Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
According to Silo Labs' postmortem report, an unreleased leverage feature smart contract deployed on Ethereum mainnet and Sonic was exploited during its testing phase. The affected contract was separate from Silo’s core infrastructure. The attacker manipulated the _swapArgs parameter within the contract to execute unauthorized borrowing, leveraging user approvals granted during testing. The exploit resulted in a loss of 224 ETH, which belonged to SiloDAO. No user funds were at risk, as the feature had not yet been made public. Attack method (per SlowMist): Contract Vulnerability. Reported loss: $ 542,000.
- chain
- ethereum
- protocol
- Silo Labs
- bug_class
- access-control
- date_occurred
- 2025-06-25
- loss_usd
- $542,000
- source_id
- sm:silo-labs::2025-06-25