• Fri. Aug 25th, 2023

zkSync’s $3.4M Hack: Largest Protocol Breach

Aug 25, 2023
zkSync's $3.4M Hack: Largest Protocol Breach
Marcel Bich

The SyncSwap decentralized exchange (DEX) has encountered a “read-only re-entry” vulnerability that enables an attacker to manipulate prices and steal assets. The EraLend attacker exploited a flaw in the smart contract governing token minting and burning, essential for lending and borrowing within the protocol.

DefiLlama confirms that the hacker’s attack resulted in EraLend’s total capital decreasing more than threefold, plummeting from $18.5 million to $6.96 million.

EraLend officials acknowledge the security issue on their platform and assure users that the hacker threat has been eliminated.

The platform temporarily suspends borrowing transactions and advises against depositing USDC. EraLend is actively working with partners and cybersecurity firms to resolve the situation.

Conic Finance Hack 

This month, several other protocols, including AnubisDAO, Rodeo Finance, ArcadiaFi, and Conic Finance, have been targeted by similar “read-only re-entry” attacks.

Conic Finance’s DeFi protocol experienced a loss of 1,700 Ether (ETH), equivalent to over $3.6 million, due to an attack on one of its omnipools.

How Much Has Been Stolen by Crypto Hackers

In the first half of the year, cyberattacks, phishing schemes, and rug pool attacks resulted in total losses of $655.61 million. The attackers engaged in 108 protocol assaults, 110 rug pool attacks, and numerous phishing schemes, stealing $471.43 million, $75.87 million, and $108 million, respectively.

In the same period, hackers laundered approximately $244.5 million in digital currency. Harmony Bridge’s cross-chain compromise facilitated the largest amount laundered (around $100 million), followed by Atomic Wallet’s $65 million, and Uranium Finance’s $12.8 million loss in cryptocurrencies.