Cyvers Reports $1.5 Million Theft Due to Base Blockchain Vulnerability
Cyvers Alerts has reported a $1.5 million theft linked to a vulnerability in the Base Blockchain involving price manipulation of Wrapped Ether. The exploit was executed through unverified lending contracts resulting in significant fund extraction. The stolen assets were moved to the Ethereum network with a portion laundered via Tornado Cash. Despite the incident's scale being relatively modest compared to broader Ethereum thefts the incident highlights ongoing security vulnerabilities and user error as major contributors to cryptocurrency losses.
Cyvers Reports $1.5 Million Theft Due to Base Blockchain Vulnerability
A significant vulnerability within the Base Blockchain has been exploited leading to the theft of $1.5 million as confirmed by blockchain security firm Cyvers Alerts. The firm detailed the exploit in a post on X on October 25 revealing that the attack involved price manipulation tactics that allowed for the extraction of substantial funds from unverified lending contracts on the blockchain.
The exploit unfolded over several hours beginning with a transaction that siphoned off $993,534 from the Base blockchain’s lending contracts. Almost five hours later another transaction utilized the same method to extract an additional $455,127. Cyvers Alerts pinpointed the exploit’s root cause to the manipulation of Wrapped Ether (WETH) prices through excessive borrowing. The attack targeted an oracle embedded in the smart contract which relied on a single trading pair characterized by limited liquidity of approximately $400,000. This lack of liquidity rendered the oracle vulnerable to price fluctuations that could be easily manipulated.
To mitigate such vulnerabilities Cyvers noted that implementing a diversified oracle with access to higher liquidity sources could have helped resist price manipulation attempts more effectively. Following the theft the stolen funds were transferred to the Ethereum network with $202,549 being funneled through Tornado Cash a privacy-oriented cryptocurrency mixer.
The use of crypto mixers like Tornado Cash complicates efforts to trace the stolen funds back to their original sources making it difficult to identify the attacker. While Tornado Cash is designed to enhance privacy for users its application by hackers to launder stolen funds has sparked considerable criticism within the crypto community.
Despite the scale of this incident it is relatively modest when compared to broader trends in cryptocurrency theft. Ethereum remains a prime target for hackers with a staggering total of $387.8 million stolen across 86 incidents thus far. This figure eclipses thefts on any other blockchain both in frequency and overall losses.
Contributing factors to these losses include vulnerabilities in smart contract code which have resulted in $39.6 million lost across 44 incidents. Additionally reentrancy attacks a method that allows hackers to withdraw funds before balances are updated have accounted for $30.3 million in losses across five different cases.
Moreover user error remains a significant concern contributing to a large portion of the total $750 million lost in hacks reported last quarter. Phishing attacks and private key compromises have emerged as the most common attack vectors leading to approximately $668 million in losses. As the crypto landscape continues to evolve the need for robust security measures and increased awareness of potential vulnerabilities becomes ever more critical.
Click Here to Visit
What's Your Reaction?
