- PeckShield notified Sturdy Finance on June 12 of a suspicious transaction.
- The attacker sent about $800,000 in ETH to the crypto mixer Tornado Cash.
The Sturdy Finance DeFi protocol lost 442 ETH, or over $800,000 at the time of writing, due to a hack. An intruder drained funds from the protocol by exploiting a vulnerability that allowed them to manipulate a flawed pricing oracle.
PeckShield, a blockchain security company, notified Sturdy Finance on June 12 of a suspicious transaction. That may have been an attempt at price manipulation. Almost an hour after first learning of the attack, the DeFi protocol announced that it had disabled all markets. And assured its customers that their money was safe.
Attacker Manipulates Price Oracle
PeckShield verified that the attacker sent about $800,000 in ETH to the crypto mixer Tornado Cash, despite a rapid reaction from the DeFi lending platform. The security company said that the flawed pricing oracle was the “root cause” of the vulnerability.
Also, a popular tactic used by hackers to steal money using DeFi protocols is called a reentrancy attack. Which was revealed by the blockchain security firm BlockSec.
This technique is used by cybercriminals to take advantage of a vulnerability that allows them to repeatedly call a function in a single transaction before the first call has finished processing. This allows hackers to make larger withdrawals than would otherwise be feasible.
Despite a dramatic drop in crypto hacks during the first quarter of 2023, the crypto community is being encouraged not to let its guard down, with one business warning that this is likely a “temporary reprieve, rather than a long-term trend.”
Chainalysis released research earlier this year estimating that $3.8 billion was stolen in crypto hacks in 2022, with the majority of the funds coming from decentralized finance (DeFi) protocols and attackers with ties to North Korea.
Recommended for You:
Crypto Twitter Heist: Hackers Stole $1M from Prominent Accounts