- A hacker drained $355000 from SIR.trading by exploiting a security flaw in its Vault contract.
- The attack used Ethereum’s transient storage feature to repeatedly withdraw funds from the protocol.
- The stolen funds were moved to Railgun and recovery remains uncertain as security concerns grow in DeFi.
Ethereum-based decentralized finance (DeFi) protocol SIR.trading has been hacked, resulting in the complete loss of its total value locked (TVL). The attacker drained approximately $355,000 from the platform on March 30. Blockchain security firms TenArmorAlert and Decurity detected the breach and issued warnings to users.
Attack Exploited a Vulnerable Callback Function
According to Decurity, the attack targeted a vulnerability in the protocol’s Vault contract. The hacker manipulated a callback function that relied on Ethereum’s transient storage. By replacing the legitimate Uniswap pool address with a controlled address, the attacker redirected funds to their own wallet. TenArmorAlert reported that the attacker executed this callback function repeatedly to drain all available assets.
Security Experts Warn of Emerging Risks in Transient Storage
Blockchain security researcher SupLabsYi analyzed the breach and suggested that it could expose a broader security flaw in Ethereum’s transient storage. This feature, introduced in the Dencun upgrade, was designed to reduce gas fees through temporary data storage. However, experts now warn that it could introduce new vulnerabilities that attackers might exploit.
Funds Laundered Through Privacy Solution Railgun
After the attack, the stolen funds were transferred to an address linked to Railgun, a privacy-enhancing Ethereum solution. The protocol’s founder, known as Xatarrer, reached out to Railgun for assistance in tracking and recovering the stolen assets. However, the likelihood of retrieval remains uncertain.
Protocol’s Security Warnings Proved Accurate
SIR.trading marketed itself as a safer option for leveraged trading by addressing risks such as volatility decay and liquidation. However, its documentation warned users about potential security flaws, even after audits. It specifically mentioned vulnerabilities in the Vault contract, which ultimately became the target of the attack.
Community Concerns Over DeFi Security Intensify
The breach has raised concerns about security measures in DeFi protocols, particularly those using newer Ethereum features. Developers and security analysts are now assessing whether other platforms could face similar risks. The incident highlights the importance of rigorous security testing before deploying smart contracts.
Despite the financial loss, the team behind SIR.trading has indicated an intent to continue operations. However, the attack has significantly impacted user confidence. The protocol’s future now depends on whether it can rebuild trust and implement stronger security measures.
Earn more PRC tokens by sharing this post. Copy and paste the URL below and share to friends, when they click and visit Parrot Coin website you earn: https://parrotcoin.net0
PRC Comment Policy
Your comments MUST BE constructive with vivid and clear suggestion relating to the post.
Your comments MUST NOT be less than 5 words.
Do NOT in any way copy/duplicate or transmit another members comment and paste to earn. Members who indulge themselves copying and duplicating comments, their earnings would be wiped out totally as a warning and Account deactivated if the user continue the act.
Parrot Coin does not pay for exclamatory comments Such as hahaha, nice one, wow, congrats, lmao, lol, etc are strictly forbidden and disallowed. Kindly adhere to this rule.
Constructive REPLY to comments is allowed