Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Reproducible Foundry test fork from SunWeb3Sec/DeFiHackLabs. Clone the repo, run forge test against the file path above, and replay the exploit against a mainnet fork at the historical block. Use for reproduction only — not for live targets.
The DeFi lending agreement Sentiment stated that the team discovered abnormal lending activities. This malicious use led to the theft of about $966,000 from Sentiment on the Arbitrum network. The root cause is the read-only reentrancy of Balancer. On April 7, Sentiment announced that it had successfully recovered more than $900,000 of the stolen funds, leaving the remaining $95,000 as a reward for the attackers. Attack method (per SlowMist): Contract Vulnerability. Reported loss: $ 966,000.
- chain
- arbitrum
- protocol
- Sentiment
- bug_class
- reentrancy
- date_occurred
- 2023-04-05
- loss_usd
- $966,000
- source_id
- sm:sentiment::2023-04-05