Decentralized finance protocol SIR.trading suffered an exploit that wiped out its entire total value locked (TVL). The protocol's creator offered the hacker a monetary reward for a partial return of the funds.
Exploit and TVL Loss
On March 30, all funds were drained from the platform due to a vulnerability in one of its core smart contracts, linked to the uniswapV3SwapCallback function. The attacker manipulated transient storage to carry out the attack using a fake Uniswap pool address.
Xatarrer's Offer
In response to the attack, SIR.trading founder Xatarrer made an on-chain plea to the hacker, offering to let them keep $100,000 as a fair share for finding the critical vulnerability. Xatarrer highlighted that the project was built from scratch over four years without venture capital backing.
Response and Protocol's Future
So far, there has been no response from the attacker, and the funds have been moved through the Railgun privacy protocol. Xatarrer expressed hope for rebuilding the protocol and mentioned the start of planning the next steps.
The SIR.trading incident highlights the importance of security in the DeFi space. Developers are striving to minimize vulnerabilities and restore user trust.
