Exploit on zkSync: $3.4 Million Crypto Loss on Lending App Era Lend

Coinan Porter

Coinan Porter

Exploit on zkSync: .4 Million Crypto Loss on Lending App Era Lend
, , , ,

Era Lend on zkSync Exploited for $3.4 Million in Crypto

According to a report from CertiK, the lending app Era Lend on zkSync has been exploited, resulting in the loss of $3.4 million worth of cryptocurrency. The attacker used a “read-only reentrancy attack” to drain the funds. Here are the key points:

– The attacker drained funds in two separate transactions using the externally owned account 0xf1D076c9Be4533086f967e14EE6aFf204D5ECE7a.
– The vulnerability was found in the “callback and _updateReserves function,” which allowed the attacker to manipulate a contract into reporting old values.
– Era Lend is a fork of the Syncswap project, and other projects based on Syncswap may also be vulnerable to the exploit.
– The Era Lend team has acknowledged the attack and paused the protocol’s zkSync contracts to prevent further exploits.
– The stablecoin USDC+, issued by the Overnight Finance protocol, was also affected by the attack, with a potential loss of over $261,000.

This attack highlights the difficulty in detecting read-only reentrancy vulnerabilities. Auditors and bug hunters typically focus on entry points that modify state, making these vulnerabilities hard to spot. To address this, auditors should use specialized software. Era Lend operates on the zkSync network, which plans to create an ecosystem of interoperable chains called “Hyperchains.”

Hot Take:

Read Disclaimer
This page is simply meant to provide information. It does not constitute a direct offer to purchase or sell, a solicitation of an offer to buy or sell, or a suggestion or endorsement of any goods, services, or businesses. Lolacoin.org does not offer accounting, tax, or legal advice. When using or relying on any of the products, services, or content described in this article, neither the firm nor the author is liable, directly or indirectly, for any harm or loss that may result. Read more at Important Disclaimers and at Risk Disclaimers.

The exploit of Era Lend on zkSync demonstrates the ongoing challenges of securing decentralized finance platforms. As the popularity of crypto lending and layer-2 solutions grows, it is imperative for developers and auditors to remain vigilant in identifying and addressing potential vulnerabilities. The incident serves as a reminder that even seemingly secure protocols can be susceptible to attacks, emphasizing the need for continuous improvement in security measures.

Coinan Porter
Author – Contributor at | Website

Coinan Porter stands as a notable crypto analyst, accomplished researcher, and adept editor, carving a significant niche in the realm of cryptocurrency. As a skilled crypto analyst and researcher, Coinan’s insights delve deep into the intricacies of digital assets, resonating with a wide audience. His analytical prowess is complemented by his editorial finesse, allowing him to transform complex crypto information into digestible formats.

, , , , , , , , , , , , , , , , , , , , ,
Subscribe to our Social Media for Exclusive Crypto News and Insights 24/7!

Email me the hottest Crypto news!

You may also like

Read More Crypto News