Summary
EraLend (formerly Nexon Finance) is a decentralized lending protocol on zkSync Era that suffered a $3.4 million read-only reentrancy exploit on July 25, 2023, draining its USDC pool due to a vulnerability in inherited SyncSwap oracle code. The protocol's pre-hack audit by PeckShield explicitly assumed a trusted price oracle, leaving the vulnerable oracle mechanism unexamined. EraLend relaunched post-hack with a fee-based compensation plan but has seen its TVL decline sharply to approximately $138,000 as of 2025-2026.
Connected Entities
1 entitiesTimeline(8 events)
2023-02-09
Nexon Finance public testnet launches on zkSync
2023-03-01
PeckShield audits Nexon Finance; audit assumes a trusted price oracle, leaving oracle mechanism unexamined
2023-04-01
Nexon Finance goes live on zkSync Era mainnet
2023-05-20
Nexon Finance rebrands to EraLend
2023-07-25
EraLend exploited via read-only reentrancy attack; approximately $3.4M stolen from USDC pool by attacker 0xf1D076c9Be4533086f967e14EE6aFf204D5ECE7a
2023-07-26
EraLend confirms attack, suspends borrowing, advises against USDC deposits; SlowMist engaged for asset tracing
2023-08-08
EraLend separates exploited contract into 'EraLend Classic' and relaunches new protocol without SyncSwap LP pool; 10% recovery reward offered
2024-02-07
EraLend announces partnership with Pyth Network — last known public communication
Decision Log
- hash: 84xS76fDt98zX39tUv4fubfATHWXr91knWLBj7aYciik
This investigation is cryptographically anchored to the Solana blockchain and source URLs are archived via the Internet Archive.
model: claude-sonnet-4-6
generated: 5/4/2026, 2:54:40 AM
last updated: 5/28/2026, 3:33:53 PM
avoid.net — verified advice for a post-truth world