The post DeFi protocol SIR.trading loses entire $355K TVL in exploit  appeared on BitcoinEthereumNews.com.

Ethereum-based DeFi protocol SIR.trading, also known as Synthetics Implemented Right, was completely drained in an exploit on Mar. 30, losing all $355,000 of its total value locked. TenArmor, a blockchain security firm, was the first to report the attack on a Mar. 30 post o. X. TenArmor flagged several suspicious transactions and pointed out that the stolen funds had been transferred to RailGun, a privacy platform that helps hide transactions. Later, security platform Decurity, revealed that the hacker took advantage of a flaw in SIR.trading’s Vault contract, specifically in a function called “uniswapV3SwapCallback.” Decurity referred to the hack as a “clever attack.” In another X post, blockchain researcher Yi explained that the vulnerability was due to how the contract verified transactions. Typically, it should only permit transactions from a Uniswap (UNI) pool or other reliable source. However, the contract relied on transient storage, a temporary storage technique that was introduced in Ethereum’s (ETH) EIP-1153 upgrade, also known as the Dencun hard fork. The problem? Transient storage resets only after a transaction ends, but the contract was manipulated by the hacker overwrite important security data while it was still running. The hacker proceeded to trick the contract into trusting their fake address. .@leveragesir got hacked just now for $354k due a clever exploit targeting transient storage in a Vault contract’s uniswapV3SwapCallback. I think this is a groundbreaking case—How did it happen? What was the root cause? Now disappear into the darkness. 🧵👇 https://t.co/WBQDRHGzWl — Yi (@SuplabsYi) March 30, 2025 They did this by brute-forcing a unique vanity address, enabling the contract to register their fake address as a legitimate one. The hacker then utilized a custom contract to drain all the funds from SIR.trading’s vault. The anonymous creator of SIR.trading, Xatarrer, acknowledged the attack after it happened, calling it “the worst…

---

Filed under: News - @ March 31, 2025 6:17 am