Decentralized finance (DeFi) protocol Sturdy Finance has lost 442 Ether (ETH), worth almost $800,000 when writing, to a security exploit. The attacker exploited a vulnerability that eventually manipulated a faulty price oracle, allowing them to drain funds from the protocol.
On June 12, blockchain security firm PeckShield alerted Sturdy Finance and reported a transaction that seemed to be related to price manipulation. Almost an hour later, the DeFi protocol said that they were aware of the exploit and responded by pausing all their markets and assuring its users that no additional funds were at risk.
Despite a swift response from the DeFi lending platform, PeckShield confirmed that the attacker was able to transfer almost $800,000 in ETH to the crypto mixer Tornado Cash. The security firm also noted that the “root cause” of the exploit was a faulty price oracle.
Additionally, the blockchain security company BlockSec highlighted that the hack was done through a reentrancy attack, which is a common method hackers use to withdraw funds from DeFi protocols.
Through the method, hackers exploit the ability to repeatedly call a function in a single transaction before the initial function call is complete. With this, hackers can withdraw more funds than should be possible.
Meanwhile, scammers were able to take control of eight Twitter accounts of prominent crypto community members and promote crypto scams. According to blockchain detective ZachXBT, the scammers have stolen almost $1 million in crypto after taking control of the accounts of famous DJ Steve Aoki, Pudgy Penguins founder Cole Villemain, and even crypto hater Peter Schiff.
In other news, the United States Justice Department has recently charged two men who are allegedly involved in the Mt. Gox hack. According to the department, 43-year-old Alexey Bilyuchenko and 29-year-old Aleksandr Verner allegedly stole and conspired to launder 647,000 Bitcoin (BTC).