Link copied 
A significant breach occurred in the world of decentralized finance (DeFi) on August 7 when the app Steadefi reported a substantial loss. Over $334,000 was maliciously extracted, putting the entire reserve in a precarious position.
Steadefi's development team promptly alerted their users on X, formerly known as Twitter, warning them about the situation. They revealed that every penny in the app was jeopardized because of the security incident. DefiLlama's records further corroborated the severity of this event by indicating a sharp drop in the app's total locked-in value.
The unidentified cybercriminal engaged in this exploitation transferred a variety of tokens, including 130,429 USD Coin, 3.39 Bitcoin, 15 Wrapped Ether, and 6,184 Avalanche. Except for WETH, these tokens were swiftly exchanged for Wrapped Ether. To further their motives, the assailant also shifted 184 WETH to another digital platform using the Synapse bridge. Traces of similar transaction patterns were spotted on the Arbitrum network, raising concerns about a broader operation.
From the Ethereum blockchain's recorded data, Steadefi's team approached the attacker with an unusual proposition. They offered a compromise where the assailant could retain 10% of the unlawfully procured funds.
Going into the specifics of how this breach transpired, the cybercriminal reportedly managed to secure the private key to Steadefi's deployer wallet. This unauthorized access enabled them to carry out exclusive owner functions. As a result, they manipulated the app's settings, making it possible for any external wallet to borrow from the lending vaults. Consequently, the attacker drained all available loan funds. Nevertheless, deposits made to the "strategy" vaults remain untouched since the hacker couldn't access that function.
Depositors who invested their svTokens or ibTokens in farming operations face a lock-in issue. Their funds are immobilized within the app's contract due to the attacker leveraging an exclusive function to halt these farming contracts. It is now clear that a majority of these token holders are in a bind and can't access their funds.
