On June 2023, Sturdy Finance was exploited in a reentrancy, resulting in approximately $800K in losses. That makes the Sturdy Finance exploit the 99th largest DeFi incident out of 690 documented in our archive.
Attack Mechanics: How the Sturdy Finance Reentrancy Played Out
Exploit Class Applied to Sturdy Finance
The Sturdy Finance incident on June 12, 2023 is classified as a Reentrancy. A malicious contract re-enters a vulnerable function before state is updated, letting it drain funds multiple times. In the full archive, Sturdy Finance is 1 of 51 documented reentrancy incidents.
Sturdy Finance in Context
At $800K, the Sturdy Finance exploit is a minor (<$1M) event compared to the largest same-class incident in our archive — Curve (2023) at $41M.
Prior Reentrancy Before Sturdy Finance
The nearest reentrancy incident before Sturdy Finance was Paribus, 62 days earlier on April 11, 2023 ($100K lost). The same exploit class surfaced again within the reentrancy attack surface.
Sturdy Finance Vulnerability Signature
The primary source categorises the Sturdy Finance exploit specifically as “Read-Only-Reentrancy”. This narrower label is entity-specific: it reflects how the Sturdy Finance contract failed, rather than the broad reentrancy pattern alone.
Impact & Recovery for Sturdy Finance
Sturdy Finance Loss Figure
The Sturdy Finance exploit caused $800,000 in losses — a minor (<$1M) incident and the 39th largest of 214 documented in 2023. This single incident represents 0.1% of all tracked losses that year.
Where Sturdy Finance Sits Among Reentrancy Attacks
Ranked by loss size, Sturdy Finance is the 12th largest of 51 reentrancy incidents documented. That puts the Sturdy Finance loss below the class average of $2.87M.
Timeline Since the Sturdy Finance Incident
The Sturdy Finance exploit occurred 2.8 years ago (1,037 days). The contract, its fork-block, and the attack transaction remain on-chain and forensically reproducible.
Primary Reference for Sturdy Finance
Public post-mortem / on-chain analysis for the Sturdy Finance incident: view source.
FAQ
How much did Sturdy Finance lose?
The Sturdy Finance exploit in June 2023 resulted in $800,000 in losses — the 39th largest of 214 DeFi incidents that year.
When did the Sturdy Finance hack happen?
The Sturdy Finance exploit was recorded on June 12, 2023 — 1,037 days ago.
What type of exploit hit Sturdy Finance?
The Sturdy Finance incident is classified as a Reentrancy. A malicious contract re-enters a vulnerable function before state is updated, letting it drain funds multiple times.
How common is the Reentrancy pattern seen at Sturdy Finance?
Our archive contains 51 documented reentrancy incidents. The Sturdy Finance incident is one of them.
How does Sturdy Finance compare to the largest Reentrancy attack?
The largest reentrancy incident in our archive is Curve (2023) at $41M. The Sturdy Finance loss is $800K.
How does the system address the challenge of scalability?
By leveraging blockchain platforms designed for high transaction throughput and integrating off-chain storage solutions.
What is the result for companies not related to environmentally sensitive industries?
Their environmental practices are positively and significantly valued.