BlockNews
FOLLOW ON X
  • CRYPTO
  • FINANCE
  • POLITICS
  • MEMECOINS
  • NFT
  • TECHNOLOGY
  • OPINION
No Result
View All Result
BlockNews
  • CRYPTO
  • FINANCE
  • POLITICS
  • MEMECOINS
  • NFT
  • TECHNOLOGY
  • OPINION
No Result
View All Result
BlockNews
Home BREAKING NEWS

zkSync Lending Protocol EraLend Hacked

by BlockNews Team
September 28, 2023
in BREAKING NEWS, CRYPTO, FINANCE
Reading Time: 4 mins read
A A
1
SHARES
21
VIEWS
Share on XShare in TelegramShare on Reddit
  • The most significant lending protocol on the Ethereum L2 network zkSync has been hacked.
  • An attacker has exploited the protocol through a read-only reentrancy attack.
  • Losses so far have amounted to $3.4 million in stolen USDC tokens, and EraLend has temporarily suspended all borrowing operations.

EraLend, a prominent lending protocol built on the L2 zkSync, has fallen victim to a security breach that resulted in a significant loss of funds. As the platform addresses the situation, it has taken swift action by suspending all borrowing operations and cautioning users against USDC deposits.

🚨Security Update: We've experienced a security incident on our platform today. The threat has been contained. We've suspended all borrowing operations for now and advise against depositing USDC. We're working with partners and cybersecurity firms to address this.
More updates…

— EraLend | The #1 Money Market on zkSync🥇 (@Era_Lend) July 25, 2023
Via @Era_Lend – Twitter

The incident was identified as a read-only reentrancy attack, leading to approximately $3.4 million in losses.

We are assisting @Era_Lend to this issue, and the root cause has been identified. The total loss is ~$3.4M.
Specifically, this is a read-only re-entrancy attack.
Another attack tx is:https://t.co/H4A2suVLai
Attacker address:
0xf1D076c9Be4533086f967e14EE6aFf204D5ECE7a https://t.co/InhCCW7QAy

— BlockSec (@BlockSecTeam) July 25, 2023
Via @BlockSecTeam – Twitter

Attack Explained

A read-only reentrancy attack is a security vulnerability that can be exploited on smart contract platforms like Ethereum. In a read-only reentrancy attack, malicious actors use a smart contract’s external call functionality to manipulate its state to allow them to repeatedly read and gather sensitive data from the contract without incurring any costs.

The attack unfolds when the attacker initiates a transaction with the vulnerable smart contract and makes an external call during this interaction. The external call may trigger recursive calls back to the vulnerable contract, enabling the attacker to read and gather sensitive data contained within the contract.

The attacker can then call the external function recursively, creating a reentrancy loop that allows them to repeatedly access the sensitive data without paying any gas fees, as the external calls are executed within the same transaction.

The potential impact of read-only reentrancy attacks lies in the sensitive data the vulnerable smart contract may hold. For instance, if the contract contains private keys or user data, the attacker could exploit the vulnerability to access and collect this information repeatedly.

The Broader Crypto Security Landscape

The EraLend hack serves as another reminder of the constant security threats faced by cryptocurrency platforms. As the industry witnesses daily hacking events, protocols, and companies continually enhance their security measures to safeguard users’ funds and data. This incident highlights the importance of robust security practices and the need for coordinated efforts within the crypto community to combat such attacks effectively.

A common strategy to mitigate read-only reentrancy attacks is the “Checks-Effects-Interactions” pattern, which ensures that any state-changing operations are performed before any external calls are made, reducing the risk of reentrancy attacks. Developers can also use modifiers to enforce access controls, limit who can call specific functions, and implement withdrawal patterns to handle user withdrawals securely.

Third-party security audits play a crucial role in identifying potential vulnerabilities and improving the overall security of smart contracts. Engaging reputable security auditors to review the code can help identify and address potential weaknesses, reducing the risk of successful attacks.

Conclusion

As EraLend navigates through the aftermath of the security incident, the platform remains vigilant in resolving the situation and safeguarding user assets. The attack’s impact, amounting to $3.4 million in losses, is a stark reminder of the security challenges inherent in cryptocurrency.

