Ethereum-based DeFi protocol SIR.trading suffered a severe hack that led to the loss of its entire TVL. The protocol lost approximately $355,000 in value during the attack.
Blockchain security firms TenArmorAlert and Decurity first detected the hack and promptly warned users on X(Twitter).
The warning messages alerted the community about suspicious activity on SIR.trading. The funds stolen during the hack were deposited into an address associated with RailGun. The hack exploited a vulnerability in a specific contract function that handled transient storage.
Technical Details of the Attack
The hack took place in the Vault contract of the protocol, which used the uniswapV3SwapCallback function to verify the caller. This function relied on transient storage to load and verify an address from slot 0x1.
At first glance, the verification process appeared correct. However, the function stores the value of a variable into the same slot after execution. The attacker took advantage of this design by manipulating the externally controlled variable.
They managed to bruteforce a vanity address that allowed precise control of the stored value. By minting tokens with exact arguments, the hacker drained the Vault completely. This sophisticated attack demonstrated the critical impact of using transient storage in smart contracts.
Security Analysis and Industry Insights
Blockchain security expert SupLabsYi from Supremacy shared further insights into the attack. He mentioned that the hack could expose a potential flaw in Ethereum’s transient storage mechanism.
This feature was introduced with last year’s Dencun upgrade to reduce gas fees. According to SupLabsYi, the feature is still new and remains vulnerable to exploitation. He warned that this type of attack might not be limited to one specific contract.
The vulnerability might open the door for more sophisticated attacks across various DeFi protocols. Developers and auditors are now under pressure to review the use of transient storage carefully.
Also Read: ZkLend Suffers $10M Hack, Offers Attacker 10% Bounty For Fund Return Amid Ongoing Crypto Hacks
Protocol Background and Intended Safety
SIR.trading, also known as Synthetics Implemented Right, was designed as a protocol for safer leveraged trading. The project aimed to address challenges such as volatility decay and liquidation risks during leveraged trading.
The protocol’s documentation promised enhanced safety for long-term investors in the crypto space. It clearly stated that even audited smart contracts could have bugs or vulnerabilities.
The documentation specifically mentioned that the Vaults might be prone to exploitation. Despite the security warnings, the protocol aimed to offer a safer trading experience. The incident highlights the risks that still exist in complex DeFi systems.
Rising Attacks in the Crypto Space
Recent months have seen an increase in sophisticated crypto attacks targeting decentralized finance protocols. Hackers are using advanced techniques to exploit vulnerabilities in smart contracts and blockchain systems.
The hack on SIR.trading demonstrates the serious risks that can undermine even
well-designed DeFi protocols. The incident serves as a wake-up call for developers, auditors, and the broader crypto community.
Also Read: Coinbase Boosts Base Privacy With Iron Fish Team Acquisition, Amid Record Crypto Hacks In 2025