HomeSecurity OperationsSlow fog cosine: zkLend was compromised by a vulnerability in the safeMath...

Slow fog cosine: zkLend was compromised by a vulnerability in the safeMath library, potentially tied to the EraLend hacking event

Published on

spot_img

The lending protocol zkLend on the Starknet chain fell victim to a hack on February 12, resulting in losses of more than $9.5 million, as reported by ChainCatcher news. According to Yu Xian, the founder of Slow Mist, the attack was made possible due to a flaw in the safeMath library used by the market contract, which employed direct division for calculations. This error resulted in a rounding issue in the number of zTokens that needed to be burned during withdrawals, allowing the attacker to exploit the vulnerability for financial gain.

Following the hack, on-chain data revealed that the attacker’s address had been active for 235 days and had engaged with various platforms, including Binance. The stolen funds were subsequently transferred across different chains, with the majority ending up on the Ethereum network. Yu Xian further disclosed that through tracking the associated Starknet addresses, it was uncovered that the same attacker was also involved in the hacking incident of EraLend on July 25, 2023.

The incident serves as a stark reminder for individuals to approach blockchain technology with a rational mindset, increase their awareness of risks, and exercise caution when dealing with virtual token issuances and speculative activities. ChainCatcher emphasizes that all information provided on their platform is solely for informational purposes or represents the opinions of related parties, and should not be considered as investment advice. Should any sensitive information be identified, users are encouraged to report it promptly for appropriate action to be taken.

Furthermore, this event underscores the importance of ensuring the security and robustness of smart contracts and protocols on decentralized platforms. Developers and stakeholders within the blockchain ecosystem are urged to conduct thorough audits, implement stringent security measures, and remain vigilant against potential vulnerabilities that could be exploited by malicious actors.

In light of this breach, industry experts are advocating for greater collaboration and information sharing within the blockchain community to strengthen defenses against cyber threats and safeguard the integrity of decentralized systems. By fostering a culture of transparency, accountability, and continuous improvement, the industry can collectively work towards mitigating risks and enhancing the resilience of the blockchain ecosystem.

As the investigation into the zkLend hack continues and efforts are made to recover the stolen funds, the incident serves as a sobering reminder of the ongoing challenges and vulnerabilities inherent in the blockchain space. It underscores the need for proactive measures to reinforce security standards, promote best practices, and uphold the trust and confidence of stakeholders in the decentralized financial landscape.

Source link

Latest articles

The Cyber Insurance Conundrum by Cyber Defense Magazine

Cybersecurity teams, under the guidance of Chief Information Security Officers (CISOs), are facing constant...

Live Ransomware Demo: Witness Hackers Breaching Networks and Demanding Ransom

The evolution of cyber threats continues to present challenges for individuals and organizations alike....

Malicious PyPI Packages Stole Cloud Tokens—Over 14,100 Downloads Before Removal from thehackernews.com

A recent cybersecurity threat has been identified by researchers targeting users of the Python...

Measuring Cyber Risk Strategies for CFOs and Boards

In a recent interview conducted by Help Net Security, Mir Kashifuddin, Data Risk &...

More like this

The Cyber Insurance Conundrum by Cyber Defense Magazine

Cybersecurity teams, under the guidance of Chief Information Security Officers (CISOs), are facing constant...

Live Ransomware Demo: Witness Hackers Breaching Networks and Demanding Ransom

The evolution of cyber threats continues to present challenges for individuals and organizations alike....

Malicious PyPI Packages Stole Cloud Tokens—Over 14,100 Downloads Before Removal from thehackernews.com

A recent cybersecurity threat has been identified by researchers targeting users of the Python...