Close Menu
    Ethereum

    Base blockchain exploit leads to $1M theft — Cyvers Alerts

    By No Comments2 Mins Read

    30s Summary

    A hacker has stolen around $1 million from the Base blockchain, exploiting a flaw in Wrapped Ether’s smart contracts to manipulate prices. The theft was discovered by blockchain security firm Cyvers Alerts, who traced funds siphoned from unverified lending contracts to the Ethereum network. Cyvers’ Hakan Unal blamed the vulnerable theft on the weak oracle used by these contracts and lack of appropriate security measures. Unal recommended better data oracles and higher safeguards against price manipulations for DeFi platforms to prevent future attacks.

    Full Article

    There’s been an incident of theft on the Base blockchain, with around $1 million stolen. This happened over a few hours and was called out by Cyvers Alerts, a blockchain security company, on an X post dated Oct. 25.

    The culprit took advantage of a flaw in the smart contracts tied to Wrapped Ether (WETH). They successfully altered the price and drained the cash.

    The thief started by extracting $993,534 from unverified lending deals on the Base blockchain. They then shifted most of this stolen money to the Ethereum network and deposited about $202,549 into the privacy-minded Tornado Cash service. In the same way, additional funds worth $455,127 were stolen.

    Hakan Unal, a senior authority at Cyvers Alerts, made it clear during a Q&A with Cointelegraph that the attack happened due to a weak oracle used by these contracts. With a limited liquidity of around $400K, it was easy for the thief to manipulate the price.

    This incident brings to light the broader risks linked with decentralized finance (DeFi) platforms that don’t have solid security measures in place. Unal suggested that using an oracle with higher liquidity and greater reliability can help avoid price manipulation and prevent similar attacks in the future.

    When asked about who should be held responsible for this exploit, Unal shared that the thief managed to escape and hinted at the potentially weak security measures taken by the managers of these unverified lending contracts. The choice of an insecure oracle for price verification could also be to blame here.

    Regrettably, the thief remains unnamed and has successfully run off with the stolen cash. This incident underscores the importance of DeFi platforms stepping up their security protocols to safeguard user funds and ensure contract verification to prevent such incidents in the future.

    Source: Cointelegraph

    Related Posts