Source: Cointelegraph Original: "{title}"
Recently attacked DeFi protocol SIR.trading founder "Xatarrer" made an emotional appeal to the hacker, requesting the return of approximately 70% of the stolen user funds, or else the protocol will be unable to continue operations.
After suffering an attack of $355,000 on March 30, this pseudonymous founder proposed to the hacker on March 31 via on-chain message: "My proposal is that you can keep $100,000 as a reasonable reward for discovering a significant vulnerability; please return the remaining amount. We will consider this settled, and there will be no legal repercussions or further disputes."
Xatarrer emotionally stated that SIR.trading is the result of "four years of sleepless programming and $70,000 from friends," and that they have not accepted any venture capital. "We have naturally grown to a total locked value of $400,000 with zero advertising investment. If you take all the funds, we will have no way to continue."
The founder even praised the hacker's attack method as "exquisite," but quickly added, "If it weren't for so many people losing money, it would almost be perfect."
Source: SIR.trading
The hacker has yet to respond and has transferred the stolen funds through the Ethereum (ETH) privacy solution Railgun, as shown by the Ethereum blockchain explorer Etherscan.
Xatarrer initially stated on March 30 that despite the attack, the SIR.trading team still plans to maintain the protocol's operation. A follow-up statement on March 31 said, "We have begun planning subsequent measures and will never forget the users affected by this attack."
The vulnerability stemmed from a new feature introduced in the Ethereum Dencun upgrade.
The hacker exploited a callback function in the protocol's "Vault vulnerability contract," which utilized the characteristics of Ethereum's ephemeral storage. The attacker replaced the real Uniswap pool address in the callback function with a controllable address, transferring all vault funds through repeated calls to that function.
The ephemeral storage feature was introduced in the Ethereum Dencun upgrade in March 2024, aimed at providing a lower gas fee solution than conventional storage.
SIR.trading's official documentation claims that the protocol is a "new DeFi protocol for safer leveraged trading," dedicated to addressing common issues in leveraged trading such as volatility decay and liquidation risks.
Blockchain security company CertiK pointed out in a post on X platform on March 31 that losses in cryptocurrency due to vulnerabilities and scams in March dropped to $28.8 million. With the return of funds from the 1inch Resolver incident, this figure has decreased by about $4.8 million. In contrast, February was one of the worst months for crypto crime, with the Bybit theft case alone accounting for a significant portion at $1.4 billion.
Related: Paradigm: North Korean cryptocurrency attack methods are becoming increasingly sophisticated, with a growing number of attackers.
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
