ChainCatcher news, according to monitoring by PeckShield, the attacker marked as the zkSync ecosystem lending protocol EraLend has transferred approximately 281 ETH to the new address 0xf888.

ChainCatcher news, according to PeckShield monitoring, the attacker address of the zkSync ecosystem lending protocol EraLend has transferred a total of approximately 410.8 ETH (about 757,000 USD) to CEX, accounting for 31% of the stolen funds.Previously reported, the zkSync ecosystem lending protocol EraLend was attacked, with the attacker manipulating the oracle prices, resulting in stolen funds of 2.76 million USD.

ChainCatcher news, the zkSync ecological lending protocol EraLend stated on its social platform that it has identified a CEX account that may be related to the participants of the attack event.It is reported that the team is closely cooperating with the local police department, providing them with all relevant information. Currently, the authorities are actively conducting further investigations to apprehend those responsible. In addition, the team is working with internet service providers to trace the real IP location of the attacker.ChainCatcher previously reported that the EraLend team has detected a security incident and confirmed that its platform was attacked. The attacker manipulated oracle prices to obtain approximately $2.76 million from the USDC pool.

ChainCatcher message, the zkSync ecological lending protocol EraLend has addressed the hacker on Twitter, stating the following:We know that during yesterday's attack, you could have drained all available liquidity, but you chose to only steal a portion. We believe this is your expression of "goodwill," or a potential concern for the victims and the widespread impact of the severe attack.However, your actions are illegal and have had a destructive impact not only on the 500,000 EraLend users but also on the entire DeFi community. We have reached out to security professionals, CEX, the broader DeFi security community, and law enforcement agencies. We are tracking the traces you left before and after the attack, both on-chain and off-chain.Therefore, we propose: please return 90% of the stolen funds to the following address by July 27th, 14:00 (UTC), and we will stop pursuing you. You can peacefully keep 10% of the stolen funds as a white hat bounty.The receiving wallet address is: 0x9eEE479DCf6075a0cb905c27e8F952910c3bb69D.If the stolen funds are not returned by the deadline, we will have no choice but to escalate this matter. Transactions will be terminated, and we will immediately set up another bounty for anyone who helps us prosecute you and recover the stolen funds. Please make a wise decision. (source link)

ChainCatcher message: The stablecoin USD+, issued by Overnight.fi, is affected by the attack incident on EraLend. The team will adjust the token supply around 15:00 Beijing time today to restore the USD+ peg. If users have USD+ liquidity on SyncSwap, they need to complete withdrawals before the token supply adjustment. The USD+ team will take snapshots for holders and liquidity providers to distribute the funds recovered from EraLend, but only those who withdraw will be included in the snapshot.In addition, SyncSwap stated that zkUSD and all other liquidity pools, such as BUSD, are not affected.

ChainCatcher news, the zkSync ecosystem lending protocol EraLend tweeted that, after a preliminary investigation, the illegal attack has been identified as a read-only reentrancy vulnerability. The attacker manipulated the oracle price, resulting in the theft of approximately $2.76 million from the USDC pool, while other pools remain unaffected.In addition, to limit further impact, EraLend has temporarily halted lending, USDC supply, and SyncSwap LP supply, and significantly reduced the interest rates of the USDC pool to protect the affected borrowing positions from potential liquidation during this period.

ChainCatcher news, the blockchain security agency BlockSec announced that it is assisting EraLend in resolving issues, with the attack being a read-only reentrancy attack, resulting in a total loss of approximately 3.4 million USD. Attacker address: 0xf1D076c9Be4533086f967e14EE6aFf204D5ECE7a

ChainCatcher news, the zkSync ecosystem lending protocol EraLend team announced on Discord that a security incident was detected at 09:27:21 UTC on July 25, confirming that their platform was attacked.The team stated that the attack has been contained and the attacker can no longer act. The scope of the impact is currently being assessed and will be further announced. As a precaution, EraLend has temporarily suspended all borrowing operations to ensure the safety of funds. Currently, EraLend is collaborating with cross-chain bridge partners and zkSync to prevent any further potential asset outflows. At the same time, EraLend is working closely with cybersecurity firms to determine the source of this attack.EraLend reminds that only USDC has been affected by this incident. All other assets remain safe and unaffected, and users are strongly advised not to deposit USDC at this time. (Source link)