The DEFI protocol based on Ethereum sir.trading, also known as Synthetics, has been implemented, was hacked, which caused the loss of total blocked value (TVL) -355,000 USD at the time of the attack.

Hack from March 30 was initially detected by Blockchain Security Companies Tenarmertalrt and Decut, both of which Published Warnings on X to warn the protocol users.

The founder of the protocol, known only as Xatarrer, described Hack as “the worst message that the protocol can receive [sic]”But he suggested that the team intends to maintain the protocol despite failure.

“Clever attack” targeted contract vault

Security decay described Hack as a “clever attack”, which directed the function of a feedback used in the “sensitive contract vault of the protocol”, which uses the transient storage function of Ethereum.

According to the Decierty, the attacker was able to replace the real address of the UNISWAP pool used in this return function using an address at the hacker’s control, enabling them to redirect the funds in the vault to their address. Next Tenarmertallert explained That through repeatedly calling this function of a feedback, the attacker was able to fully drain the TVL of the protocol.

Suplabsii, from Blockchain Supremacy Supremacy detail During the attack in post X, stating that he can demonstrate a security defect in the Ethereum transitional magazine.

Transitional storage was in addition to Ethereum with last year’s Dencun update. The fresh function allows for momentary storage of data leading to lower gas fees than regular storage.

According to For suplabsia, this is still a “emerging function” and the attack can be one of the first to exploit their weaknesses.

“This is not just a threat addressed to one instance uniswapv3swapcallback,” said Suplabsii.

Safety of TenMarorsecurity he said The stolen funds have now been deposited to the address financed by Ethereum private Solution Railgun. Since then, Xatarrer contacted Railgun for facilitate.

Related: DEFI hacks fall by 40% in 2024, Cefi violates the escalate to USD 694 million – Hacken

Sir.trading’s documentation It shows that he has been settled as a “new DEFI protocol for a safer lever.” The aim of the protocol was to meet some of the challenges related to crane trade, “such as the risk of distribution of variability and the risk of liquidation, which makes it safer for long -term investments.”

Although it was aimed at safer lever trade, the documentation of the protocol made alert Users who, despite the control, its smart contracts can still contain errors that can lead to financial losses – emphasizing the platform vaults as a special area of ​​susceptibility.

“Unquestioned errors or exploits in intelligent SIR contracts can lead to funds loss. They may result from the complex logic of the vault mechanics or leverage calculations, which the audits have not caught, exposing users to rare but critical failures,” the project documentation states.

Warehouse: What are native rollers? Full guide to the latest Ethereum innovations