Base blockchain exploit leads to $1M theft
“The oracle used by these contracts was not robust, relying only on a single pair with a limited liquidity of ~$400K, making it susceptible to price swings that could be manipulated.”
An exploit involving unverified lending contracts on the Base blockchain resulted in the theft of about $1 million.
The incident, which took place over several hours, was reported by blockchain security firm Cyvers Alerts in an X post on Oct. 25.
The attacker exploited a vulnerability in the smart contracts related to Wrapped Ether (WETH), successfully manipulated the price and then siphoned the funds.
Price manipulation exploit
The attacker’s initial suspicious transaction extracted $993,534 from the Base blockchain’s unverified lending contracts.
They moved most of the stolen funds to the Ethereum network and then deposited $202,549 into the privacy-focused Tornado Cash service. Additional funds totaling $455,127 were taken using the same exploit.
In a written Q&A Hakan Unal, senior SOC lead at Cyvers Alerts, explained the vulnerability exploited in the attack:
“The oracle used by these contracts was not robust, relying only on a single pair with a limited liquidity of ~$400K, making it susceptible to price swings that could be manipulated.”
