Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Astaria, the NFT lending platform, tweeted: "At 12:42 BST on June 20, Astaria became aware of an issue with the basic execution of BeaconProxy.sol that allowed an attacker to manipulate the beacon to load a malicious execution that would allow the attacker to invoke the self-destruct feature. All funds and NFTs are secure and no action is required at this point, Astaria is in a suspended state and cannot initiate new loans. The suspended state is to protect all assets in the protocol and we can confirm that no funds are missing. Just now Astaria successfully executed a white hat recovery script that saved all ERC20 and ERC721 assets of all LPs and borrowers. Astaria has been in public beta since May 25. The recovery script extracted all funds and NFTs to Astaria multi-signature addresses using the updated contract implementation and recovery code. We are drafting a plan for the next steps and will follow up as soon as possible." Attack method (per SlowMist): Contract Vulnerability. Reported loss: -.
- chain
- —
- protocol
- Astaria
- bug_class
- logic
- date_occurred
- 2023-06-20
- loss_usd
- —
- source_id
- sm:astaria::2023-06-20