Loading cryptocurrency prices...

Ethereum DeFi Protocol SIR.trading Loses $355k TVL to Smart Contract Hack

SIR.trading DeFi Protocol Loses Entire $355K TVL in Hack Exploiting Ethereum's Transient Storage Feature

  • Ethereum DeFi protocol SIR.trading lost its entire $355,000 TVL in a March 30 hack targeting a vulnerability in its contract vault.
  • Security firms identified the attack as exploiting Ethereum’s transient storage feature, a relatively new function introduced in the Dencun upgrade.
  • Despite the complete loss of funds, the protocol’s founder indicated plans to continue operations, while the stolen assets were moved through privacy solution Railgun.

Ethereum-based DeFi protocol SIR.trading has suffered a complete loss of funds after Hackers exploited a vulnerability in its smart contract vault. The March 30 attack drained the protocol’s entire total value locked (TVL) of approximately $355,000, leaving the self-described "safer leveraging" platform with zero remaining assets.

- Advertisement -

Security firms TenArmorAlert and Decurity first detected and reported the breach on social media platform X, warning users about the ongoing attack. The protocol’s founder, known as Xatarrer, acknowledged the devastating impact, describing it as "the worst news a protocol could received [sic]" while suggesting the team would attempt to maintain operations despite the setback.

According to Decurity’s analysis, the attack targeted a callback function within the protocol’s vulnerable contract vault. The security firm characterized it as a "clever attack" that exploited Ethereum’s transient storage feature to manipulate the system. The Hacker successfully replaced legitimate Uniswap pool addresses with controlled addresses, effectively redirecting funds to their own wallet.

TenArmorAlert explained that the attacker methodically drained the protocol by repeatedly calling the compromised callback function until the entire TVL was emptied. The security firm later reported that the stolen assets were deposited into an address funded through Railgun, an Ethereum privacy solution, with SIR.trading’s founder reportedly reaching out to Railgun for assistance.

The exploit may indicate broader security concerns with Ethereum’s transient storage functionality. SupLabsYi from security firm Supremacy provided additional technical details, suggesting the hack might demonstrate vulnerabilities in this relatively new Ethereum feature introduced during the Dencun upgrade in 2023. Transient storage was designed to enable temporary data storage with lower gas fees than regular storage options.

- Advertisement -

"This isn’t merely a threat aimed at a single instance of uniswapV3SwapCallback," SupLabsYi noted, implying potential wider implications.

Ironically, SIR.trading’s documentation marketed the protocol as "a new DeFi protocol for safer leverage," specifically designed to address challenges in leveraged trading such as volatility decay and liquidation risks. However, the protocol’s documentation did acknowledge potential smart contract vulnerabilities, specifically warning that its vaults could contain undiscovered bugs leading to financial losses, despite having undergone security audits.

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

- Advertisement -

Latest News

North Korean Hackers Target Binance Co-Founder CZ With Google Attack

Hackers targeted Binance co-founder Changpeng “CZ” Zhao’s Google account, raising concerns about government-backed cyber...

Railgun Token Soars 300% After Ethereum Foundation Integration

Railgun token price surged nearly 300% after integration with a new Ethereum Foundation wallet...

SoftBank Pledges Arm Stock for $5B Margin Loan to Back OpenAI

SoftBank Group is close to securing a $5 billion margin loan using Arm Holdings...

Binance Life Memecoin Soars on BNB Chain After Founders’ Posts

A new memecoin on BNB Chain reached a market value of $524 million shortly...

Bitcoin Slips to $121K as Jobless Claims, Fed Uncertainty Weigh on Crypto

Major cryptocurrencies saw declines as investors reacted to new U.S. jobless claims data and...
- Advertisement -

Must Read

Top 9 Most Legit Bitcoin Faucets

Bitcoin faucets are platforms where you can earn Bitcoin free. Some other faucet apps and websites allow users to receive different cryptocurrencies for free....