The founder of the recently hacked decentralized finance protocol SIR.trading has made an emotional plea to the attacker, asking them to return around 70% of the stolen customer funds otherwise, the protocol will not survive.

“Here is my proposal, keep $100k as a fair share for your critical bug find, and return the remaining,” SIR.trading’s pseudonymous founder “Xatarrer” wrote in a March 31 onchain message to the attacker following the $355,000 hack on March 30.

“We’ll call it even. No legal games, no drama,” they added. 

Xatarrer said that SIR.trading was built on the back of four years of late-night coding and $70,000 from friends and believers without any additional venture capital funding.

“We grew to $400k TVL organically without any advertising. If you keep 100% of the funds, there is no chance for us to survive.”

Xatarrer even praised the hacker for the sophisticated hack, stating that it was “almost beautiful if it wasn’t for all the funds people lost.”

Source: SIR.trading

The hacker hasn’t responded and has already transferred the stolen funds through to Ethereum privacy solution Railgun, according to data from Ethereum block explorer Etherscan.

Xatarrer initially said on March 30 that the SIR.trading team intended to keep the protocol up and running despite the setback. “We’ve already started planning our next steps. Those impacted by the hack will not be forgotten,” it said on March 31.

Hack resulted from feature added to Ethereum’s Dencun upgrade

The hacker targeted a callback function used in the protocol’s “vulnerable contract Vault” which leverages Ethereum’s transient storage feature. 

The hacker managed to replace the real Uniswap pool address used in this callback function with an address under the hacker’s control, allowing them to redirect the funds in the vault to their address by repeatedly calling the callback function until all of the protocol’s total value locked was drained.

The transient storage feature was added to Ethereum in the March 2024 Dencun upgrade as a solution to offer users lower gas fees than gas typically required for regular storage.

Related: DeFi hacks drop 40% in 2024, CeFi breaches surge to $694M — Hacken

SIR.trading’s documentation shows that it was billed as “a new DeFi protocol for safer leverage” to address some of the challenges that often occur in leveraged trading — such as volatility decay and liquidation risks.

It comes as crypto lost to exploits and scams fell to $28.8M in March, blockchain security firm CertiK said in a March 31 X post. Around $4.8 million was subtracted from that figure after hackers involved in the 1inch Resolver incident returned the stolen funds.

Crypto exploits and scams had one of its worst months in February, headlined by the $1.4 billion Bybit hack.

Magazine: Should crypto projects ever negotiate with hackers? Probably

The hacker behind the $9.6 million exploit of the decentralized money-lending protocol zkLend in February claims they’ve just fallen victim to a phishing website impersonating Tornado Cash, resulting in the loss of a significant portion of the stolen funds.

In a message sent to zkLend through Etherscan on March 31, the hacker claimed to have lost 2,930 Ether (ETH) from the stolen funds to a phishing website posing as a front-end for Tornado Cash. 

In a series of March 31 transfers, the zkLend thief sent 100 Ether at a time to an address named Tornado.Cash: Router, finishing with three deposits of 10 Ether.

“Hello, I tried to move funds to a Tornado, but I used a phishing website, and all the funds have been lost. I am devastated. I am terribly sorry for all the havoc and losses caused,” the hacker said.

The hacker behind the zkLend exploit claims to have lost most of the funds to a phishing website posing as a front-end for Tornado Cash. Source: Etherscan

“All the 2,930 Eth have been taken by that site owners. I do not have coins. Please redirect your efforts towards those site owners to see if you can recover some of the money,” they added.

zkLend responded to the message by asking the hacker to “Return all the funds left in your wallets” to the zkLend wallet address. However, according to Etherscan, another 25 Ether was then sent to a wallet listed as Chainflip1. 

Earlier, another user warned the exploiter about the error, telling them, “don’t celebrate,” because all the funds were sent to the scam Tornado Cash URL.

“It is so devastating. Everything gone with one wrong website,” the hacker replied.

Another user warned the zkLend exploiter about the mistake, but it was too late. Source: Etherscan

How zkLend was exploited for $9.6 million

zkLend suffered an empty market exploit on Feb. 11 when an attacker used a small deposit and flash loans to inflate the lending accumulator, according to the protocol’s Feb. 14 post-mortem. 

