ARB
by BSCN
April 5, 2023
The Sentiment team has confirmed the attack, paused the main contract, and implemented a fix for the vulnerability with the help of third-party security auditors.
Sentiment liquidity protocol on the Arbitrum blockchain was hacked on April 4 for almost $1 million in various tokens, including wrapped Bitcoin and Ether.
The Sentiment team members confirmed the attack, affirming about unusual borrowing activity identified as a malicious exploit. In order to deal with the situation, the team paused the main contract and disabled all functionality except withdrawals.
The attacker apparently stole the tokens via a re-entrance vulnerability and then switched them to the Ethereum chain. As CertiK points out, the fundamental reason is Balancer's read-only reentry.
The price oracle used to determine the price is based on the asset balances in the pool and the total amount of LP tokens. As reported, by using the Balancer vault's 'joinPool' function, the exploiter increased the overall supply of the LP coin by 606 WBTC, 10,000 WETH, and 18 million USDC. The funds were then withdrawn using exitPool(), which sent 606.8 WBTC, 1,000 ETH, and 17.9 million USDC sequentially.
A fallback function reduces demand, but the pool balances of WBTC, WETH, and USDC remain the same, so the price is tilted, allowing the attacker to borrow many assets at the slanted price.
Sentiment is now examining the protocol’s stolen cash. In addition, the team is working with law enforcement to identify the hacker and recover the funds.
In collaboration with third-party security auditors, the Sentiment team released a fix resolving the vulnerability, allowing users to repay debts and unwind their positions.
Sentiment also sent a message to the hacker, offering to let them keep 10% of the stolen funds as a bounty if they returned the rest. In the letter, the company promised a $95,000 payment if the assets were returned before 8 a.m. UTC on April 6.
In the event the prize is not returned, Sentiment will distribute it to those who provide information about the hacker. The liquidity protocol on Arbitrum was audited by two crypto security firms before.
Sentiment has a total locked volume (TVL) of $5.8 million, down from $10.76 million on April 4.
Sentiment is a liquidity protocol that enables permissionless undercollateralized borrowing on chain. This protocol aims to address capital inefficiencies in DeFi by offering a primitive-based solution for permissionless, undercollaterated on-chain credit. By implementing onchain hypothecation, Sentiment mitigates the challenge of widespread counterparty risk.
Learn more about Sentiment:
Latest News
9h : 1m ago
Thailand Explores Bitcoin Pilot Project in Phuket to Boost Tourism
11h : 1m ago
FLOKI DAO Proposes Launch of Europe-Based ETP on SIX Swiss Exchange
December 25, 2024
Binance's 63rd Launchpool Project: What is Bio Protocol (BIO)?
December 25, 2024
Crypto Adoption in South Korea Reaches Over 30% of the Population: Report
December 24, 2024
Binance Labs’ New Investment: What is Usual?
December 24, 2024
Crypto.com Launches U.S. Institutional Cryptocurrency Custody Service
December 23, 2024
Shiba Inu Ecosystem and Turbo Memecoin Adopt Cross-Chain Token Standard with Chainlink CCIP
December 23, 2024
VanEck Predicts Strategic Bitcoin Reserve Could Offset $42T of U.S. Debt by 2049