Following an attack on the USDC pool, EraLend, the lending protocol based on the zkSync protocol, has temporarily suspended all borrowing operations on its platform. The exploit resulted in a loss of approximately $2.76 million. In light of this incident, EraLend strongly advises against making USDC deposits. Despite this setback, EraLend claims to be a low-risk lending protocol.
EraLend has identified the attack as a read-only re-entrance exploit. According to the team, the attacker manipulated the Oracle price, resulting in the exploitation of the protocol and the loss of around $2.76 million from the USDC pool. However, EraLend reassures users that all other pools remain secure and unaffected by the attack.
After the attack, the team discovered that the attacker had spread the exploited funds across multiple wallets using different chains. Through several bridges, the funds were distributed among 3 blockchains and 8 addresses. EraLend is closely monitoring this flow.
Additionally, the EraLend team has contacted security teams, exchanges, and law enforcement agencies to investigate and trace the movement of the funds. They are also analyzing the information provided by these assisting entities.
The protocol’s top priority is to recover the funds belonging to its customers, who make up a user base of 500k.
On the platform, borrowing, USDC supply, and SyncSwap LP supply have been temporarily paused. EraLend explained that this measure aims to protect affected borrowing positions from potential liquidation.
Furthermore, shortly after the attack alert, the team initiated user refunds. They advised all users to claim their refund and revoke app approvals to EraLend.
In addition, the protocol is providing temporary compensation disbursement to eligible users due to the negative market sentiment.
What do you think of this article? Share comments below.