SIR.trading begs hacker to return $255K or ‘no chance for us to survive’

The hacker hasnt responded and has already transferred the stolen funds through to Ethereum privacy solution Railgun, according to data from Ethereum block explorer Etherscan.

Xatarrer initially said on March 30 that the SIR.trading team intended to keep the protocol up and running despite the setback. “Weve already started planning our next steps. Those impacted by the hack will not be forgotten,” it said on March 31.

Hack resulted from feature added to Ethereums Dencun upgrade

The hacker targeted a callback function used in the protocols “vulnerable contract Vault” which leverages Ethereums transient storage feature.

The hacker managed to replace the real Uniswap pool address used in this callback function with an address under the hacker‘s control, allowing them to redirect the funds in the vault to their address by repeatedly calling the callback function until all of the protocol’s total value locked was drained.

The transient storage feature was added to Ethereum in the March 2024 Dencun upgrade as a solution to offer users lower gas fees than gas typically required for regular storage.

SIR.tradings documentation shows that it was billed as “a new DeFi protocol for safer leverage” to address some of the challenges that often occur in leveraged trading — such as volatility decay and liquidation risks.

It comes as crypto lost to exploits and scams fell to $28.8M in March, blockchain security firm CertiK said in a March 31 X post. Around $4.8 million was subtracted from that figure after hackers involved in the 1inch Resolver incident returned the stolen funds.

Crypto exploits and scams had one of their worst months in February, headlined by the $1.4 billion Bybit hack.