News rang hollow in the cryptocurrency community when the Decentralized Finance (DeFi) Protocol, EraLend fell victim to a ‘re-entrancy attack’, rendering it poorer by $3.4 million worth of crypto loot. This infringement outsmarted an existing vulnerability, permitting the hacker to place multiple calls to a function in a single transaction, enabling them to withdraw a transaction volume beyond the actually possible limits. Solely deposits in the form of the stablecoin USD Coin (USDC) seems to have taken this assault on the chin.
The news of this cyber onslaught came to light when an active community member flagged this attack on Twitter. The EraLend team, in retort, openly expressed their gratitude to the vigilant netizen. They also extended their faith in the community’s vigilance as they join forces with several parties in their quest to bring this issue to resolution.
Upon affirmation of the infringement, the blockchain security firm, BlockSec reported its collaboration with EraLend to control this ‘read-only re-entrancy attack’.
This attack, however, finds a silver lining in the form of proactive containment. EraLend spokespeople assure users that their funds are secure, and the hackers have been deprived of continuance of their operations. As a safety measure, they have temporarily suspended all borrowing procedures, advising users against depositing any USDC for the period.
The EraLend platform that functions on the zkSync layer 2 network prides itself on its capital efficiency with a minimal disparity between lending and borrowing rates. It has boasted of its platform being low-risk due to its independence from oracles and external liquidity.
However, this act brings to light the inherent flaws that tread on thin ice. EraLend is not the first to face such an attack; DeFi protocol Conic Finance recently faced a similar fate, with $3.2 million worth of Ether drained from the protocol, exploiting an Omnipools vulnerability.
This reiteration of a reentrancy attack puts forth the need for advanced security protocols and increased vigilance within transactions. It also casts shadows on the perceived immutability of blockchain-based products and highlights how dependencies and vulnerabilities can potentially be exploited. After these occurrences, it is only reasonable for us to entertain the question – is the pursuit of DeFi advancement overshadowing the dire need for security? We must tread this path with caution, keeping our eyes open for potential pitfalls and constantly striving for better.
Source: Cryptonews