Overview
On June 12 at 1:06 AM UTC, an attacker exploited Sturdy’s ETH market and stole 442 ETH (address here). The loss to the protocol was 504 ETH (the total size of the ETH lending pool is 2,109 ETH). No other assets or pools were impacted.
The root cause of the exploit has been determined, and will be outlined in a future article.
Immediately after the attack, contributors moved to pause the protocol. Thanks to the quick actions of dudesahn, an additional $150,000 at risk was saved. The stablecoin market was paused as well out of an abundance of caution; however, no funds there were ever at risk.
We have been coordinating with a team of world-class security experts specializing in on-chain analysis and off-chain opsec who have had successes in the recovery of funds in other recent high-profile cases. Along with assistance from global law enforcement, this has allowed us to gather a significant amount of information. We strongly advise the attacker to return funds (instructions here) and move on from this. If funds are not returned, a reward of $100k will be available for anyone that helps bring about an arrest and recovery of funds.
Next steps
The first step in enabling users to access their funds is unpausing the stablecoin market. There is one Balancer pool supported as collateral in the stablecoin market (bb-a-USD). While this pool isn’t believed to be vulnerable, out of an abundance of caution deposits to the pool will be disabled, and additional oracle checks will be implemented prior to unpausing the market. The stablecoin market is expected to be unpaused within the next 48 hours.
There is currently no fixed timeline for unpausing the exploited ETH market, however we will do so as soon as we are confident that the vulnerability has been mitigated and the hole has been filled. Details regarding repayment will be determined based on several factors (e.g., recovery of funds and insurance), however we are committed to making all users 100% whole as quickly as possible.
Finally, we would like to thank the community for their patience and support. We understand how distressing events like these are and we are working around the clock to ensure that users will be able to access all of their funds as soon as possible.