HomeSecurity OperationsSlow fog cosine: zkLend was compromised by a vulnerability in the safeMath...

Slow fog cosine: zkLend was compromised by a vulnerability in the safeMath library, potentially tied to the EraLend hacking event

Published on

spot_img

The lending protocol zkLend on the Starknet chain fell victim to a hack on February 12, resulting in losses of more than $9.5 million, as reported by ChainCatcher news. According to Yu Xian, the founder of Slow Mist, the attack was made possible due to a flaw in the safeMath library used by the market contract, which employed direct division for calculations. This error resulted in a rounding issue in the number of zTokens that needed to be burned during withdrawals, allowing the attacker to exploit the vulnerability for financial gain.

Following the hack, on-chain data revealed that the attacker’s address had been active for 235 days and had engaged with various platforms, including Binance. The stolen funds were subsequently transferred across different chains, with the majority ending up on the Ethereum network. Yu Xian further disclosed that through tracking the associated Starknet addresses, it was uncovered that the same attacker was also involved in the hacking incident of EraLend on July 25, 2023.

The incident serves as a stark reminder for individuals to approach blockchain technology with a rational mindset, increase their awareness of risks, and exercise caution when dealing with virtual token issuances and speculative activities. ChainCatcher emphasizes that all information provided on their platform is solely for informational purposes or represents the opinions of related parties, and should not be considered as investment advice. Should any sensitive information be identified, users are encouraged to report it promptly for appropriate action to be taken.

Furthermore, this event underscores the importance of ensuring the security and robustness of smart contracts and protocols on decentralized platforms. Developers and stakeholders within the blockchain ecosystem are urged to conduct thorough audits, implement stringent security measures, and remain vigilant against potential vulnerabilities that could be exploited by malicious actors.

In light of this breach, industry experts are advocating for greater collaboration and information sharing within the blockchain community to strengthen defenses against cyber threats and safeguard the integrity of decentralized systems. By fostering a culture of transparency, accountability, and continuous improvement, the industry can collectively work towards mitigating risks and enhancing the resilience of the blockchain ecosystem.

As the investigation into the zkLend hack continues and efforts are made to recover the stolen funds, the incident serves as a sobering reminder of the ongoing challenges and vulnerabilities inherent in the blockchain space. It underscores the need for proactive measures to reinforce security standards, promote best practices, and uphold the trust and confidence of stakeholders in the decentralized financial landscape.

Source link

Latest articles

CERT-In Releases Warning About Increasing Vulnerabilities in Technosoft

The critical vulnerability note issued by the Indian Computer Emergency Response Team (CERT-In) regarding...

AI development pipeline attacks increase software supply chain risk for CISOs

In today's rapidly evolving technology landscape, the incorporation of AI components such as LLM...

SWE Diverse Podcast Ep 241: Advocating for Inclusion With Global Activist-Scholar Morénike Giwa Onaiwu

In a recent episode of the SWE Diverse Podcast, global activist-scholar Morénike Giwa Onaiwu...

Mumbai woman falls victim to ₹20.25 crore digital fraud connected to Aadhaar misuse threat | Latest News India

An elderly woman in Mumbai fell victim to a cyber fraud and digital arrest...

More like this

CERT-In Releases Warning About Increasing Vulnerabilities in Technosoft

The critical vulnerability note issued by the Indian Computer Emergency Response Team (CERT-In) regarding...

AI development pipeline attacks increase software supply chain risk for CISOs

In today's rapidly evolving technology landscape, the incorporation of AI components such as LLM...

SWE Diverse Podcast Ep 241: Advocating for Inclusion With Global Activist-Scholar Morénike Giwa Onaiwu

In a recent episode of the SWE Diverse Podcast, global activist-scholar Morénike Giwa Onaiwu...