According to blockchain security firm CertiK, the largest lending protocol on Ethereum scaling blockchain zkSync was targeted by a $3.4 million read-only reentrancy attack.
According to DefiLlama data, the total amount of capital locked on EraLend dropped to $10.75 million from $18.5 million following the exploit.
“Today, we had a security incident on our platform. The threat has been mitigated. We have halted all borrowing operations for the time being and advise against depositing USDC. We’re collaborating with partners and cybersecurity businesses to address this. More information to come,” EraLend remarked in a tweet.
A read-only reentrancy flaw enables an attacker to influence asset prices by flooding a smart contract with repeated requests in order to steal assets.
Conic Finance, a Decentralised Finance (DeFi) protocol, was targeted by a similar attack last week, resulting in a $3.6 million loss.