🎁 Exclusive offer: Get EXTRA Bits and Celebrate Bybit's 6th Birthday With $2.2M Prize Pool. Act Now!

Lending Protocol Sentiment Losses over 500,000 USDC in a Recent Hack

Lending Protocol Sentiment Losses over 500,000 USDC in a Recent Hack

The crypto industry gets hit with yet another hack.

On April 4th, lending protocol Sentiment appears to have fallen victim to a security breach, leading to the loss of more than $500,000 in cryptocurrency.

The exploit, which involved the transfer of 536,738.410031 USD Coin (USDC) from the Synapse Bridge, can be traced back to a series of Arbitrum transactions that drained funds from Sentiment.

What is a Liquidity Pool in Crypto? (Animated)

Did you know?

Want to get smarter & wealthier with crypto?

Subscribe - We publish new crypto explainer videos every week!

Arbiscan has identified the wallet responsible for the attack as "Sentimentxyz Exploiter."

Following the news about a possible exploit, Sentiment took to Twitter to confirm that the company was aware of the hack.

The Sentiment team has recently been made aware of a potential issue concerning the Sentiment protocol. We are actively looking into the situation and will provide additional information momentarily.

Twitter users, dubbed Officer's Notes and FrankResearcher, have suggested the possibility of a reentrancy attack

Almost ten hours after the initial message, the Sentiment shared a Twitter thread revealing the steps it took to fix any vulnerabilities and investigate the exploit. Sentiment claimed that although the company shortly "paused Sentiment's main contract," its customers can now "repay debts and unwind their positions."

On top of that, the firm highlighted that it will continue to work with "law enforcement and close contributors to identify the hacker."

It is believed that the attacker might have gained access to the protocol's deployer key. Initially, the attacker deployed a contract on the Arbitrum network and subsequently called the "run" function on the contract.

This initial attempt failed, resulting in a "Fail with error 'BAL#420" message. The attacker then successfully executed the "self-destruct" function on the contract, erasing its code from the blockchain.

The attacker proceeded to redeploy the contract and call the "run" function again. This time, the function call succeeded, causing the contract to carry out multiple transactions. One of these transactions modified the admin settings for a BeaconProxy contract.

After the contract upgrade, the malicious smart contract granted the attacker permission to transfer various tokens, resulting in a significant loss for the protocol. The stolen funds were exchanged and moved via the Synapse bridge to the Ethereum network.

Upon completing these transactions, the attacker once again destroyed the contract code.

Gile K. Market Sentiment Analyst
Gile is a Market Sentiment Analyst who understands what public events may form what emotions. Her experience researching Web3 news and public market messages – including cryptocurrency news reports, PRs, and social network streams – is critical to her role in helping lead the Crypto News Editorial Team.
As an intelligent professional in public relations, together with the team, she aims to determine real VS fake news patterns, and bring her findings to anyone searching for unbiased news and events happening in the FinTech markets. Her expertise is uncovering the latest trustworthy & informative Web3 announcements to the masses.
When she's not researching the trustworthiness of mainstream stories, she spends time enjoying her terrace view and taking meticulous care of her outdoor environment.

Loading...
Bybit
×
Verified

$30,000 IN REWARDS

Bybit Black Friday Deal
5.0 Rating