News Business News Report
July 25, 2023

Crypto Lending Protocol EraLend Loses $3.4M in zkSync Exploit

EraLend, the crypto lending protocol on zkSync, today experienced an exploit that resulted in a total loss of $3.4 million, according to smart contract audit service provider, BlockSec

Crypto Lending Protocol EraLend Loses $3.4M in zkSync Exploit

The EraLend team said that the threat has been contained and all borrowing operations have been suspended for now. Users are advised against depositing USDC into EraLend.

Twitter user Saul noted that some of Overnight.fi’s USD+ backing on zkSync is EraLend and urged users to sell their USD+ if they have any on zkSync. Saul said that the exploit was likely caused by EraLend allowing Liquidity Pools (LP) as collateral. 

According to Saul’s calculations, Overnight.fi held 786,162 USDC in EraLend and borrowed around 283.0596 ETH ($524,509). This resulted in a potential maximum loss of $261,652. Considering USD+’s supply of 3,330,769, the maximum loss would be approximately 7.86%.

In a Discord message to users, Overnight.fi assured users that most of its assets are outside of EraLend and that it has paused USD+ on zkSync. The platform is working wth EraLend on recovering users’ funds.

Peckshield, a leading blockchain security and data analytics company, confirmed a price oracle issue that has impacted LP token pricing. The exploit was triggered by a reentrancy problem, leading to inconsistencies in the swap pool state. The price oracle, a critical tool responsible for determining current market prices, faced disruptions in its calculations due to this issue. Consequently, the program’s ability to track user transactions through the swap pool state exhibited irregularities.

“In the syncswap LP tokens, one can burn, then callback before update_reserves is called. So the oracle uses an incorrect reserves value to calculate the price, resulting in an inflating oracle price,” Crypto Twitter influencer spreekaway explained. BlockSec alerted users to be vigilant when using the callback and update reserves SyncSwap code.

EraLend confirmed that only USDC was affected by the exploit and all other assets remain secure. The team will provide updates to the community as more information becomes available. 

Disclaimer

In line with the Trust Project guidelines, please note that the information provided on this page is not intended to be and should not be interpreted as legal, tax, investment, financial, or any other form of advice. It is important to only invest what you can afford to lose and to seek independent financial advice if you have any doubts. For further information, we suggest referring to the terms and conditions as well as the help and support pages provided by the issuer or advertiser. MetaversePost is committed to accurate, unbiased reporting, but market conditions are subject to change without notice.

About The Author

Cindy is a journalist at Metaverse Post, covering topics related to web3, NFT, metaverse and AI, with a focus on interviews with Web3 industry players. She has spoken to over 30 C-level execs and counting, bringing their valuable insights to readers. Originally from Singapore, Cindy is now based in Tbilisi, Georgia. She holds a Bachelor's degree in Communications & Media Studies from the University of South Australia and has a decade of experience in journalism and writing. Get in touch with her via [email protected] with press pitches, announcements and interview opportunities.

More articles
Cindy Tan
Cindy Tan

Cindy is a journalist at Metaverse Post, covering topics related to web3, NFT, metaverse and AI, with a focus on interviews with Web3 industry players. She has spoken to over 30 C-level execs and counting, bringing their valuable insights to readers. Originally from Singapore, Cindy is now based in Tbilisi, Georgia. She holds a Bachelor's degree in Communications & Media Studies from the University of South Australia and has a decade of experience in journalism and writing. Get in touch with her via [email protected] with press pitches, announcements and interview opportunities.

Hot Stories
Join Our Newsletter.
Latest News

AI in Crypto

Explore the ever-evolving realm of artificial intelligence within the cryptocurrency sphere. Discover the transformative impact of AI ...

Know More

Exploring Blockchain Gaming: Recap of 2023 and Sneak Peek into 2024

Footprint Analytics' report analyzes the performance data of blockchain gaming in 2023 and discusses potential trends for ...

Know More
Join Our Innovative Tech Community
Read More
Read more
Bebop Enhances Crypto Trading App and API Suite, Expands to BNB Chain Surpassing $500M in Settled Volume
Business News Report
Bebop Enhances Crypto Trading App and API Suite, Expands to BNB Chain Surpassing $500M in Settled Volume
February 22, 2024
BNB Chain 2023 Overview: Reduction in Crypto Losses While DeFi, DePin and AI+Web3 Rise 
Business News Report
BNB Chain 2023 Overview: Reduction in Crypto Losses While DeFi, DePin and AI+Web3 Rise 
February 22, 2024
Cronos Labs Releases Cronos zkEVM Lightpaper, Mainnet Launch Planned for June
News Report Technology
Cronos Labs Releases Cronos zkEVM Lightpaper, Mainnet Launch Planned for June
February 22, 2024
Staking Emerges as Top Activity Among Singapore Crypto Users: Coinbase Report
Markets News Report
Staking Emerges as Top Activity Among Singapore Crypto Users: Coinbase Report
February 22, 2024
What You
Need to Know

Subscribe To Our Newsletter.
Daily search marketing tidbits for savvy pros.