Subscribe for notification
Blockchain

Base Blockchain Exploit Triggers $1M Theft, Cyvers Alerts

Major flaws in the Base blockchain were exposed by an exploit, which resulted in $1 million in stolen money and raised security concerns in DeFi.

Approximately $1 million was stolen due to an attack utilizing unconfirmed lending contracts on the Base network.

Blockchain security company Cyvers Alerts reported the event, which lasted for several hours, in an X post on October 25.

The attacker successfully changed the price and embezzled the money by using a flaw in the Wrapped Ether (WETH) smart contracts.

Source: Cyvers Alerts

Exploitation of price manipulation

$993,534 was taken out of the Base blockchain’s unconfirmed lending contracts by the attacker in their first suspicious transaction.

They transferred most of the stolen money to the Ethereum network before depositing $202,549 into the Tornado Cash service, which prioritizes privacy. The same exploit was used to steal $455,127 in additional cash.

Hakan Unal, senior SOC lead at Cyvers Alerts, described the attack’s exploited vulnerability in a written Q&A:

“The oracle used by these contracts was not robust, relying only on a single pair with a limited liquidity of ~$400K, making it susceptible to price swings that could be manipulated.”

Implications for security and prevention

Misusing unconfirmed lending agreements exposes more severe issues with decentralized finance (DeFi) systems that need robust security.

Unal stated that similar attacks may be avoided in the future, especially “for assets like WETH,” by using “a more reliable, diversified oracle with higher liquidity to avoid price manipulation.”

“Enhanced due diligence for lending contract verification, particularly on oracles used, can mitigate these risks.”

Who is at fault?

Unal informed Cointelegraph that by taking advantage of “the price manipulation vulnerability,” “the attacker managed to escape” with the stolen money.

“Responsibility likely falls on the entity managing the unverified lending contracts, as well as those responsible for choosing an insufficiently secure oracle for price verification.”

The perpetrator has successfully fled with the stolen money and has not yet been identified.

This incident makes it clear that DeFi platforms must strengthen security procedures to safeguard user cash and guarantee contract verification to stop future occurrences of this kind. Major flaws in the Base blockchain were exposed by an exploit, which resulted in $1 million in stolen money and raised security concerns in DeFi.

Ruth Okarter

Ruth is a seasoned news reporter and editor who brings her sharp eye and passion for storytelling to Protechbro.com. With a background in English and literary studies, Ruth crafts compelling narratives that unpack the complexities of the ever-evolving tech landscape.

Disqus Comments Loading...

Recent Posts

Hackers Breach Tate’s Online ‘University,’ Steal Data

Hackers have infiltrated an online course that was established by Andrew Tate, a self-described misogynist and purported influencer The compromise…

3 hours ago

Apple Builds Conversational Siri with LLMs

Apple is reportedly working on an enhanced version of Siri, incorporating large language models (LLMs) to create a more conversational…

3 hours ago

YouTube Shorts Unveils AI Video Backgrounds

Thursday was the day that YouTube announced that its Dream Screen feature for Shorts now allows users to construct movie…

4 hours ago

Marissa Mayer Pitches Ad-backed AI Chatbot Model

Marissa Mayer proposes a business model for AI chatbots funded by advertising, highlighting potential opportunities for monetization Marissa Mayer possesses…

4 hours ago

Palo Alto Networks Warns of Firewall Breaches

By exploiting two new zero-day vulnerabilities discovered in widely used software developed by cybersecurity behemoth Palo Alto Networks, malicious hackers…

4 hours ago

Wiz Buys Dazz for $450M

Wiz, a cybersecurity company that has garnered significant attention, is acquiring a substantial amount of cloud security technology in order…

4 hours ago