TLDR
- On a critical day, March 30, 2025, the SIR.trading DeFi platform fell victim to cybercriminals, stripping it of its entire $355K total value locked.
- The breach unraveled through a systemic trick within the Vault contract, with attackers manipulating its callback function.
- This exploit might mark the dawn of real-world hacks capitalizing on Ethereum's nascent transient storage, rolled out with the Dencun upgrade.
- In an audacious move, the pilfered funds took refuge in an address linked with Railgun, showcasing Ethereum’s anonymizing prowess.
- Despite this financial blow, Xatarrer, the mind behind the protocol, expressed a resilient commitment to pushing the venture forward.
By the end of March 2025, SIR.trading, an Ethereum-resident DeFi project, saw its coffers emptied – a sum rounding to $355,000, equivalent to its entire locked value.
Blockchain watchdogs TenArmorAlert and Decurity were the first to spotlight this breach, taking to social media to caution the community.
🚨TenArmor Security Alert🚨
An anomaly was detected indicating a potential attack, leaving a noteworthy dent of around $353.8K in its wake. #SIR .trading @leveragesir on #ETH The criminals funneled the absconded cash into Railgun’s ecosystem, a noted pillar of Ethereum privacy.
SIR.trading, or Synthetics Implemented Right, took shape as a bastion for safer leveraged trading, mitigating common pitfalls like volatility and potential liquidations.
Attack transaction: https://t.co/W5SRnzKjDF … pic.twitter.com/e1OOQoKbhz
— TenArmorAlert (@TenArmorAlert) March 30, 2025
Under the pseudonym Xatarrer, the protocol’s founding force lamented the catastrophe, likening it to a protocol’s worst nightmare. Yet, there’s a spark of hope as they plan to persevere and develop further.
Receiving such distressing news guns home the gravity of the situation; the entire $355k TVL has been siphoned away by hackers.
Xatarrer harbors hope and refrains from surrendering, holding a firm belief in SIR's capacity to rebound.
I ( @Xatarrer For fellow believers in the protocol's essence, vivid ideas and proactive steps are welcomed via direct message.
Deemed 'ingenious,' the attackers focused on a flaw within the Vault contract’s callback mechanics, leveraging Ethereum’s transient storage. https://t.co/FD6QxwfXP4
— SIR.trading (🦍^🎩) (@leveragesir) March 30, 2025
Decurity’s deep dive illuminated a sinister ploy, where attackers swapped a genuine Uniswap pool address for their malicious one, rerouting vault funds to their pockets.
TenArmorAlert unraveled the method: repeated invocations of this callback sucked the protocol dry, with Railgun's shield giving shelter to the proceeds.
SupLabsYi, a voice from Supremacy, opened the technical window, hinting at a latent flaw within Ethereum’s fledgling transient storage feature.
Exploiting Ethereum’s New Feature
With transient storage being a fledgling aspect introduced with the EIP-1153 and the Dencun fork, such attacks might foreshadow a shift in the hacking paradigm.
Embedded into Ethereum's core by the Dencun update, transient storage promises lower gas but transient data lifespans. https://t.co/8du3e1IVDV
— Yi (@SuplabsYi) March 30, 2025
Security gurus caution that this might only be the beginning for transient storage exploits unless reinforced with stringent safeguards.
SIR.trading contracts struggled with transaction verification, heavily leaning on transient data, which refreshes post-operation.
The attacker’s clever strategy involved modifying key security markers during ongoing transactions.
Yi, steeped in blockchain expertise, demonstrated how the attacker used brute force to mint a façade of authenticity with a crafted address.
Empowered by a bespoke contract, they extracted all holdings from SIR.trading's treasury. Xatarrer has sought out Railgun’s capabilities for any recovery pathway.
'Ironically, SIR.trading had a forewarning of potential pitfalls. It admitted that despite audits, unnoticed bugs could wreak havoc on user funds.
Particularly, the vaults were spotlighted as a bug-prone sector. The advisory addressed potential exploits lurking within the platform’s contracts.
The case throws a spotlight on Ethereum's transient storage security, underscoring the need for heightened contract defenses against future raids.
Maisie stands as a veteran journalist steering conversations around Crypto & Financial landscapes, leading editorial efforts across notable platforms.
