Unprecedented Security Breach: Steadefi Under Siege as Ongoing Attack Imperils All Funds

In a significant blow to the decentralized finance (DeFi) ecosystem, Steadefi, a prominent DeFi application, suffered a breach on August 7, resulting in a loss of approximately $334,000 and an ongoing attack that has raised alarms within the crypto community. The situation escalated as the app’s development team took to social media to announce the precarious state of affairs, indicating that “all funds are currently at risk.” As a consequence of the ongoing attack, the total value locked in Steadefi has witnessed a sharp decline, as corroborated by data from DefiLlama.

On what was once known as Twitter and now referred to as X, the Steadefi team made a public announcement: “NOTICE: Steadefi has been exploited and all funds are currently at risk.” Additionally, they confirmed their attempt to engage with the attacker through an on-chain message sent to Ethereum address 0x9cf71F2ff126B9743319B60d2D873F0E508810dc. Intriguingly, blockchain records uncovered sizable influxes into this address on the Avalanche chain, commencing at 4:41 pm UTC.

Upon closer inspection, a collection of tokens, including 130,429 USDC, 3.39 Bitcoin, 15 Wrapped Ether (WETH), and 6,184 Avalanche (AVAX), were funneled to the aforementioned address. Notably, excluding WETH, the attacker promptly exchanged the other tokens for WETH before ingeniously transferring 184 WETH to another network via the Synapse bridge.

The address further demonstrated a parallel sequence of transactions on the Arbitrum network.

Within the realm of Ethereum blockchain data, an intriguing development emerged: the Steadefi development team made an audacious offer to the perpetrator, proposing that the hacker retain 10% of the purportedly pilfered funds.

Subsequent to confirming the security breach, Steadefi’s team delved deeper into the mechanics of the attack, revealing the entry point. Reportedly, the attacker managed to gain access to the private key of the team’s deployer wallet, an entryway enabling the execution of owner-only functions. With this authority in hand, the attacker proceeded to execute a series of owner-only actions, permitting any wallet to borrow funds from the lending vaults without restriction.

At present, the attacker has successfully drained all loanable funds. However, collateral confined within the vaults and not lent out remains untouched, as the application lacks an owner-only function capable of withdrawing deposits. Consequently, users who had entrusted funds to the “strategy” vaults may potentially retrieve a portion of their assets.

Conversely, the attacker utilized an owner-only function to halt farming contracts, resulting in a gridlock for users who had deposited svTokens or ibTokens into the farms. Unfortunately, these users are unable to withdraw their funds, entailing that their assets are ensnared within the application’s contractual confines. According to the team’s statement, most holders of these tokens had engaged in the farming process and are now grappling with an inability to reclaim their deposits.

The DeFi arena has remained vulnerable to exploitations, as evidenced by recent events. On August 8, CoinsPaid, a crypto payment company hailing from Estonia, revealed a staggering $37 million loss stemming from an attack orchestrated under the guise of a fake job interview. A few days earlier, the Curve protocol suffered an exploit that drained $61 million, though the attacker ultimately initiated partial fund returns.

For more news, find me on Twitter or subscribe to my YouTube channel.

What is your opinion on this issue? Leave me your comment below! I’m always interested in your opinion!

Leave a Reply

Your email address will not be published. Required fields are marked *

Recommended for you