“`html

SIR.trading Offers $100K Bounty to Hacker After Total Value Locked Exploit

Decentralized finance protocol SIR.trading, known as Synthetics Implemented Right, has issued an on-chain plea to the attacker responsible for draining its total value locked (TVL). The platform, which operates on Ethereum, is offering a $100,000 bounty in exchange for the return of the remaining funds.

On-Chain Plea to the Attacker

On March 31, Xatarrer, the anonymous creator behind SIR.trading, directly reached out to the hacker via an on-chain message. In the message, Xatarrer proposed that the attacker keep $100,000 β€” approximately 28% of the stolen funds β€” as a reward for identifying a critical vulnerability. They assured the hacker that no legal action would be pursued if the remaining funds were returned.

“If you keep 100% of the funds, there is no chance for us to survive,” Xatarrer stated.

The founder revealed that the protocol was built over four years through late-night coding sessions and personal funding of $70,000, pooled from friends and supporters. Without venture capital backing, SIR.trading had grown organically to a TVL of around $400,000 before the exploit.

Details of the Exploit

The exploit occurred on March 30, targeting a vulnerability in one of SIR.trading’s core smart contracts. The issue stemmed from a function called uniswapV3SwapCallback, located within the Vault contract. The vulnerability leveraged Ethereum’s transient storage, a feature introduced in the Dencun upgrade to reduce gas fees.

By manipulating transient storage mid-transaction, the attacker successfully overwrote security data. This allowed them to trick the smart contract into accepting a fake Uniswap pool address controlled by the hacker. As a result, the protocol’s entire TVL was drained.

What Happened to the Stolen Crypto?

According to blockchain data from Etherscan, the stolen funds have already been funneled through Railgun, a privacy protocol designed to obscure transaction trails. At the time of writing, the attacker has not responded to Xatarrer’s plea.

Plans for Recovery and Rebuilding

Despite the setback, Xatarrer has expressed hope for rebuilding the protocol. In a message to the community, the founder shared that the team is already planning their next steps to revive SIR.trading. They acknowledged the skill involved in the exploit, describing the attack as β€œalmost beautiful if it wasn’t for all the funds people lost.”

Growing Concern Over Crypto Security

The SIR.trading exploit is part of a growing trend of cryptocurrency security incidents in 2023. Last month, Starknet-based layer 2 money-market protocol zkLend suffered a major breach, losing over $9 million worth of Ethereum. February was particularly challenging for the industry, with hacks and scams resulting in losses exceeding $1.5 billion, according to blockchain security reports.

As decentralized finance continues to grow, the importance of robust security measures cannot be overstated. Investors and developers alike must remain vigilant and proactive to protect their assets and protocols.

“`

Post Views: 5