Decentralized crypto lender, EraLend has endured a $3.4 million hack on its network. In a Tuesday Twitter post, EraLend confirmed the breach and vowed to commence full investigations immediately. The attacker reportedly exploited a read-only reentrancy vulnerability in the project’s network to steal the funds.
Occasioned by the vulnerability, the attacker withdrew more than the required funds within a single transaction. Also, the hacker, as reported, also leverage the faulty price oracle operated by EraLend to aid the attack on the network.
EraLend suspends lending operations on its network
Meanwhile, EraLend assured users that it has curtailed the attack and stressed that the exploitation only affected its USDC pool. Its team added that it has temporarily suspended lending operations on the network and urged users to avoid depositing USDC for now. Also, EraLend wants to launch a full investigation into circumstances that led to the breach.
Worth noting that EraLend, with this breach, joins the list of DeFi firms that have suffered exploitations on their networks. Earlier, a South Korean-based crypto exchange, GDAC witnessed a similar exploitation on its hot wallet. Then, the exchange said the attacker stole about $13.1 million worth of Bitcoin, Ethereum, Wemix, and USDT. It also added that the attacker transferred the stolen funds to an unknown wallet.
Also in March, the CEO of Safemoon, John Karony confirmed the exploitation of the protocol’s liquidity pool. In the hack, attackers withdrew 27,000 BNB worth $9 million from the pool by leveraging a bug in Safemoon’s smart contract. Just like EraLend, attackers also exploited the Poly network and swapped about 5,196 Ethereum amounting to $10 million. The attackers reportedly compromised the vulnerability of the smart contract to steal the funds. This vulnerability allowed the hacker to design dubious parameters containing a malicious validator, thereby evading the verification process.
Bitrue is also spared from the alarming rate of exploitations in the industry. Then, the attack stole $23 million worth of assets from its hot wallet. Some of the assets stolen from the exchange during the exploitation include ETH, QNT, GALA, SHIB, HOT, and MATIC. With the latest attack unfolding on EraLend, it is pertinent that DeFi platforms improve their security mechanisms.