Decentralized finance (DeFi) protocol EraLend has lost $3.4 million worth of crypto in a so-called re-entrancy attack.
The attack, which happened on Tuesday, exploited a vulnerability that allowed the hacker to make multiple calls to a function within one single transaction, enabling the person or group to withdraw more money than what should have been possible.
Only deposits in the form of the stablecoin USD Coin (USDC) appears to have been affected for now.
News of the hacking attack was first shared by an individual community member on Twitter, with the EraLend later responding and thanking the user for his “swift action in flagging this attack.”
“As we continue to work with multiple parties to resolve this, we hope that you […] will continue to keep a close eye on this ongoing investigation,” the team wrote.
The news was then reported on by the blockchain security firm BlockSec, which said it is assisting EraLend in the handling of a “read-only re-entrancy attack”:
In a post on EraLend’s Discord server, the EraLend team said the attack has been “contained,” while assuring users that the attackers are “no longer able to continue their actions.”
“As a precautionary measure, we have temporarily suspended all borrowing operations to ensure the safety of funds,” the team wrote, adding that users are advised to avoid depositing USDC until further notice.
“We are actively investigating this matter and will provide timely updates to our community as more information becomes available,” the post said.
A lending and borrowing protocol that operates on the zkSync layer 2 network, EraLend claims to be among the most capital efficient solutions in the DeFi space with a smaller difference between lending and borrowing rates.
The protocol
Read more on cryptonews.com