Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Cyvers Alerts. Show all posts
zkLend
Cyvers Alerts Data Breach DeFi Digital Assets zkLend

zkLend DeFi Platform Hacked, Loses $9.5 Million

 



A major hacking incident has hit zkLend, a decentralized lending platform that operates on the Starknet blockchain. The attacker managed to steal about $9.5 million worth of cryptocurrency by exploiting a vulnerability in the system.

According to blockchain security company Cyvers, the stolen digital assets were initially moved to the Ethereum network through a bridging mechanism. The hacker then tried to hide the transactions using Railgun, a privacy-focused tool that makes it difficult to trace funds. However, due to Railgun’s internal restrictions, the stolen funds were redirected back to the hacker’s original wallet.

In reaction to the security breach, zkLend temporarily disabled all withdrawals and advised its users to avoid making deposits or repaying loans until the issue was fully investigated. The company is working with law enforcement agencies and cybersecurity experts, including StarkWare, Starknet Foundation, and Binance Security, to track the stolen assets and identify the culprit.

The incident has raised fresh concerns about security vulnerabilities in the decentralized finance (DeFi) sector. Data from DeFiLlama reveals that cybercriminals have already stolen over $110 million from blockchain projects since the beginning of 2024. This attack on zkLend is now considered one of the most significant breaches to affect the Starknet ecosystem.

Efforts to Recover Stolen Funds

To retrieve the lost assets, zkLend has reached out to the hacker via an on-chain message. They have offered the attacker a 10% “white hat” reward, allowing them to keep a portion of the funds if they return the remaining amount. The total sum requested back is around 3,300 ETH, valued at approximately $8.78 million. zkLend has set a strict deadline of February 14, warning that legal action will follow if the assets are not returned.

Preetam Rao, CEO of security firm QuillAudits, pointed out that this is likely the most significant security breach on Starknet in recent years. He commended zkLend for maintaining transparency and offering a bounty to incentivize the hacker to return the funds.

Meir Dolev, Co-founder and CTO of Cyvers, highlighted that the breach exposes major risks in DeFi lending. He noted that the vulnerability lay in zkLend’s smart contract structure rather than in the core cryptographic system of Starknet’s zero-knowledge rollup technology.

Understanding Railgun’s Role in the Attack

Unlike other tools such as Tornado Cash, which mixes funds to hide their source, Railgun is built into DeFi applications, ensuring user privacy while they interact with blockchain networks. The hacker used Railgun to obscure the movement of stolen assets, but due to its built-in policies, the funds were eventually sent back to the original wallet.

What Happens Next?

zkLend has promised to provide a full report detailing how the breach occurred once their investigation is complete. The company is urging its users to remain patient as they work to strengthen security measures and prevent similar attacks in the future.

This hack serves as a reminder of the risks in DeFi platforms. It highlights the importance of continuous security upgrades to protect digital assets from increasingly sophisticated cyber threats.



Read more »
smart contract exploit
crypto industry Curio Ecosystem Cyvers Alerts Data Breach defi sector Ethereum platform hacks and scams MakerDAO PlayDapp Polkadot smart contract exploit

Hacker Generates 1 Billion CGT Tokens Valued at $40 Million within Curio Ecosystem

 

The Curio decentralized finance (DeFi) initiative encountered a breach, with experts from Cyvers Alerts approximating the incurred losses to be around $16 million. The breach appears to have been orchestrated through an exploitation of vulnerabilities within the permissioned access logic, allowing the attacker to generate an additional 1 billion CGT tokens, as per analysts at Cyvers Alerts. 

This breach consequently enabled the hacker to gain control over CGT tokens valued at close to $40 million. These findings from Cyvers Alerts come in the wake of a prior warning issued by Curio regarding a potential smart contract exploit.

Cyvers Alerts further highlighted that the compromised smart contract, which was based on MakerDAO, was a component of the ecosystem operating on the Ethereum platform. This revelation underscores the significance of ensuring robust security measures within smart contracts to mitigate such risks effectively.

Reassuringly, the Curio Ecosystem team has promptly responded to the breach, affirming their active engagement in addressing the situation. They have pledged to keep the community informed with updates on the progress of their efforts. Additionally, they emphasized that despite this incident, all contracts on the Polkadot side and within the Curio Chain ecosystem remain secure, aiming to instill confidence among users regarding the integrity of their platform.

In a broader context, the crypto industry witnessed a decline in losses attributed to hacks and scams during February, amounting to approximately $67 million, representing a notable decrease from the figures reported in January. Notably, all reported breaches during February were linked to the decentralized finance (defi) sector, with centralized platforms notably avoiding any significant incidents.

Delving into the specifics, the majority of losses incurred during February were attributed to breaches affecting platforms such as the gaming platform PlayDapp, which suffered.
Read more »
Subscribe to: Posts (Atom)