Bitget App
Trade smarter
BlockSec Phalcon: SharwaFinance attacked, attacker profits approximately $146,000

BlockSec Phalcon: SharwaFinance attacked, attacker profits approximately $146,000

ForesightNewsForesightNews2025/10/20 11:22
Show original

Foresight News reported, according to monitoring by BlockSec Phalcon, that the decentralized finance protocol SharwaFinance claimed to have been attacked and suspended its services. However, several hours later, some suspicious transactions occurred again, possibly exploiting the same underlying issue. The attacker first created a margin account, then conducted leveraged lending using the provided collateral, and finally executed a sandwich attack on the swap operation involving the borrowed assets. The root cause appears to be that the swap() function of the MarginTrading contract lacks bankruptcy checks. This function only verifies solvency based on the account status before executing the asset swap, leaving room for manipulation during the process.


The two attackers made a total profit of approximately $146,000, with attacker 1 (0xd356...c08) earning about $61,000 through multiple attacks, and attacker 2 (0xaa24...795) earning about $85,000 through a single attack.

0

Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.