatedly call a function in a single transaction before the initial function call is complete.

This allows hackers to extract an excessive amount of funds.

Scammers were able to seize control of eight prominent crypto community members’ Twitter accounts and use them to promote crypto scams.

According to blockchain detective ZachXBT, fraudsters took nearly $1 million in cryptocurrency after gaining access to the accounts of well-known DJ Steve Aoki, Pudgy Penguins founder Cole Villemain, and even crypto skeptic Peter Schiff.

In other news, the United States Department of Justice has recently charged two men with involvement in the Mt. Gox breach.

According to the department, Alexey Bilyuchenko, 43, and Aleksandr Verner, 29, conspired to steal and launder 647,000 bitcoins.