Kannagi Finance Steals $2.4 Million in First zkSync Era Rug Pull

The zkSync Era, just a fledgling in the vast crypto market, faced a tough introduction to the sector’s challenges this past week, marked by significant breaches and unexpected setbacks.

EraLend Loses $3.4M in Security Breach

On Tuesday, July 25, cyber attackers pilfered a staggering $3.4 million from EraLend, a lending platform operating on the zkSync Era. In the aftermath, the EraLend team promptly halted all activities.

A subsequent update revealed they had pinpointed a potentially involved crypto exchange account. Furthermore, they suspect that the culprits may have utilized a certain VPN provider to obscure their online tracks.

“We’ve pinpointed a suspicious CEX account that appears to be linked to an individual potentially involved in the incident. We are collaborating closely with the local police department, providing them with all relevant information,” said EraLend.

To incentivize assistance, EraLend promised 10% of any reclaimed funds as a reward for information leading to hackers.

“We are rallying the entire community, urging you all to stand together with us in facing the criminals who have stolen our funds and violated our rights,” added EraLend.

Kannagi Finance’s Sudden Exit

Adding to zkSync Era’s woes, Kannagi Finance, a yield aggregator protocol, saw its entire asset pool drained on Friday, July 28. This dubious exit marked the first rug pull on the zkSync Era, with Kannagi Finance promptly vanishing online.

After auditing Kannagi Finance’s ERC20 contract in June, Blockchain security firm Solid Proof estimates the heist’s toll at approximately $2.4 million. However, it is important to clarify that their audit did not extend to the Vault contracts in this scam.

“We have already determined that the fraudster is most likely a person in the Chinese region. We will continue to track the wallets and take further steps,” said Solid Proof.

That responsibility fell to another entity, Source Hat, which audited the ERC-4626 token contract. Source Hat has yet to issue any statement on the Kannagi debacle, and relevant GitHub repositories have mysteriously disappeared.

By July 30, blockchain monitor MistTrack identified a transfer of 600 ETH from the Kannagi incident moving through the crypto mixer Tornado Cash.

The Road Ahead for zkSync Era

zkSync Era, called zkSync 2.0 in its beta phase, represents the second iteration of Matter Labs’ rollup-centric scaling solution. Its modus operandi contrasts with layer-two solutions such as Optimism.

Though both entities streamline operations by aggregating transactions before logging them on-chain, their methodologies diverge. While Optimism leverages optimistic rollups, zkSync opts for zero-knowledge (ZK) rollups.

Read More: What are Zero-Knowledge Proofs? Securing Growth for Web3 Apps 

Since its March debut, zkSync Era has been gradually cementing its presence in the DeFi sector, winning over projects with its promise of efficient transaction processing and negligible gas fees. A notable endorsement came last month when Kyber Network incorporated its flagship, KyberSwap, within the zkSync Era ecosystem.

An interesting metric to gauge zkSync Era’s standing post these setbacks is its Total Value Locked (TVL) – a trusted barometer of user sentiment, which typically dips post-security lapses.

Total Value Locked (TVL) on zkSync Era Jul 2023
Total Value Locked on zkSync Era. Source: Dune

However, zkSync Era seems to have bucked this trend. Notwithstanding last week’s upheavals, there hasn’t been a significant fund exodus. TVL metrics indicate a rise from Monday’s $442.55 million to over $380 million by the week’s end, suggesting the community’s faith remains largely unshaken.


In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content.

Source link

Be the first to comment

Leave a Reply

Your email address will not be published.