Decentralized finance protocol SIR.trading has suffered a catastrophic exploit, losing its entire total value locked (TVL) and prompting its founder to publicly offer a $100,000 bounty in exchange for the return of the remaining stolen funds.
TenArmor Security Alert
Our system has detected a suspicious attack involving #SIR.trading @leveragesir on #ETH, resulting in an approximately loss of $353.8K.
The stolen funds have been deposited into RailGun.
Acknowledging the skill involved in the attack, he described it as “almost beautiful” despite the devastating financial losses.
The message offered the attacker a chance to keep $100,000 as a reward for discovering the exploit while requesting that the remainder be returned.
Xatarrer emphasized that SIR.trading was not a VC-backed project but a grassroots effort built over four years, with $70,000 in funding from friends and supporters.
We just texted the hacker.
If you (the hacker) are reading this, please keep in mind this is all the money we had. We had no VC backing. All was raised from regular folks on Twitter/X. pic.twitter.com/X4g1zJrynp
He stated that the platform would not survive without the stolen funds. So far, the attacker has not responded to the plea.
According to on-chain data, the stolen assets have already been funneled through Railgun, a privacy protocol designed to obscure transaction trails, making fund recovery more challenging.
The Exploit: A Clever Manipulation of Transient Storage
The vulnerability that led to the SIR.trading exploit was tied to Ethereum’s transient storage, a feature introduced in the Dencun upgrade.
This attack, described by blockchain security experts as highly sophisticated, exploited a function within SIR.trading’s Vault contract known as `uniswapV3SwapCallback`.
The root cause lies in the transient storage collision in the uniswapV3SwapCallback function, which uses slot 1 both for the Uniswap pool address and the minted token amount.
The attacker initialized a malicious vault and manipulated the minted amount to exactly equal a… pic.twitter.com/198A5Wrsbq
According to Decurity, a blockchain security firm that analyzed the exploit, the attacker leveraged transient storage to manipulate how transactions were verified within the contract.
Synthetics Implemented Right @leveragesir has been hacked for $355k
This is a clever attack. In the vulnerable contract Vault (https://t.co/RycDbFY5Xq) there is a uniswapV3SwapCallback function that uses transient storage to verify the caller. Specifically, it loads an address… pic.twitter.com/u6PhksPV31
Instead of ensuring that only legitimate Uniswap pools could execute swaps, the contract was tricked into trusting a fake Uniswap pool address controlled by the hacker.
This was made possible because transient storage resets only after a transaction concludes, allowing the attacker to modify security parameters mid-execution.
Further analysis by blockchain researcher Yi revealed that the attacker brute-forced a vanity address, ensuring it matched the contract’s expected parameters.
.@leveragesir got hacked just now for $354k due a clever exploit targeting transient storage in a Vault contract’s uniswapV3SwapCallback. I think this is a groundbreaking case—How did it happen? What was the root cause? Now disappear into the darkness. https://t.co/WBQDRHGzWl
This enabled them to drain all assets from SIR.trading’s vault, wiping out its entire TVL.
Xatarrer acknowledged the devastating nature of the attack, calling it “the worst news a protocol could receive.”
Despite the losses, he expressed determination to rebuild, asking the community for input on possible next steps.
A Growing Trend of DeFi Exploits
The SIR.trading exploit is part of a broader trend of increasing security breaches within the decentralized finance sector.
Just six days before the attack on SIR.trading, another major exploit targeted the decentralized lending protocol Abracadabra.Money, leading to a $13 million loss.
The Abracadabra exploit, detected on March 25 by PeckShield, specifically targeted pools utilizing GMX tokens.
Attackers drained 6,260 ETH by exploiting vulnerabilities in Abracadabra’s smart contract infrastructure.
This marked the platform’s second major breach in 2024, following a $6.49 million loss in January that caused its Magic Internet Money (MIM) stablecoin to debug.
The single biggest loss was caused by Bybit’s February 21 hack, which was attributed to North Korea’s Lazarus Group.
The exploit siphoned approximately $1.4 billion, making it one of the largest cryptocurrency hacks in history.
As it stands now, while Xatarrer remains hopeful that the hacker will accept the bounty offer, the reality is that many of these stolen funds may never be recovered.
This articles is written by : Nermeen Nabil Khear Abdelmalak
All rights reserved to : USAGOLDMIES . www.usagoldmines.com
You can Enjoy surfing our website categories and read more content in many fields you may like .
Why USAGoldMines ?
USAGoldMines is a comprehensive website offering the latest in financial, crypto, and technical news. With specialized sections for each category, it provides readers with up-to-date market insights, investment trends, and technological advancements, making it a valuable resource for investors and enthusiasts in the fast-paced financial world.
By Nermeen Nabil Khear 
TenArmor Security Alert
^
) (@leveragesir) March 31, 2025
https://t.co/WBQDRHGzWl
pic.twitter.com/n1fv9x0YNh