On July 25, the decentralized crypto lending protocol EraLend, which operates on the Ethereum scaling solution zkSync, fell victim to a read-only reentrancy attack, resulting in the theft of $3.4 million. The attack involved manipulating asset prices through repeated calls to the smart contract, effectively draining funds from the platform.
The EraLend team promptly addressed the security incident, containing the threat and suspending all borrowing operations temporarily. They warned users against depositing USDC and reassured the community that they were diligently working with partners and cybersecurity firms to rectify the situation and protect the interests of users.
EraLend’s lending protocol is designed to optimize capital efficiency and mitigate risks associated with external liquidity and oracles. It offers users the opportunity to lend and borrow crypto assets with greater efficiency than existing solutions in the market. Additionally, users can earn variable interest on crypto deposits based on supply, demand, and smart contract-based interest rate models. Prior to the attack, the platform had achieved a peak total value locked (TVL) of approximately $18.5 million.
DeFi (Decentralized Finance) hacks have been a persistent issue in the crypto market. In April 2023 alone, losses due to hacks and exploits surpassed $100 million. Notably, Euler Finance suffered the most significant loss of the year, with $197 million stolen by a hacker. Fortunately, the attacker returned all the funds after negotiations with the team.
Security remains a top priority for DeFi projects as they continue to attract significant sums of money from users. According to Chainalysis data, DeFi is responsible for a 60% surge in crypto hacks. Addressing these vulnerabilities and implementing robust security measures is crucial to safeguarding users’ funds and ensuring the long-term viability and growth of the DeFi ecosystem.