SIR.trading Offers $100K Bounty to Exploiter After Losing Entire TVL

Decentralized finance protocol SIR.trading has suffered a catastrophic exploit, losing its entire total value locked (TVL) and prompting its founder to publicly offer a $100,000 bounty in exchange for the return of the remaining stolen funds.

TenArmor Security Alert

Our system has detected a suspicious attack involving #SIR.trading @leveragesir on #ETH, resulting in an approximately loss of $353.8K.

The stolen funds have been deposited into RailGun.

Attack transaction: https://t.co/W5SRnzKjDF… pic.twitter.com/e1OOQoKbhz

The attack, which drained approximately $355,000 from the platform, has raised new concerns about Ethereum’s recent Dencun upgrade.

On March 31, Xatarrer, the anonymous founder of SIR.trading, made an on-chain plea to the hacker.

Acknowledging the skill involved in the attack, he described it as “almost beautiful” despite the devastating financial losses.

The message offered the attacker a chance to keep $100,000 as a reward for discovering the exploit while requesting that the remainder be returned.

Xatarrer emphasized that SIR.trading was not a VC-backed project but a grassroots effort built over four years, with $70,000 in funding from friends and supporters.

We just texted the hacker.

If you (the hacker) are reading this, please keep in mind this is all the money we had. We had no VC backing. All was raised from regular folks on Twitter/X. pic.twitter.com/X4g1zJrynp

He stated that the platform would not survive without the stolen funds. So far, the attacker has not responded to the plea.

According to on-chain data, the stolen assets have already been funneled through Railgun, a privacy protocol designed to obscure transaction trails, making fund recovery more challenging.

The vulnerability that led to the SIR.trading exploit was tied to Ethereum’s transient storage, a feature introduced in the Dencun upgrade.

This attack, described by blockchain security experts as highly sophisticated, exploited a function within SIR.trading’s Vault contract known as `uniswapV3SwapCallback`.

The root cause lies in the transient storage collision in the uniswapV3SwapCallback function, which uses slot 1 both for the Uniswap pool address and the minted token amount.

The attacker initialized a malicious vault and manipulated the minted amount to exactly equal a… pic.twitter.com/198A5Wrsbq

According to Decurity, a blockchain security firm that analyzed the exploit, the attacker leveraged transient storage to manipulate how transactions were verified within the contract.

Synthetics Implemented Right @leveragesir has been hacked for $355k

This is a clever attack. In the vulnerable contract Vault (https://t.co/RycDbFY5Xq) there is a uniswapV3SwapCallback function that uses transient storage to verify the caller. Specifically, it loads an address… pic.twitter.com/u6PhksPV31

Instead of ensuring that only legitimate Uniswap pools could execute swaps, the contract was tricked into trusting a fake Uniswap pool address controlled by the hacker.

This was made possible because transient storage resets only after a transaction concludes, allowing the attacker to modify security parameters mid-execution.

Further analysis by blockchain researcher Yi revealed that the attacker brute-forced a vanity address, ensuring it matched the contract’s expected parameters.

.@leveragesir got hacked just now for $354k due a clever exploit targeting transient storage in a Vault contract’s uniswapV3SwapCallback. I think this is a groundbreaking case—How did it happen? What was the root cause? Now disappear into the darkness. https://t.co/WBQDRHGzWl

This enabled them to drain all assets from SIR.trading’s vault, wiping out its entire TVL.

Xatarrer acknowledged the devastating nature of the attack, calling it “the worst news a protocol could receive.”

Despite the losses, he expressed determination to rebuild, asking the community for input on possible next steps.

The SIR.trading exploit is part of a broader trend of increasing security breaches within the decentralized finance sector.

Just six days before the attack on SIR.trading, another major exploit targeted the decentralized lending protocol Abracadabra.Money, leading to a $13 million loss.

The Abracadabra exploit, detected on March 25 by PeckShield, specifically targeted pools utilizing GMX tokens.

Attackers drained 6,260 ETH by exploiting vulnerabilities in Abracadabra’s smart contract infrastructure.

This marked the platform’s second major breach in 2024, following a $6.49 million loss in January that caused its Magic Internet Money (MIM) stablecoin to debug.

Similarly, in February 2024, the crypto sector saw losses of approximately $1.53 billion, a staggering 1,500% increase from January’s reported losses of $98 million.

#CertiKStatsAlert

Combining all the incidents in February, we’ve confirmed ~$1.5B lost to exploits, hacks and scams.

The Bybit incident is the largest we have recorded since the Ronin Bridge exploit in 2022 which was also conducted by Lazarus.

More details below pic.twitter.com/n1fv9x0YNh

The single biggest loss was caused by Bybit’s February 21 hack, which was attributed to North Korea’s Lazarus Group.

The exploit siphoned approximately $1.4 billion, making it one of the largest cryptocurrency hacks in history.

As it stands now, while Xatarrer remains hopeful that the hacker will accept the bounty offer, the reality is that many of these stolen funds may never be recovered.

The post SIR.trading Offers $100K Bounty to Exploiter After Losing Entire TVL appeared first on Cryptonews.