Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
According to an announcement from Equilibria Finance, a vulnerability was discovered in the ePENDLE auto-compounder contract on Ethereum, resulting in a loss of approximately 13.36 ETH. The issue stemmed from the stk-ePENDLE contract on Ethereum mainnet not being configured as non-transferable. The attacker used flash loans via Balancer to acquire ePENDLE, staked it into stk-ePENDLE, and then repeatedly transferred stk-ePENDLE across multiple addresses. Each transfer triggered a reward claim, enabling the attacker to drain the unclaimed rewards from the contract. Attack method (per SlowMist): Contract Vulnerability. Reported loss: $ 62,500.
- chain
- ethereum
- protocol
- Equilibria Finance
- bug_class
- flashloan
- date_occurred
- 2025-08-24
- loss_usd
- $62,500
- source_id
- sm:equilibria-finance::2025-08-24