Ethereum-based Defi protocol SIR. Trading, also known as synthetically implemented, was completely emptied in an exploit on March 30 and lost all $ 355,000 of its total value locked.
Tenarmor, a blockchain security company, was the first to report the attack on March 30 after Ox Tenarmor marked various suspicious transactions and pointed out that the stolen funds had been transferred to Railgun, a privacy platform that helps to hide transactions.
Later, the security platform -alert that the hacker used an error in the Sir.Trading vault contract, in particular in a position called “Uniswapv3swapcallback.” Decurity referred to the hack as a ‘smart attack’.
In another X -post, Blockchain researcher Yi explained that the vulnerability was due to the way in which the contract verified transactions. Usually it may only allow transactions of a uniswap (uni) pool or other reliable source.
However, the contract was based on temporary storage, a temporary storage technique that was introduced in the EIP-1153 upgrade of Ethereum (ETH), also known as the Dencun Hard Fork.
The problem? Temporary storage will only be reset if a transaction has ended, but the contract was manipulated by the hacker who overwritten important security data while they were still being implemented. The hacker proceeded to mislead the contract to trust their fake address.
.@leveragesir got hacked just now for $354k due a clever exploit targeting transient storage in a Vault contract’s uniswapV3SwapCallback. I think this is a groundbreaking case—How did it happen? What was the root cause? Now disappear into the darkness. 🧵👇 https://t.co/WBQDRHGzWl
— Yi (@SuplabsYi) March 30, 2025
They did this by brutally forcing a unique vanity address, so that the contract can register their fake address as legitimate. The hacker then used an adjusted contract to all SIR funds. Trading’s Vault.
The anonymous maker of Sir. Trading, Xatarrer, recognized The attack after it happened called “the worst news that a protocol could receive.” They asked for feedback from the community about what they then had to do and showed interest in reconstruction despite the loss.
Since this attack is one of the first cases of hackers to operate this new Ethereum function in the real world, it raises questions about the safety of temporary storage. Security experts warn that, unless developers build stronger guarantees in their smart contracts, similar attacks can occur.
