TechFlow reports that EraLend, a lending protocol in the zkSync ecosystem, has published a tweet explaining the cause of the attack: the attacker manipulated oracle prices to withdraw approximately $2.76 million from the USDC pool. Other liquidity pools remain secure and unaffected. The attacker used multiple bridges to distribute the exploited funds across eight addresses on different blockchains, with funds currently spread across three blockchains.
EraLend stated it is actively collaborating with bridge providers, security teams, exchanges, and law enforcement agencies to investigate and trace the fund flows, with the top priority being recovering funds for its 500,000 protocol users.
To limit further impact, EraLend has temporarily suspended borrowing, USDC deposits, and SyncSwap LP deposits, while significantly reducing interest rates for the USDC pool to protect affected borrowing positions from potential liquidations during this period.




