• Crypto Lending Protocol EraLend was hacked to the tune of $3.4 Million.
• The funds were stolen in a reentrancy attack, which is one of the most common exploits against DeFi protocols.
• EraLend had eschewed the use of oracles, claiming that this made them less risky, but their lack of oracles was exploited.
EraLend Hacked for $3.4 Million
Crypto Lending Protocol EraLend has been hacked to the tune of $3.4 million, with an unknown bad actor stealing the funds in a typical reentrancy attack. Reentrancy attacks are one of the most common exploits against DeFi protocols, allowing a malicious actor to manipulate token prices within a smart contract and withdraw far more than they should be able to.
Reentrancy Attack Explained
A reentrancy attack is when an attacker identifies a security vulnerability in a smart contract’s code and repeatedly calls certain functions before the completion of previous function calls. These function calls can then be used to manipulate token prices within the contract so that attackers can withdraw more than they should have access to from the protocol.
EraLend Lack of Oracles Exploited
EraLend had previously claimed on its website that it was low-risk because it did not depend on external liquidity or oracles; however, its lack of oracles ended up being exploited by hackers during this attack. Afterward, all borrowing operations were suspended and users were advised not to deposit USDC until further notice while devs investigate and fix any issues uncovered by this incident.
Stolen Funds Breakdown
The stolen funds break down as follows: 3 million USDC, 3 million USDT, 600 ETH and 100 DAI tokens were taken from wallets belonging to different users on EraLend’s platform as well as from several cold storage wallets owned by EraLend itself.
Security Breach Response Plan
In response to this security breach, eraLend has implemented several measures including reviewing all internal processes related to security procedures and tightening up their internal procedures for handling sensitive data such as private keys and passwords in order to prevent similar incidents from occurring in future