ZkSync's Largest Lender Struck by $3.4M Exploit

EraLend said the threat has been contained, but advises against deposits.

AccessTimeIconJul 25, 2023 at 1:34 p.m. UTC
Updated Jul 25, 2023 at 1:48 p.m. UTC
10 Years of Decentralizing the Future
May 29-31, 2024 - Austin, TexasThe biggest and most established global hub for everything crypto, blockchain and Web3.Register Now

EraLend, the largest lending protocol on Ethereum scaling blockchain zkSync, has been hit by a $3.4 million read-only reentrancy attack, according to blockchain security firm CertiK.

The total amount of capital locked on EraLend slumped to $10.75 million from $18.5 million following the exploit, DefiLlama data indicate.

"We've experienced a security incident on our platform today. The threat has been contained. We've suspended all borrowing operations for now and advise against depositing USDC. We're working with partners and cybersecurity firms to address this. More updates to follow," EraLend wrote in a tweet.

A read-only reentrancy bug allows an attacker to manipulate asset prices by flooding a smart contract with repeated calls in order to steal assets.

Decentralized finance (DeFi) protocol Conic Finance was hit by a similar attack last week with the total loss of $3.6 million.

UPDATE (July 25, 13:50 UTC): Removes space from EraLend's name throughout.

Edited by Sheldon Reback.


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is an award-winning media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. In November 2023, CoinDesk was acquired by Bullish group, owner of Bullish, a regulated, institutional digital assets exchange. Bullish group is majority owned by Block.one; both groups have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary, and an editorial committee, chaired by a former editor-in-chief of The Wall Street Journal, is being formed to support journalistic integrity.

Oliver Knight

Oliver Knight is a CoinDesk reporter based between London and Lisbon. He does not own any crypto.

Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.