Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
On July 25th, according to reports from several users, Eralend, the lending protocol on Zksync, was attacked by lightning loans, and it is currently unable to borrow, but it can be proposed temporarily. On July 26, EraLend released the progress of the attack. EraLend stated that the attacker manipulated the price of the oracle machine, resulting in the USDC mining pool being used for about 2.76 million US dollars. All other pools remain safe and unaffected. The attackers used multiple bridges to spread the exploited funds across multiple wallets on various chains. Attack method (per SlowMist): Flash Loan Attack. Reported loss: $ 2,760,000.
- chain
- —
- protocol
- Eralend
- bug_class
- oracle
- date_occurred
- 2023-07-25
- loss_usd
- $2,760,000
- source_id
- sm:eralend::2023-07-25