Ethereum DeFi Protocol SIR.trading Loses $355k TVL to Smart Contract Hack

SIR.trading DeFi Protocol Loses Entire $355K TVL in Hack Exploiting Ethereum's Transient Storage Feature

  • Ethereum DeFi protocol SIR.trading lost its entire $355,000 TVL in a March 30 hack targeting a vulnerability in its contract vault.
  • Security firms identified the attack as exploiting Ethereum’s transient storage feature, a relatively new function introduced in the Dencun upgrade.
  • Despite the complete loss of funds, the protocol’s founder indicated plans to continue operations, while the stolen assets were moved through privacy solution Railgun.

Ethereum-based DeFi protocol SIR.trading has suffered a complete loss of funds after Hackers exploited a vulnerability in its smart contract vault. The March 30 attack drained the protocol’s entire total value locked (TVL) of approximately $355,000, leaving the self-described "safer leveraging" platform with zero remaining assets.

- Advertisement -

Security firms TenArmorAlert and Decurity first detected and reported the breach on social media platform X, warning users about the ongoing attack. The protocol’s founder, known as Xatarrer, acknowledged the devastating impact, describing it as "the worst news a protocol could received [sic]" while suggesting the team would attempt to maintain operations despite the setback.

According to Decurity’s analysis, the attack targeted a callback function within the protocol’s vulnerable contract vault. The security firm characterized it as a "clever attack" that exploited Ethereum’s transient storage feature to manipulate the system. The Hacker successfully replaced legitimate Uniswap pool addresses with controlled addresses, effectively redirecting funds to their own wallet.

TenArmorAlert explained that the attacker methodically drained the protocol by repeatedly calling the compromised callback function until the entire TVL was emptied. The security firm later reported that the stolen assets were deposited into an address funded through Railgun, an Ethereum privacy solution, with SIR.trading’s founder reportedly reaching out to Railgun for assistance.

The exploit may indicate broader security concerns with Ethereum’s transient storage functionality. SupLabsYi from security firm Supremacy provided additional technical details, suggesting the hack might demonstrate vulnerabilities in this relatively new Ethereum feature introduced during the Dencun upgrade in 2023. Transient storage was designed to enable temporary data storage with lower gas fees than regular storage options.

"This isn’t merely a threat aimed at a single instance of uniswapV3SwapCallback," SupLabsYi noted, implying potential wider implications.

Ironically, SIR.trading’s documentation marketed the protocol as "a new DeFi protocol for safer leverage," specifically designed to address challenges in leveraged trading such as volatility decay and liquidation risks. However, the protocol’s documentation did acknowledge potential smart contract vulnerabilities, specifically warning that its vaults could contain undiscovered bugs leading to financial losses, despite having undergone security audits.

- Advertisement -

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

- Advertisement -

Latest

Congress Debates Stablecoin Bill Amid Rising Bank and Crypto Tensions

U.S. lawmakers are moving forward with the Senate Guiding and Establishing National Innovation for U.S. Stablecoins (GENIUS) Act, with debates set to resume after...

American Engineer Drugged, Robbed in Sophisticated London Crypto Heist

An American software engineer lost approximately $123,000 in cryptocurrency after being drugged and robbed in London.The victim was targeted by an impersonator posing as...

Max Keiser Doubts New Bitcoin Treasuries’ Discipline in Bear Market

Bitcoin-focused companies are increasingly copying the treasury strategy used by Michael Saylor's Strategy.Max Keiser raised doubts about whether these newer companies can maintain commitment...

South Korea Election Puts Crypto Policy at Center of Debate

Nearly one-third of South Koreans hold digital assets, making crypto a vital issue in the upcoming presidential election.Both major parties support crypto exchange-traded funds...

Scottsdale Residents Lose $6M to Crypto Scams; Police Respond

Scottsdale residents have reported losing over $6 million to cryptocurrency Scams in 2024.Authorities say actual losses could be higher, as not all cases are...

Must Read

9 Best Books On Ethereum And Blockchain Technology (Beginners And Advanced Readers)

Ethereum is a complex topic, and it can be difficult to know where to start learning about it.Even for people who are familiar with...