DeFi Protocol SIR.trading Suffers Catastrophic Hack, Losing Entire $355,000 TVL
SIR.trading, an Ethereum-based decentralized finance (DeFi) protocol also known as Synthetics Implemented Right, has fallen victim to a devastating hack, resulting in the complete loss of its total value locked (TVL), which stood at $355,000 at the time of the attack.
The breach, detected earlier today, has sent shockwaves through the DeFi community, with security experts suggesting it may be one of the first real-world exploits targeting Ethereum’s recently introduced transient storage feature.
Blockchain Security Firms Flag Malicious Activity on SIR.trading Protocol
Blockchain security companies Ten ArmorAlert and Decurity first discovered the hack; they immediately sent warnings on X to notify consumers and the larger crypto community about the continuous attack on the SIR trading platform. These warnings were absolutely vital in spreading knowledge about the exploit as it developed.
SIR.trading’s Founder Expresses Devastation but Hints at Potential Path Forward
Acknowledging the seriousness of the issue, Xatarrer—pseudonymous creator of SIR.trading—described it as “the worst news a protocol could receive [sic]” Xatarrer said the team plans to investigate choices for the future of the protocol despite the major financial loss, implying a possible will to keep on despite the present difficulties.
Ten Armor Security said that the money taken from SIR.trading has been placed into an address paid for by Ethereum privacy solution Railgun. Xatarrer has allegedly contacted Railgun for help in an attempt to maybe recover the lost assets.
“Clever Attack” Exploited Callback Function in Vulnerable Contract Vault
Decurity claims that the assault was a “clever” exploitation aiming at SIR.trading’s “vulnerable contract Vault’s callback function.” This vault apparently used Ethereum’s temporary storage capability. The assailant was able to substitute the authorized Uniswap pool address utilized in this callback process with an under control address.
This let the hacker channel the money kept in the vault to their own address. Ten ArmorAlert went on to say that the assailant methodically drained the entire $355,000 TVL by calling this hacked callback function over and over.
Potential Security Flaw in Ethereum’s Transient Storage Under Scrutiny
Deeper into the technical elements of the attack on X, SupLabsYi, a security specialist from the blockchain security company Supremacy, speculated that it would reveal a possible security flaw within Ethereum’s temporary storage. Introduced after Ethereum’s Dencun hard fork in the last year, this capability provides temporary data storage with the advantage of cheaper gas costs than standard storage. According to SupLabsYi, temporary storage is still a “nascent feature,” hence this attack might be among the first ones used in a practical environment. The specialist underlined that this poses not only a threat to a single instance of the uniswapV3SwapCallback function but also could have more general consequences for other protocols using transitory storage.
SIR.trading Aimed for “Safer Leverage” but Acknowledged Smart Contract Risks
The protocol was defined in SIR.trading’s own material as a “new DeFi protocol for safer leverage.” With an eye toward making it safer for long-term investors, it sought to solve typical problems with leveraged trading, including volatility decay and liquidation risks.
But the protocol’s documentation also provided clear cautions to consumers on the inherent dangers connected to smart contracts. It underlined especially the possible vulnerability of its vaults, warning that the contracts could still have undisclosed flaws or vulnerabilities that could result in financial losses even during audits.
ABOUT THE AUTHOR
See More
Sidebar rates
Related Posts
Save
Join 350 000+ traders receiving Free Trading Signals
Alerts
Rates
Calendar
Signals