DeFi Platform SIR.trading Loses $355K TVL in Security Breach
0
0
Highlights:
- DeFi platform SIR.trading has lost its entire $335K TVL in a coordinated security compromise.
- The hacker took advantage of the Ethereum network vulnerability to carry out the attack.
- TenArmor revealed that an error in the uniswapV3SwapCallback function aided the attack.
On March 30, blockchain security firm TenArmor reported that the Decentralized Finance (DeFi) platform, SIR.trading, also known as Synthetics Implemented Right, was the target of a security compromise. In a tweet, TenArmor stated that the DeFi platform lost its entire total value locked (TVL) worth $335,000 at the time of the attack.
TenArmor Explains the Main Cause of the Compromise
The Blockchain security firm noted that the hacker capitalized on Ethereum’s network vulnerability for the attack. It also mentioned the hacker moved the stolen funds to RailGun. In a follow-up tweet, TenArmor spotlighted the transient storage collision in the uniswapV3SwapCallback function as the main cause of the compromise.
TenArmor Security Alert
Our system has detected a suspicious attack involving #SIR.trading @leveragesir on #ETH, resulting in an approximately loss of $353.8K.
The stolen funds have been deposited into RailGun.
Attack transaction: https://t.co/W5SRnzKjDF… pic.twitter.com/e1OOQoKbhz
— TenArmorAlert (@TenArmorAlert) March 30, 2025
According to TenArmor, the uniswapV3SwapCallback function mistakenly assigned the same storage slot (slot 1) to the address of the Uniswap pool and the number of minted tokens. Having discovered the vulnerability, the hacker initialized a fake vault and manipulated the minted token number to match a pre-generated address from create2.
After the manipulations, the hacker triggered the uniswapV3SwapCallback function, which saved the hacker’s address in Slot 1 and deleted the original Uniswap pool address. This enabled the scammer to bypass compulsory security checks and withdraw funds from the vault by repeatedly recalling the compromised function.
The root cause lies in the transient storage collision in the uniswapV3SwapCallback function, which uses slot 1 both for the Uniswap pool address and the minted token amount.
The attacker initialized a malicious vault and manipulated the minted amount to exactly equal a… pic.twitter.com/198A5Wrsbq
— TenArmorAlert (@TenArmorAlert) March 30, 2025
SIR.trading Reacts by Initiating Recovery Efforts
As expected, the targeted DeFi platform reacted to the hack incident via a tweet on its official handle. It confirmed the compromise and warned users to stop sending funds to the platform. In another tweet, SIR.trading stated, “So we go the worst news a protocol could receive and got hacked for our entire TVL ($355k).” The DeFi company also vowed to keep working to recover the stolen funds. In addition, it encouraged X users with helpful information to reach out.
So we go the worst news a protocol could received and got hacked for our entire TVL ($355k).
I (@Xatarrer) would like to not throw the towel here as I truly believe in SIR.
If you also believe in the core protocol and have any idea on how to proceed forward, please DM. https://t.co/FD6QxwfXP4
— SIR.trading (
^
) (@leveragesir) March 30, 2025
In a separate tweet, SIR.trading tagged RailGun’s official X handle to report the hack. The DeFi platform also asked RailGun for help in recovering the stolen funds. In another X post, SIR.trading stated, “If anyone lost money in the hack and is from USA, please contact us. We can file a complaint to the Internet Crime Complaint Center.”
Despite 0mgoing efforts to recover the stolen funds, no positive news has emerged, hinting that the funds may be lost for good. This underscores the growing uncertainty in the crypto space. While decentralized platforms are associated with better security setups, the attack on SIR.trading reflects the need for advanced security measures.
Recent Security Compromises Targeting DeFi-Related Outlets
On March 19, Crypto2Community reported that the EOS blockchain was the target of an address-poisoning scam. According to the report, hackers sent 0.001 EOS to poison users’ addresses on the network. The scammers aimed to carry out the malicious act by creating wallet addresses that mimicked authentic ones from top exchanges like Binance and OKX. With slight changes in the wallet addresses, unsuspecting users will send money to fraudulent addresses.
In another publication, decentralized exchange (DEX) aggregator 1inch confirmed it lost $5 million in cryptocurrency. The DEX aggregator noted that the compromise was due to a smart contract vulnerability. It also stated that the hacker targeted resolvers using the outdated Fusion v1 implementation. Per SlowMist, the DEX aggregator lost approximately 2.4 million USDC and 1,276 Wrapped Ethereum (WETH) in the hack.
eToro Platform
Best Crypto Exchange
- Over 90 top cryptos to trade
- Regulated by top-tier entities
- User-friendly trading app
- 30+ million users
eToro is a multi-asset investment platform. The value of your investments may go up or down. Your capital is at risk. Don’t invest unless you’re prepared to lose all the money you invest. This is a high-risk investment, and you should not expect to be protected if something goes wrong.
0
0
Manage all your crypto, NFT and DeFi from one placeSecurely connect the portfolio you’re using to start.
