The decentralized finance protocol SIR.trading was hacked, resulting in the loss of user funds. The founder has made a public appeal to the hacker to return a portion of the funds to save the project.
Founder's emotional plea to the hacker
The founder of SIR.trading, known by the pseudonym Xatarrer, made an emotional appeal to the hacker who stole $355,000. In their message, Xatarrer proposed that the hacker keep $100,000 as a reward for finding the critical bug and return the remaining funds. 'We’ll call it even. No legal games, no drama,' Xatarrer added.
Technical details of the hack
The hack was executed by leveraging a callback function in the protocol’s 'vulnerable contract Vault' using Ethereum’s transient storage. This allowed the hacker to replace the Uniswap pool address, redirecting the vault funds by repeatedly calling the callback function until the protocol's total value locked was drained.
DeFi hacks: trends and impacts
While DeFi hacks have decreased, the SIR.trading incident highlights ongoing security threats. In March 2024, crypto losses from exploits and scams totaled $28.8 million, reflecting improvements in DeFi security but increased vulnerabilities in CeFi.
The growing number of DeFi attacks underscores the need for enhanced security measures. SIR.trading exemplifies the importance of rapid response and vulnerability identification.
