CaryptosHeadlines Media Has Launched Its Native Token CHT.
Airdrop Is Live For Everyone, Claim Instant 5000 CHT Tokens Worth Of $50 USDT.
Join the Airdrop at the official website,
CryptosHeadlinesToken.com
- A hacker drained $355000 from SIR.trading by exploiting a security flaw in its Vault contract.
- The attack used Ethereum’s transient storage feature to repeatedly withdraw funds from the protocol.
- The stolen funds were moved to Railgun and recovery remains uncertain as security concerns grow in DeFi.
Ethereum-based decentralized finance (DeFi) protocol SIR.trading has been hacked, resulting in the complete loss of its total value locked (TVL). The attacker drained approximately $355,000 from the platform on March 30. Blockchain security firms TenArmorAlert and Decurity detected the breach and issued warnings to users.
Attack Exploited a Vulnerable Callback Function
According to Decurity, the attack targeted a vulnerability in the protocol’s Vault contract. The hacker manipulated a callback function that relied on Ethereum’s transient storage. By replacing the legitimate Uniswap pool address with a controlled address, the attacker redirected funds to their own wallet. TenArmorAlert reported that the attacker executed this callback function repeatedly to drain all available assets.
Security Experts Warn of Emerging Risks in Transient Storage
Blockchain security researcher SupLabsYi analyzed the breach and suggested that it could expose a broader security flaw in Ethereum’s transient storage. This feature, introduced in the Dencun upgrade, was designed to reduce gas fees through temporary data storage. However, experts now warn that it could introduce new vulnerabilities that attackers might exploit.
Funds Laundered Through Privacy Solution Railgun
After the attack, the stolen funds were transferred to an address linked to Railgun, a privacy-enhancing Ethereum solution. The protocol’s founder, known as Xatarrer, reached out to Railgun for assistance in tracking and recovering the stolen assets. However, the likelihood of retrieval remains uncertain.
Protocol’s Security Warnings Proved Accurate
SIR.trading marketed itself as a safer option for leveraged trading by addressing risks such as volatility decay and liquidation. However, its documentation warned users about potential security flaws, even after audits. It specifically mentioned vulnerabilities in the Vault contract, which ultimately became the target of the attack.
Community Concerns Over DeFi Security Intensify
The breach has raised concerns about security measures in DeFi protocols, particularly those using newer Ethereum features. Developers and security analysts are now assessing whether other platforms could face similar risks. The incident highlights the importance of rigorous security testing before deploying smart contracts.
Despite the financial loss, the team behind SIR.trading has indicated an intent to continue operations. However, the attack has significantly impacted user confidence. The protocol’s future now depends on whether it can rebuild trust and implement stronger security measures.
