SIR.trading offers attacker $100K bounty after losing entire TVL to exploit

After losing all its total value locked at a feat, the decentralized funding protocol SIR.TRADING offered the attacker a bonus of $ 100,000 to return the remaining funds.

On March 31, Xatarrer, the anonymous designer behind the Ethereum-based platform, made a direct chain plaid with a pirate.

In the messageThey asked the attacker to keep $ 100,000, which represents around 28% of stolen funds, as a “just part” to find critical vulnerability, promising that no legal action would be continued if the remaining funds had returned.

Xatarrer said the project had been built from zero for four years with coding sessions at the end of the evening and $ 70,000 in joint friends and supporters.

Without supporting venture capital companies, the protocol had happened organically at around $ 400,000 on TVL before the exploitation drained it.

“If you keep 100% of funds, there is no chance for us to survive,” they added.

Xatarrer also recognized the skills involved in the feat, calling for the attack “almost beautiful if it was not for all the funds that people lost”.

So far, there has been no response from the attacker. According to Etherscan data, the stolen crypto has already been channeled by Railgun, a confidentiality protocol which obscures the transaction tracks.

Sir.trading, also known as the synthetic implemented straight, was operated on March 30After a vulnerability in one of its main smart contracts, the entire TVL of the protocol led.

Vulnerability was linked to a function of the intelligent protocol contract called UNISWAPV3SWAPCallback, which is part of the safe contract. According to experts, vulnerability has involved transient storage of Ethereum, a functionality introduced in Dencun upgrade to help reduce gas costs.

The attacker handled transient storage before the end of the transaction, using it to crush security data in the middle of the process. This allowed them to deceive the contract to accept a false Pool Uniswap address controlled by the attacker.

After the incident, Xatarrer said they were still hoping to reconstruct the protocol. In their latest message to the community on X, the founder added that the team had already started to “plan” the next stages of the protocol.

The Sir feat. Last month, the layer 2 monetary market protocol based in Starknet Zklend lost more than $ 9 million Ethereum value in a feat.

February was particularly brutal, with losses of pirates and scams exceeding $ 1.5 billion, according to a March 5 report From the security company Blockchain Certik.