A DeFi lending protocol on zkSync, EraLend is reportedly attacked by hackers leading to loss of $3.4 million in USDC. The protocol has seen 50% decline in deposits following the hack news.
The exploit is identified as a read-only re-entrancy attack which is hard to detect. This kind of attack mostly targets protocols built with numerous functioning smart contracts.
The attacker targeted a vulnerability in EraLend’s smart contract function that controls token minting and burning functions. The vulnerability is tied to the SyncSwap, the native DEX on zkSync with the largest TVL.
EraLend’s team has announced that withdrawals from the protocol are currently disabled and urged users to not deposit assets until further updates.
“We’re actively joining forces with bridges, security teams, exchanges, and law enforcement to investigate and trace the flow of the funds,” said EraLend. “Our primary focus is on recovering the funds for our 500k protocol users. We’re also analyzing leads gathered from assisting agencies.”
This is the 3rd consecutive exploit in DeFi, as recently Aphapo’s wallets and Conic Finance have been attacked over the last 5 days.
