According to Ethereum blockchain data, an undercollateralized lending protocol called Sentiment was exploited on April 4 for over $500,000 in cryptocurrency through a series of Arbitrum transactions. The attack involved transferring $536,738.410031 worth of USDC from the Synapse Bridge, draining coins from Sentiment. The attacker, labeled “Sentimentxyz Exploiter” by Arbiscan, may have stolen the protocol’s deployer key. After deploying and destroying a contract, the attacker redeployed and performed several transactions, including changing the admin for a BeaconProxy contract and upgrading the contract.
This allowed the attacker to transfer various tokens, leading to the loss of funds for the protocol. The funds were then swapped and moved through the Synapse bridge to the Ethereum network. The Sentiment team has acknowledged a “potential issue” with the protocol, but has not yet announced what steps are being taken to stop the attack or mitigate risk for users.