Create 2023-08-07-SteadeFi.md (#386)

* Create 2023-08-07-SteadeFi.md * Rename 2023-08-07-SteadeFi.md to 2023-08-07-Steadefi.md * Update 2023-08-07-Steadefi.md * Update 2023-08-07-Steadefi.md * Update 2023-08-07-Steadefi.md * name fix --------- Co-authored-by: Evgeny Dmitriev <[email protected]>
1712n · Apr 14, 2024 · 44ad98f · 44ad98f
1 parent 9b662a6
commit 44ad98f
Showing 1 changed file with 44 additions and 0 deletions.
diff --git a/content/attacks/posts/2023-08-07-Steadefi.md b/content/attacks/posts/2023-08-07-Steadefi.md
@@ -0,0 +1,44 @@
+---
+date: 2023-08-07
+target-entities: Steadefi
+entity-types:
+  - DeFi
+  - Yield Aggregator
+attack-types: Private Key Leak
+title: "Steadefi Loses $1.14 Million to Deployer Address Compromise"
+loss: 1140000
+---
+
+## Summary
+
+Steadefi, a yield farming platform on Arbitrum and Avalanche, reported a loss of $1.14 million due to a compromised deployer address. The exploit allowed the attacker to assume control over the platform's vault contracts, leading to the unauthorized borrowing of all available funds. The total value locked (TVL) in Steadefi [dropped from over $2 million to almost $0 as a result](https://defillama.com/protocol/steadefi). The funds were converted to approximately 625 ETH and landed in Tornado Cash. In response, Steadefi issued an on-chain bounty plea, offering the exploiter to return 90% of the funds while keeping the rest as a bounty.
+
+## Attackers
+
+The identity of the attacker is unknown. The following addresses are associated with this attack:
+
+- Ethereum Wallets:
+  - [0x9cf71f2ff126b9743319b60d2d873f0e508810dc](https://etherscan.io/address/0x9cf71f2ff126b9743319b60d2d873f0e508810dc)
+  - [0xe10d4a5bd440775226c7e1858f573e379d0aca36](https://etherscan.io/address/0xe10d4a5bd440775226c7e1858f573e379d0aca36)
+
+- Arbitrum Wallet:
+  - [0x9cf71F2ff126B9743319B60d2D873F0E508810dc](https://arbiscan.io/address/0x9cf71F2ff126B9743319B60d2D873F0E508810dc)
+
+- Avalanche Wallet:
+  - [0x9cf71F2ff126B9743319B60d2D873F0E508810dc](https://snowtrace.io/address/0x9cf71F2ff126B9743319B60d2D873F0E508810dc)
+
+## Losses
+
+Steadefi lost approximately $1,140,000 in total.
+
+## Timeline
+
+- **August 7, 2023, 06:01 PM UTC:** The [first malicious](https://arbiscan.io/tx/0x64490459485bf290ef00b360d3ea943fc56bcb364852ac482b772829cf09cad9) transaction occurred.
+- **August 7, 2023, 06:29 PM UTC:** Steadefi team sent [on-chain message](https://etherscan.io/tx/0xdfc31c31e07f9007a15680e9c98a4d523cc440d4349515cebf22196086c889d4) to the hacker offering a bounty of 10% of the stolen funds. 
+- **August 7, 2023, 07:33 PM UTC:** Steadefi team [reported](https://twitter.com/steadefi/status/1688619454178144264) about the exploit.
+- **August 7, 2023, 08:49 PM UTC:** [A brief overview of the incident](https://twitter.com/steadefi/status/1688638572608552960) from the team has been published 
+- **August 12, 2023, 08:27 AM UTC:** Hacker [began sending](https://etherscan.io/tx/0x06d5f3d5087615d64fa5051f4e5b5c2717345d9d3e68dcb3a7ff90b3bde539ef) stolen funds to Tornado Cash.
+
+## Security Failure Causes
+
+- **Private Key Compromise:** The core vulnerability in this incident stemmed from the compromise of the deployer address, a critical security flaw that allowed the attacker to manipulate Steadefi's smart contracts.