Crypto news

The Great SIR.trading Heist: A Desperate Plea from the Founder

BBG News

🤣🚨 The Great SIR.trading Heist: A Desperate Plea from the Founder 🚨🤣

The Great SIR.trading Heist: A Desperate Plea from the Founder

Oh, dear hacker, how the mighty have fallen! 🤦‍♂️ The founder of the recently hacked decentralized finance protocol SIR.trading, Xatarrer, has made a pitiful plea to the attacker, begging them to return around 70% of the stolen customer funds, lest the protocol perish like a poor, defenseless moth in a candle flame. 💔

“Here is my proposal, keep $100k as a fair share for your critical bug find, and return the remaining,” Xatarrer wrote in a March 31 onchain message to the attacker, following the $355,000 hack on March 30. 📝

“We’ll call it even. No legal games, no drama,” they added, with an air of desperation that would put even the most hardened of souls to shame. 😂

Xatarrer claimed that SIR.trading was built on the back of four years of late-night coding and $70,000 from friends and believers, without any additional venture capital funding. Ah, the struggles of a true pioneer! 🚀

“We grew to $400k TVL organically without any advertising. If you keep 100% of the funds, there is no chance for us to survive.”

Xatarrer even praised the hacker for the sophisticated hack, stating that it was “almost beautiful if it wasn’t for all the funds people lost.” Ah, the beauty of destruction! 🌪️

The hacker, however, has remained silent, and has already transferred the stolen funds through to Ethereum privacy solution Railgun, according to data from Ethereum block explorer Etherscan. It seems that the hacker is not one to be swayed by sentimental appeals! 😏

Xatarrer initially said on March 30 that the SIR.trading team intended to keep the protocol up and running despite the setback. “We’ve already started planning our next steps. Those impacted by the hack will not be forgotten,” it said on March 31. Ah, the bravado of the wounded! 💪

Hack resulted from feature added to Ethereum’s Dencun upgrade

The hacker targeted a callback function used in the protocol’s “vulnerable contract Vault” which leverages Ethereum’s transient storage feature. Ah, the vulnerabilities of even the most seemingly secure of systems! 🤦‍♂️

The hacker managed to replace the real Uniswap pool address used in this callback function with an address under the hacker’s control, allowing them to redirect the funds in the vault to their address by repeatedly calling the callback function until all of the protocol’s total value locked was drained. Ah, the ingenuity of the hacker! 🤓

The transient storage feature was added to Ethereum in the March 2024 Dencun upgrade as a solution to offer users lower gas fees than gas typically required for regular storage. Ah, the eternal quest for efficiency! 🚀

SIR.trading’s documentation shows that it was billed as “a new DeFi protocol for safer leverage” to address some of the challenges that often occur in leveraged trading — such as volatility decay and liquidation risks. Ah, the hubris of the unwary! 🚨

It comes as crypto lost to exploits and scams fell to $28.8M in March, blockchain security firm CertiK said in a March 31 X post. Around $4.8 million was subtracted from that figure after hackers involved in the 1inch Resolver incident returned the stolen funds. Ah, the never-ending cycle of theft and recovery! 🔄

Crypto exploits and scams had one of its worst months in February, headlined by the $1.4 billion Bybit hack. Ah, the memories of the Bybit hack still linger like a bad smell! 🚮

Read More

2025-04-01 06:29

Previous post BTC’s Wild Ride: Whales Feast, Minnows Flee! 🐳📉
Next post Michael Saylor’s Bitcoin Strategy: $1.9 Billion and Counting! 💰😮