News Business News Report
July 25, 2023

Crypto Lending Protocol EraLend Loses $3.4M in zkSync Exploit

In Brief

EraLend was exploited on zkSync resulting in a total loss of $3.4 million.

The EraLend team said that the threat has been contained and all borrowing operations have been suspended for now.

Users are advised against depositing USDC into EraLend.

EraLend, the crypto lending protocol on zkSync, today experienced an exploit that resulted in a total loss of $3.4 million, according to smart contract audit service provider, BlockSec

Crypto Lending Protocol EraLend Loses $3.4M in zkSync Exploit

The EraLend team said that the threat has been contained and all borrowing operations have been suspended for now. Users are advised against depositing USDC into EraLend.

Twitter user Saul noted that some of Overnight.fi’s USD+ backing on zkSync is EraLend and urged users to sell their USD+ if they have any on zkSync. Saul said that the exploit was likely caused by EraLend allowing Liquidity Pools (LP) as collateral. 

According to Saul’s calculations, Overnight.fi held 786,162 USDC in EraLend and borrowed around 283.0596 ETH ($524,509). This resulted in a potential maximum loss of $261,652. Considering USD+’s supply of 3,330,769, the maximum loss would be approximately 7.86%.

In a Discord message to users, Overnight.fi assured users that most of its assets are outside of EraLend and that it has paused USD+ on zkSync. The platform is working wth EraLend on recovering users’ funds.

Peckshield, a leading blockchain security and data analytics company, confirmed a price oracle issue that has impacted LP token pricing. The exploit was triggered by a reentrancy problem, leading to inconsistencies in the swap pool state. The price oracle, a critical tool responsible for determining current market prices, faced disruptions in its calculations due to this issue. Consequently, the program’s ability to track user transactions through the swap pool state exhibited irregularities.

“In the syncswap LP tokens, one can burn, then callback before update_reserves is called. So the oracle uses an incorrect reserves value to calculate the price, resulting in an inflating oracle price,” Crypto Twitter influencer spreekaway explained. BlockSec alerted users to be vigilant when using the callback and update reserves SyncSwap code.

EraLend confirmed that only USDC was affected by the exploit and all other assets remain secure. The team will provide updates to the community as more information becomes available. 

Disclaimer

In line with the Trust Project guidelines, please note that the information provided on this page is not intended to be and should not be interpreted as legal, tax, investment, financial, or any other form of advice. It is important to only invest what you can afford to lose and to seek independent financial advice if you have any doubts. For further information, we suggest referring to the terms and conditions as well as the help and support pages provided by the issuer or advertiser. MetaversePost is committed to accurate, unbiased reporting, but market conditions are subject to change without notice.

About The Author

Cindy is a journalist at Metaverse Post, covering topics related to web3, NFT, metaverse and AI, with a focus on interviews with Web3 industry players. She has spoken to over 30 C-level execs and counting, bringing their valuable insights to readers. Originally from Singapore, Cindy is now based in Tbilisi, Georgia. She holds a Bachelor's degree in Communications & Media Studies from the University of South Australia and has a decade of experience in journalism and writing. Get in touch with her via [email protected] with press pitches, announcements and interview opportunities.

More articles
Cindy Tan
Cindy Tan

Cindy is a journalist at Metaverse Post, covering topics related to web3, NFT, metaverse and AI, with a focus on interviews with Web3 industry players. She has spoken to over 30 C-level execs and counting, bringing their valuable insights to readers. Originally from Singapore, Cindy is now based in Tbilisi, Georgia. She holds a Bachelor's degree in Communications & Media Studies from the University of South Australia and has a decade of experience in journalism and writing. Get in touch with her via [email protected] with press pitches, announcements and interview opportunities.

Hot Stories

Missed Bitcoin’s Rise? Here’s What You Should Know

by Victoria d'Este
December 20, 2024
Join Our Newsletter.
Latest News

From Ripple to The Big Green DAO: How Cryptocurrency Projects Contribute to Charity

Let's explore initiatives harnessing the potential of digital currencies for charitable causes.

Know More

AlphaFold 3, Med-Gemini, and others: The Way AI Transforms Healthcare in 2024

AI manifests in various ways in healthcare, from uncovering new genetic correlations to empowering robotic surgical systems ...

Know More
Read More
Read more
Transak Increases Accessibility To Memecoins By Listing 11 New Tokens
Markets News Report Technology
Transak Increases Accessibility To Memecoins By Listing 11 New Tokens
December 20, 2024
Missed Bitcoin’s Rise? Here’s What You Should Know
Opinion Business Markets Technology
Missed Bitcoin’s Rise? Here’s What You Should Know
December 20, 2024
The Explosive Rise of Crypto Theft in 2024 with North Korea Leading the Charge
Opinion Business Markets Software Technology
The Explosive Rise of Crypto Theft in 2024 with North Korea Leading the Charge
December 20, 2024
Multiple Network Unveils Brand Upgrade, Focusing On Privacy Protection And Data Acceleration 
News Report Technology
Multiple Network Unveils Brand Upgrade, Focusing On Privacy Protection And Data Acceleration 
December 20, 2024