SIR.trading's Desperate $100K Bounty to Hacker: "Keep a Fair Share, Return the Rest!"

Creator's Plea After Devastating Exploit Drains Entire TVL

Holy crypto heist, Batman! SIR.trading, the DeFi protocol that just got its entire total value locked swiped in a slick exploit, is now throwing a $100K bounty at the attacker. They're begging the hacker to return the rest of the loot, promising no legal action if they play nice.

On March 31, Xatarrer, the mastermind behind this Ethereum-based platform, went full-on blockchain vigilante with a direct on-chain message to the thief.

"Yo, hacker, keep $100,000 - that's like 28% of the stolen stash - as your 'fair share' for spotting that gnarly vulnerability," Xatarrer pleaded. "Just give us back the rest, and we'll call it even, no cops involved."

This project was Xatarrer's baby, built from the ground up over four years with late-night coding marathons and $70,000 scraped together from friends and die-hard supporters.

Without a single dime from those fancy venture capital firms, SIR.trading had organically grown to a cool $400,000 in TVL before this exploit sucked it dry.

"If you keep 100% of the funds, we're toast," Xatarrer warned, desperation seeping through the blockchain.

But hey, they couldn't help but give props to the hacker's skills, calling the attack "almost beautiful" if it hadn't left so many people's wallets empty.

So far, crickets from the attacker. According to the blockchain sleuths at Etherscan, the stolen crypto has already been whisked away through Railgun, a privacy protocol that's like a ninja in the night for transaction trails.

SIR.trading, aka Synthetics Implemented Right, got hit hard on March 30. A sneaky vulnerability in one of its core smart contracts let the attacker drain the entire TVL.

The weak spot? A function called uniswapV3SwapCallback in the Vault contract. Experts say it's all tied to Ethereum's newfangled transient storage, a feature from the Dencun upgrade meant to save on gas fees.

The attacker pulled off some serious blockchain jujitsu, manipulating the transient storage before the transaction wrapped up. They used it to overwrite security data mid-process, tricking the contract into cozying up to a fake Uniswap pool address under their control.

Despite the gut punch, Xatarrer's not throwing in the towel. In their latest message to the community, they're already "planning" the next moves to rebuild the protocol.

This SIR.trading exploit is just the latest in a string of crypto security nightmares this year. Last month, zkLend, a Starknet-based layer 2 money-market protocol, got slammed for over $9 million worth of Ethereum.

And February? Brutal. Hacks and scams racked up a staggering $1.5 billion in losses, according to a report from blockchain security firm Certik.