The decentralized finance (DeFi) protocol, Sturdy Finance, lost 442 ETH (approximately $765,000 at the time of this publication) due to a security vulnerability exploited by some hackers.
The blockchain security company, PeckShield, alerted the DeFi protocol on Twitter about fraudulent transactions through which attackers manipulated prices on the platform.
“We are aware of the reported exploit of the Sturdy protocol. All markets have been paused; no additional funds are at risk, and no user actions are required at this time,” affirmed Sturdy Finance.
Sturdy Finance loses $765,000 in ETH
The DeFi platform confirmed that it was a victim of the attack and sent a message to its users, assuring them that the necessary measures have been taken to prevent further funds from being stolen from the protocol.
However, the hacker managed to steal over $765,000 in ETH, which was sent to a cryptocurrency mixer.
According to the security firm BlockSec, the attacker of Sturdy Finance exploited the read-only reentrancy in the protocol’s price balancer to manipulate the price of the BstETH-STABLE pair.
“This technique is commonly used by hackers to withdraw funds from DeFi protocols,” says BlockSec.
It involves taking advantage of the ability to repeatedly call a function in a single transaction before the first function call has been completed. Thanks to this, hackers can withdraw more money than should be possible.
Sturdy Finance hack exposes the vulnerability of DeFi platforms
Attacks on DeFi platforms have increased over time, leading many to consider this ecosystem a paradise for hackers. The theft of $625 million from Ronin Bridge and the $197 million stolen from Euler Finance are just examples of the vulnerability of these platforms.
Due to financial transactions in DeFi occurring on the blockchain without intermediaries, there is an inherent risk. This lack of regulation and decentralization makes decentralized finance platforms vulnerable to attacks.
Despite these challenges, DeFi has continued to evolve and demonstrate impressive growth. However, it is necessary for security also to evolve to create a safer environment for users.