{"id":126116,"date":"2025-03-31T03:16:32","date_gmt":"2025-03-31T03:16:32","guid":{"rendered":"http:\/\/cryptospotters.net\/?p=126116"},"modified":"2025-03-31T03:16:32","modified_gmt":"2025-03-31T03:16:32","slug":"defi-protocol-sir-trading-loses-entire-355k-tvl-in-worst-news-possible","status":"publish","type":"post","link":"http:\/\/cryptospotters.net\/?p=126116","title":{"rendered":"DeFi protocol SIR.trading loses entire $355K TVL in \u2018worst news\u2019 possible"},"content":{"rendered":"<p>Source: Cointelegraph.com NewsEthereum-based DeFi protocol SIR.trading, also known as Synthetics Implemented Right, has been hacked, resulting in the loss of its entire total value locked (TVL) \u2014 $355,000 at the time of the attack.\u00a0<br \/>\nThe hack, which occurred March 30, was initially detected by blockchain security firms TenArmorAlert and Decurity, both of which posted warnings on X to alert users of the protocol.<br \/>\nThe protocol\u2019s founder, known only as Xatarrer, described the hack as \u201cthe worst news a protocol could received [sic],\u201d but suggested they intend to try to keep the protocol going despite the setback.<br \/>\nSource: SIR.trading on X\u00a0\u201cClever attack\u201d targeted contract vault<br \/>\nDecurity described the hack as a \u201cclever attack\u201d that targeted a callback function used in the protocol\u2019s \u201cvulnerable contract Vault\u201d which leverages Ethereum\u2019s transient storage feature.\u00a0<br \/>\nAccording to Decurity the attacker was able to replace the real Uniswap pool address used in this callback function with an address under the hacker\u2019s control, allowing them to redirect the funds in the vault to their address. TenArmorAlert further explained that by repeatedly calling this callback function, the attacker was able to fully drain the protocol\u2019s TVL.<br \/>\nSource: Decurity\u00a0SupLabsYi, from blockchain security firm Supremacy, went into more detail on the attack in an X post, stating it may demonstrate a security flaw in Ethereum\u2019s transient storage.\u00a0<br \/>\nTransient storage was\u00a0added\u00a0to Ethereum with last year\u2019s Dencun upgrade. The new feature allows for temporary storage of data leading to lower gas fees than regular storage. \u00a0<br \/>\nAccording\u00a0to SupLabsYi, it\u2019s still a \u201cnascent feature,\u201d and the attack may be one of the first to exploit its vulnerabilities.<br \/>\n\u201cThis isn\u2019t merely a threat aimed at a single instance of uniswapV3SwapCallback,\u201d SupLabsYi said.<br \/>\nTenArmorSecurity said the stolen funds have now been deposited into an address funded through the Ethereum privacy solution, Railgun. Xatarrer has since reached out to Railgun for assistance.\u00a0<br \/>\nRelated: DeFi hacks drop 40% in 2024, CeFi breaches surge to $694M \u2014 Hacken<br \/>\nSIR.trading\u2019s documentation shows that it was billed as \u201ca new DeFi protocol for safer leverage.\u201d The stated purpose of the protocol was to address some of the challenges of leveraged trading, \u201csuch as volatility decay and liquidation risks, making it safer for long-term investing.\u201d<br \/>\nWhile it aimed for safer leveraged trading, the protocol\u2019s documentation did warn users that despite being audited, its smart contracts could still contain bugs that could lead to financial losses \u2014 highlighting the platform\u2019s vaults as a particular area of vulnerability.<br \/>\n\u201cUndiscovered bugs or exploits in SIR\u2019s smart contracts could lead to fund losses. These might stem from complex logic in vault mechanics or leverage calculations that audits failed to catch, exposing users to rare but critical failures,\u201d the project\u2019s documentation states.<br \/>\nMagazine: What are native rollups? Full guide to Ethereum\u2019s latest innovation<a href=\"https:\/\/cointelegraph.com\/news\/defi-protocol-sir-trading-loses-entire-355-k-tvl-exploit?utm_source=rss_feed&amp;utm_medium=rss&amp;utm_campaign=rss_partner_inbound\" target=\"_blank\" class=\"feedzy-rss-link-icon\" rel=\"noopener\">Read More<\/a><\/p>","protected":false},"excerpt":{"rendered":"<p>Source: Cointelegraph.com NewsEthereum-based DeFi protocol SIR.trading, also known as Synthetics Implemented Right, has been hacked, resulting in the loss of its entire total value locked (TVL) \u2014 $355,000 at the&hellip; <\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[5],"tags":[],"_links":{"self":[{"href":"http:\/\/cryptospotters.net\/index.php?rest_route=\/wp\/v2\/posts\/126116"}],"collection":[{"href":"http:\/\/cryptospotters.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/cryptospotters.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"http:\/\/cryptospotters.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=126116"}],"version-history":[{"count":0,"href":"http:\/\/cryptospotters.net\/index.php?rest_route=\/wp\/v2\/posts\/126116\/revisions"}],"wp:attachment":[{"href":"http:\/\/cryptospotters.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=126116"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/cryptospotters.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=126116"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/cryptospotters.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=126116"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}