- Steadefi was recently exploited after its protocol deployer wallet was compromised.
- The DeFi protocol lost $1.14 million in the hack, which drained the lending capacity on Arbitrum and Avalanche.
- The Steadefi team has offered the hacker/hackers a 10% bounty if they agree to return the remaining funds.
Steadefi, a decentralized finance application, suffered a hack earlier today. The DeFi protocol, which offers leveraged yield vaults and lending pools, was exploited to the tune of $1.14 million after its protocol deployer wallet, which also controlled all of the app’s vaults, was compromised. The Steadefi team has attempted to contact the responsible parties in a bid to recover the lost assets.
The Steadefi team took to X (formerly Twitter) earlier today to inform its community about the exploit. According to on-chain data gathered by the team, the perpetrator transferred ownership of all lending and strategy vaults to a wallet controlled by them. This was followed by using the newly acquired wallets to borrow the maximum possible amount from the lending pools.
A post-mortem of the exploit revealed that the hacker managed to drain all available lending capacity on Arbitrum and Avalanche and then proceeded to swap all exploited assets to ETH and bridge them to the Ethereum network. The Steadefi team reported that depositor vaults were not affected by the exploit.
In addition to stealing funds, the hacker also paused Steadefi’s farms’ contracts, which prevented the DeFi protocol’s users from withdrawing their tokens from all affected farms. In an on-chain message to the exploiter, the Steadefi team offered a 10% bounty if the remaining funds were returned to the protocol.
“If you choose not to partake in the voluntary return and complete the process by 10th August at 0800 UTC, we will expand the bounty to the public, and offer the full 10% to the person who is able to identify you in a way that leads to your conviction in the courts,” the Steadefi team told the exploiter.
The Steadefi community expressed concerns over the exploit and the manner in which the hacker stole funds. Some speculated that it may have been an inside job, with core developers of the DeFi protocol pulling the rug on purpose.
Disclaimer: The information presented in this article is for informational and educational purposes only. The article does not constitute financial advice or advice of any kind. Coin Edition is not responsible for any losses incurred as a result of the utilization of content, products, or services mentioned. Readers are advised to exercise caution before taking any action related to the company.
