Ethereum DeFi Protocol SIR.trading Loses $355k TVL to Smart Contract Hack

SIR.trading DeFi Protocol Loses Entire $355K TVL in Hack Exploiting Ethereum's Transient Storage Feature

  • Ethereum DeFi protocol SIR.trading lost its entire $355,000 TVL in a March 30 hack targeting a vulnerability in its contract vault.
  • Security firms identified the attack as exploiting Ethereum’s transient storage feature, a relatively new function introduced in the Dencun upgrade.
  • Despite the complete loss of funds, the protocol’s founder indicated plans to continue operations, while the stolen assets were moved through privacy solution Railgun.

Ethereum-based DeFi protocol SIR.trading has suffered a complete loss of funds after Hackers exploited a vulnerability in its smart contract vault. The March 30 attack drained the protocol’s entire total value locked (TVL) of approximately $355,000, leaving the self-described "safer leveraging" platform with zero remaining assets.

- Advertisement -

Security firms TenArmorAlert and Decurity first detected and reported the breach on social media platform X, warning users about the ongoing attack. The protocol’s founder, known as Xatarrer, acknowledged the devastating impact, describing it as "the worst news a protocol could received [sic]" while suggesting the team would attempt to maintain operations despite the setback.

According to Decurity’s analysis, the attack targeted a callback function within the protocol’s vulnerable contract vault. The security firm characterized it as a "clever attack" that exploited Ethereum’s transient storage feature to manipulate the system. The Hacker successfully replaced legitimate Uniswap pool addresses with controlled addresses, effectively redirecting funds to their own wallet.

TenArmorAlert explained that the attacker methodically drained the protocol by repeatedly calling the compromised callback function until the entire TVL was emptied. The security firm later reported that the stolen assets were deposited into an address funded through Railgun, an Ethereum privacy solution, with SIR.trading’s founder reportedly reaching out to Railgun for assistance.

The exploit may indicate broader security concerns with Ethereum’s transient storage functionality. SupLabsYi from security firm Supremacy provided additional technical details, suggesting the hack might demonstrate vulnerabilities in this relatively new Ethereum feature introduced during the Dencun upgrade in 2023. Transient storage was designed to enable temporary data storage with lower gas fees than regular storage options.

"This isn’t merely a threat aimed at a single instance of uniswapV3SwapCallback," SupLabsYi noted, implying potential wider implications.

Ironically, SIR.trading’s documentation marketed the protocol as "a new DeFi protocol for safer leverage," specifically designed to address challenges in leveraged trading such as volatility decay and liquidation risks. However, the protocol’s documentation did acknowledge potential smart contract vulnerabilities, specifically warning that its vaults could contain undiscovered bugs leading to financial losses, despite having undergone security audits.

- Advertisement -

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

- Advertisement -

Latest News

Opyl Turns to Bitcoin Treasury as Cash Crisis Deepens

Opyl Limited, an Australian biotech company, bought around 2 Bitcoin as part of a...

Theta Network Launches EdgeCloud Beta, Unveils Hybrid GPU Platform

THETA Network is launching the beta version of EdgeCloud’s hybrid edge-cloud computing platform on...

Australian Police Crack Down on Crypto ATM Scams, Contact 90 Users

Australian police contacted over 90 people linked to suspected criminal use of crypto ATMs.Victims...

Colorado Pastor Faces Judgment Over “Divine Wealth” Crypto Scam

A Colorado pastor and his wife are facing civil allegations of securities fraud for...

Theta EdgeCloud Hybrid Beta Launches, Ushering in Decentralized AI

THETA Network will launch its Theta EdgeCloud Hybrid Beta on June 25, 2025. Theta EdgeCloud...

Must Read

Top 11 Hosting Providers To Buy VPS With Bitcoin And Cryptocurrency

As a full-time blogger with over 5 years of experience and running multiple niche websites, I have gained the necessary expertise when it comes...