Bitcoin
$64,224.97-1.49%
Ethereum
$3,118.86-2.68%
Binance Coin
$595.54-0.50%
Solana
$158.28+1.68%
XRP
$0.54206676-0.08%
Dogecoin
$0.15933226-5.02%
Toncoin
$5.97-2.58%
Cardano
$0.45304032-3.88%
Avalanche
$37.29-5.79%
Shiba Inu
$0.00002405-5.83%
Tron
$0.12011723-1.48%
Wrapped Bitcoin
$64,193.89-1.50%
PlayIconNav
Crypto Prices CoinDesk 20 Index CoinDesk 20 Index
Countdown to ConsensusThe largest and longest running event that covers all sides of crypto and Web3
22
DAYS
02
HR
09
MIN
58
SEC
Finance

ZkSync's Largest Lender Struck by $3.4M Exploit

EraLend said the threat has been contained, but advises against deposits.

By Oliver Knight
AccessTimeIconJul 25, 2023 at 1:34 p.m. UTC
Updated Jul 25, 2023 at 1:48 p.m. UTC
EraLend falls victim to $3.6 million exploit (Towfiqu Barbhuiya/Unsplash)
EraLend falls victim to $3.6 million exploit (Towfiqu Barbhuiya/Unsplash)
10 Years of Decentralizing the Future
May 29-31, 2024 - Austin, TexasThe biggest and most established global hub for everything crypto, blockchain and Web3.Register Now

EraLend, the largest lending protocol on Ethereum scaling blockchain zkSync, has been hit by a $3.4 million read-only reentrancy attack, according to blockchain security firm CertiK.

The total amount of capital locked on EraLend slumped to $10.75 million from $18.5 million following the exploit, DefiLlama data indicate.

VolumeMuteUnmute

Bitcoin ETFs Are Still 'Wildly Successful': Kraken Head of Strategy

  • Wormhole’s W Token Has a 999% Weekly Return; Why VanEck Is Bullish on Ethereum Layer 2s
    02:30
    Wormhole’s W Token Has a 999% Weekly Return; Why VanEck Is Bullish on Ethereum Layer 2s
  • NEAR Launches Multichain Access
    15:12
    NEAR Launches Multichain Access
  • Over $67M in Crypto Lost to Hacks and Exploits in February: Immunefi Report
    00:56
    Over $67M in Crypto Lost to Hacks and Exploits in February: Immunefi Report
  • Running With Crypto: 5 Questions With TRM Labs' Ari Redbord
    00:59
    Running With Crypto: 5 Questions With TRM Labs' Ari Redbord

    • "We've experienced a security incident on our platform today. The threat has been contained. We've suspended all borrowing operations for now and advise against depositing USDC. We're working with partners and cybersecurity firms to address this. More updates to follow," EraLend wrote in a tweet.

    A read-only reentrancy bug allows an attacker to manipulate asset prices by flooding a smart contract with repeated calls in order to steal assets.

    Decentralized finance (DeFi) protocol Conic Finance was hit by a similar attack last week with the total loss of $3.6 million.

    UPDATE (July 25, 13:50 UTC): Removes space from EraLend's name throughout.

    Edited by Sheldon Reback.


    Disclosure

    Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

    CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.

    Oliver Knight
    Oliver Knight

    Oliver Knight is a CoinDesk reporter based between London and Lisbon. He does not own any crypto.

    Follow @OKnightCrypto on Twitter

    Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.