Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Steadefi, an automated yield leveraged strategy platform, tweeted: “Our protocol deployer wallet (which is also the owner of all vaults in the protocol) has been compromised. Attackers have transferred ownership of all vaults (borrows and strategies) to them in a wallet controlled by the user and continue to take various owner-only operations, such as allowing any wallet to be able to borrow any available funds from the lending vault. Currently, all available lending capacity on Arbitrum and Avalanche has been exhausted by the attackers, and the assets have been swapped for ETH and bridged to Ethereum. On-chain messages have been sent to the attacker wallet address for negotiation. Steadefi wants to discuss the bounty with parties involved in the exploit, offering a 10% reward on the stolen funds. " Steadefi has lost approximately $1.158 million in the incident. On August 8, the Steadefi team managed to recover approximately $540,000 in user funds from remaining vaults. Attack method (per SlowMist): Private Key Leakage. Reported loss: $ 1,158,000.
- chain
- ethereum
- protocol
- Steadefi
- bug_class
- private-key
- date_occurred
- 2023-08-08
- loss_usd
- $1,158,000
- source_id
- sm:steadefi::2023-08-08