The hacker then repeatedly deposited and withdrew funds, exploiting rounding errors that became significant due to the inflated accumulator. 

The attacker bridged the stolen funds to Ethereum and later failed to launder them through Railgun after protocol policies returned them to the original address. 

Following the exploit, zkLend proposed the hacker could keep 10% of the funds as a bounty and offered to release the culprit from legal liability and scrutiny from law enforcement if the remaining Ether was returned.

Related: DeFi protocol SIR.trading loses entire $355K TVL in ‘worst news’ possible

The offer deadline of Feb. 14 passed with no public response from either party. In a Feb. 19 update to X, zkLend said it was now offering a $500,000 bounty for any verifiable information that could lead to the hacker being arrested and the funds recovered.

Losses to crypto scams, exploits and hacks totaled over $33 million, according to blockchain security firm CertiK, but dropped to $28 million after decentralized exchange aggregator 1inch successfully recovered its stolen funds. 

Losses to crypto scams, exploits and hacks totaled nearly $1.53 billion in February. The $1.4 billion Feb. 21 attack on Bybit by North Korea’s Lazarus Group made up the lion’s share and took the title for largest crypto hack ever, doubling the $650 million Ronin bridge hack in March 2022. 

Magazine: Lazarus Group’s favorite exploit revealed — Crypto hacks analysis

Coinbase CEO Brian Armstrong is calling for legislative changes in the US to allow stablecoin holders to earn “onchain interest” on their holdings.

In a March 31 post on X, Armstrong argued that crypto companies should be treated similarly to banks and be “allowed to, and incentivized to, share interest with consumers.” He added that allowing onchain interest would be “consistent with a free market approach.”

Source: Brian Armstrong

There are currently two competing pieces of federal stablecoin legislation working their way through the legislative process in the US: the Stablecoin Transparency and Accountability for a Better Ledger Economy (STABLE) Act, and the Guiding and Establishing National Innovation for US Stablecoins (GENIUS) Act.

In reference to the stablecoin legislation, Armstrong said the US had an opportunity to “level the playing field and ensure these laws pave a way for all regulated stablecoins to deliver interest directly to consumers, the same way a savings or checking account can.” 

Armstrong: Onchain interest a boon for US economy

Armstrong argued that while stablecoins have already found product-market fit by “digitizing the dollar and other fiat currencies,” the addition of onchain interest would allow “the average person, and the US economy, to reap the full benefits.”

He said that if legislative changes allowed stablecoin issuers to pay interest to holders, US consumers could earn a yield of around 4% on their holdings, far outstripping the 2024 average interest yield on a consumer savings account, which Armstrong cited as 0.41%.

Armstrong also said onchain interest could benefit the broader US economy — by incentivizing the global use of US dollar stablecoins. This could see their use grow, “pulling dollars back to U.S. treasuries and extending dollar dominance in an increasingly digital global economy,” according to the Coinbase CEO. 

He also argued that the potential for a higher yield than traditional savings accounts would result in “more yield in consumers’ hands means more spending, saving, investing — fueling economic growth in all local economies where stablecoins are held.”

“If we don’t unlock onchain interest, the U.S. misses out on billions more USD users and trillions in potential cash flows,” Armstrong added.

Currently, neither the STABLE Act nor the GENIUS Act gives the legal go-ahead for onchain interest-generating stablecoins. In fact, in its current form, the STABLE Act includes a short passage prohibiting “payment stablecoin” issuers from paying yield to holders:

Source: STABLE Act

Related: Stablecoins, tokenized assets gain as Trump tariffs loom

Similarly, the GENIUS Act, which recently passed the Senate Banking Committee by a vote of 18-6, has been amended to exclude interest-bearing instruments from its definition of a “payment stablecoin.”

Commenting on the current state of the STABLE Act, Representative Bryan Steil told Eleanor Terrett, host of the Crypto in America podcast, that two pieces of legislation are positioned to “mirror up” following a few more draft rounds in the House and Senate — due to the differences between them being textual rather than substantive.

“At the end of the day, I think there’s recognition that we want to work with our Senate colleagues to get this across the line,” Steil said.

Magazine: SEC’s U-turn on crypto leaves key questions unanswered