After losing its full total value that has been locked to an exploit, decentralized financial protocol Sir.trading offered the attacker a premium of $ 100k to return the remaining funds.
On March 31, Xatarrer, the anonymous maker behind the platform based on Ethereum, made a direct plea for the chain for the hacker.
In the messageThey asked the attacker to retain $ 100,000, which is good 28% of the stolen funds, as a “fair share” for finding a critical vulnerability, which ensures that no legal steps would be pursued if the remaining funds were returned.
Xatarrer said that the project had been built all over for four years with Late-Night coding sessions and $ 70,000 merged from friends and supporters.
Without the support of risk capital companies, the protocol had grown organically to around $ 400,000 in TVL before the exploit emptied it all.
“If you keep 100% of the funds, there is no chance for us to survive,” they added.
Xatarrer also acknowledged the skill involved in the exploit and called the attack “almost beautiful if it wasn’t for all the funds that people lost”.
So far there has been no response from the attacker. According to Etherscan data, the stolen crypto has already been led by Railgun, a privacy protocol that darkens transaction paths.
Sir.Trading, also known as synthetic that was properly implemented, was operated on March 30, after a vulnerability in one of the core led smart contracts that the entire TVL of the protocol was transported.
The vulnerability was linked to a position in the smart contract of the protocol called UNISWAPV3SWAPCALLBACK, which is part of the safe contract. According to experts, the vulnerability included the temporary storage of Ethereum, a function introduced in the Dencun upgrade to lower gas costs.
The attacker manipulated the passing storage before the transaction ended and used it to overwrite security data in the middle of the process. This allowed them to fool the contract to accept a fake -uniswap -pool address that is controlled by the attacker.
After the incident, Xatarrer said that they still hope to rebuild the protocol. In their last message to the community on X, the founder added that the team had already started “planning” the next steps for the protocol.
The wounds are still fresh, but we’ve already started planning our next steps. Those impacted by the hack will not be forgotten.
Thank you to everyone who provided feedback and support during these difficult times. pic.twitter.com/mGk7eLWiXy
— SIR (🦍^🎩) (@leveragesir) March 31, 2025
This year, the Sir.Trading exploit contributes to a growing list of crypto security incidents. Last month Layer lost 2 Money-Market Protocol Zklend, on Starknet, in an exploit more than $ 9 million to Ethereum.
February turned out to be particularly brutal, with losses of hacks and scams of $ 1.5 billion, according to a report of 5 March from Blockchain Security Firm Certik.
