Decentralized finance (DeFi) platform Sturdy Finance recently fell victim to a security exploit, resulting in the loss of approximately $800,000 worth of Ether (ETH). The attacker took advantage of a vulnerability in the protocol’s price oracle, allowing them to drain funds from the platform.
On June 12, blockchain security firm PeckShield alerted Sturdy Finance about a suspicious transaction related to price manipulation. Shortly after being notified, the DeFi protocol promptly halted all its markets and reassured its users that no additional funds were at risk.
Despite the swift response, PeckShield confirmed that the attacker managed to transfer the stolen ETH to the crypto mixer Tornado Cash. The security firm identified a faulty price oracle as the root cause of the exploit.
Further analysis conducted by BlockSec, another blockchain security company, revealed that the hack was executed using a reentrancy attack. This method allows hackers to repeatedly call a function within a single transaction, enabling them to withdraw more funds than should be possible.
In a separate incident, scammers targeted prominent members of the crypto community on Twitter. By gaining control of eight accounts, including those of DJ Steve Aoki, Pudgy Penguins founder Cole Villemain, and crypto critic Peter Schiff, the scammers managed to promote crypto scams and reportedly stole nearly $1 million in cryptocurrency.
In another development, the United States Justice Department has pressed charges against two individuals allegedly involved in the infamous Mt. Gox hack. Alexey Bilyuchenko, 43, and Aleksandr Verner, 29, stand accused of stealing and conspiring to launder 647,000 Bitcoin (BTC).
As the DeFi space continues to evolve, these incidents serve as a reminder of the importance of robust security measures and constant vigilance to mitigate potential risks in the rapidly growing decentralized finance ecosystem.
