On April 4, Sentiment, a DeFi lending platform, experienced a reentrancy attack that resulted in the theft of nearly $1 million. Sentiment is the latest DeFi platform to fall prey to hackers, as the industry remains a significant target for malicious actors.
1/4— Sentiment (@sentimentxyz) April 5, 2023
A status update on the current situation: At approximately 06:00:00 PM +UTC The Sentiment team became aware of abnormal borrowing activity which has now been declared as a malicious exploit.
Sentiment’s team acknowledged the attack and paused the main contract, restricting functionality to withdraw-only to deal with the situation. Third-party security auditors helped implement a fix for the problem, allowing users to repay debts and unwind their positions. The team is working with law enforcement and others to identify the hacker and recover the funds.
The hacker exploited Sentiment on Arbitrum using the “view re-entrance Balancer bug to execute malicious code before pool balances were updated and steal money using overpriced collateral,” according to analyses of the attack.
In recent months, there have been a number of attacks on DeFi platforms, including Euler Finance, which saw about $200 million stolen, and Allbridge, which lost about $570,000 due to an exploit related to a possible manipulation of a swap-related formula. The DeFi market lost over $200 million in March alone.
Stay tuned to CoinTopper for the latest news!