An exploit on the Base blockchain has exposed significant vulnerabilities, resulting in the theft of approximately $1 million. The blockchain security firm Cyvers Alerts reported the incident on October 25, detailing how the attacker manipulated unverified lending contracts related to Wrapped Ether (WETH). The initial transaction extracted $993,534, which was largely moved to the Ethereum network, with roughly $202,549 funneled through the privacy service Tornado Cash and an additional $455,127 taken via the same exploit. Hakan Unal, from Cyvers Alerts, stated that the vulnerability arose from a single liquidity pair oracle with limited liquidity around $400K, making it prone to manipulation. Unal emphasized the importance of utilizing a more diversified oracle to avert such price manipulation issues. This incident underscores the broader security risks within decentralized finance (DeFi) platforms, highlighting the necessity for stronger security measures and thorough contract verification to protect user assets in the future.

Source 🔗