Cyber ​​Attacks Shake DeFi Sturdy Finance, Losses Reach 442 ETH IDR 11.8 Billion

JAKARTA - Decentralized finance (DeFi) protocol Sturdy Finance lost 442 Ether (ETH), worth nearly USD 800.000 (IDR 11.8 billion) in a cyberattack. Attackers exploiting vulnerabilities end up manipulating broken price oracles, allowing them to drain funds from the protocol.

On June 12, blockchain security firm PeckShield notified Sturdy Finance and reported transactions related to price manipulation. Nearly an hour later, the DeFi protocol said they were aware of the attack and responded by halting all their marketplaces and assuring their users that no additional funds were at risk.

"We are aware of an attack on the Sturdy protocol. All markets have been stopped; no additional funds are at risk and no action is required from users at this time. We will share more information as soon as we have it," read a tweet from Sturdy (@SturdyFinance) on June 12, 2023.

Despite a quick response from the DeFi lending platform, PeckShield confirmed that the attackers managed to transfer nearly 800,000 US dollars in ETH to cryptocurrency mixer service Tornado Cash. The security firm also notes that the "root cause" of these attacks is a corrupted price oracle.

Additionally, blockchain security firm BlockSec highlighted that the attack was carried out via reentrancy attacks, which is a common method used by hackers to withdraw funds from DeFi protocols.

Through this method, hackers take advantage of the ability to call functions repeatedly in one transaction before the initial function call is complete. With this, hackers can withdraw more funds than they should.

Meanwhile, scammers managed to take over the Twitter accounts of eight prominent crypto community members and promote crypto scams. According to blockchain detective ZachXBT, fraudsters have stolen nearly $1 million in crypto after seizing control of the accounts of popular DJ Steve Aoki, Pudgy Penguins founder Cole Villemain, and even crypto advocate Peter Schiff.

In other news, the United States Department of Justice recently prosecuted two men allegedly involved in the Mt. Gox. According to the department, Alexey Bilyuchenko (43 years) and Aleksandr Verner (29 years) are suspected of stealing and conspiring to launder 647.000 Bitcoins (BTC).