In response, EraLend has temporarily suspended borrowing operations and seeks to collaborate with cybersecurity firms to address the breach. As the crypto community stands united against such threats, the incident underscores the collective responsibility to fortify security measures across all platforms in the ever-evolving digital financial landscape.

Tags: EraLendHackL2zkSync
TweetShareShare
Previous Post

Google Cloud to Launch More Web3 Products

Next Post

Sam-Bankman-Fried And Other Former FTX Execs Sued By The Company To Claw Back $1B

DON'T MISS THESE! HOT OFF THE PRESS

Anime 2.0 Revealed: Studio Azuki and the New Wave of Anime Storytelling
CRYPTO

Anime 2.0 Revealed: Studio Azuki and the New Wave of Anime Storytelling

July 1, 2025
Pi Coin in July 2025: Rebound Brewing or Another Breakdown?
CRYPTO

Pi Coin in July 2025: Rebound Brewing or Another Breakdown?

July 1, 2025
VeChain Struggles to Regain Steam After December Peak
CRYPTO

VeChain Struggles to Regain Steam After December Peak

July 1, 2025
Shiba Inu’s Golden Cross Sparks $110M Whale Surge as Pippen Joins the Party
CRYPTO

Shiba Inu’s Golden Cross Sparks $110M Whale Surge as Pippen Joins the Party

July 1, 2025
Toncoin and Telegram: The Sleeping Giant of 2025?
BITCOIN

Toncoin and Telegram: The Sleeping Giant of 2025?

July 1, 2025
Crypto Supply Shock: Bitwise Predicts Bullish Runs for BTC, But Shows Doubt With ETH and SOL
BITCOIN

Crypto Supply Shock: Bitwise Predicts Bullish Runs for BTC, But Shows Doubt With ETH and SOL

July 1, 2025
Load More

Related News

Anime 2.0 Revealed: Studio Azuki and the New Wave of Anime Storytelling

Anime 2.0 Revealed: Studio Azuki and the New Wave of Anime Storytelling

July 1, 2025
Pi Coin in July 2025: Rebound Brewing or Another Breakdown?

Pi Coin in July 2025: Rebound Brewing or Another Breakdown?

July 1, 2025
VeChain Struggles to Regain Steam After December Peak

VeChain Struggles to Regain Steam After December Peak

July 1, 2025
Shiba Inu’s Golden Cross Sparks $110M Whale Surge as Pippen Joins the Party

Shiba Inu’s Golden Cross Sparks $110M Whale Surge as Pippen Joins the Party

July 1, 2025
Toncoin and Telegram: The Sleeping Giant of 2025?

Toncoin and Telegram: The Sleeping Giant of 2025?

July 1, 2025
Twitter Telegram Threads

BLOCKNEWS.COM

BlockNews

BlockNews.com is your premier source for real-time cryptocurrency, blockchain, and financial market news.

Our mission is to deliver accurate, timely, and insightful information to help both seasoned investors and newcomers navigate the evolving digital economy.

With in-depth analysis, exclusive insights, and up-to-date news, BlockNews.com keeps you informed on the latest trends in crypto, DeFi, NFTs, tech, and beyond.

Stay ahead of the herd with BlockNews.com

RESOURCES

  • About
  • Contact Us
  • Terms and Conditions
  • Privacy Policy

POPULAR TOPICS

$ADA $XRP AI Avalanche Binance Bitcoin Bitcoin ETF blackrock Blockchain BTC Business Cardano Chainlink China Coinbase Coinglass crypto cryptocurrency Crypto Exchange Crypto Regulation DeFi Dogecoin Donald Trump Elon Musk ETF eth ethereum Federal Reserve FTX grayscale Memecoin metaverse Microstrategy NFT NFTs PEPE ripple sec Shiba Inu Solana Stablecoin Technology US Web3 xrp

GET QUICKER UPDATES ON X

© 2022-2025 BlockNews.com - Crypto and NFT news website by Aiur Labs.

No Result
View All Result
  • HOME
  • CRYPTO
  • MEMECOINS
  • TECHNOLOGY
  • POLITICS
  • FINANCE
  • NFT
  • DEFI
  • GUIDES

© 2022-2025 BlockNews.com - Crypto and NFT news website by Aiur Labs.