$355K Stolen in Sophisticated Attack
Decentralized finance protocol SIR.trading suffered a devastating $355,000 hack on March 30, triggering an emotional onchain appeal from its founder just a day later. The pseudonymous developer, known as “Xatarrer,” reached out directly to the hacker with a public proposal: keep $100,000 as a bounty, and return the remaining funds.
We just texted the hacker.
If you (the hacker) are reading this, please keep in mind this is all the money we had. We had no VC backing. All was raised from regular folks on Twitter/X. pic.twitter.com/X4g1zJrynp
— SIR.trading (🦍^🎩) (@leveragesir) March 31, 2025
“We’ll call it even. No legal games, no drama,” the message read.
The plea comes amid fears that the protocol will collapse without a partial recovery of the stolen funds.
Built Without Venture Capital, Now on the Brink
According to Xatarrer, SIR.trading was launched after four years of late-night coding and was funded only by $70,000 from friends and early supporters. It had grown to $400,000 in total value locked (TVL) without external investment or advertising.
“If you keep 100% of the funds, there is no chance for us to survive,” the founder stated, adding that the exploit was “almost beautiful” in terms of technical execution—if not for the fact that users lost money.
Hacker Routes Funds Through Privacy Protocol
Onchain data from Etherscan shows the attacker has already moved the funds into Railgun, an Ethereum-based privacy solution, making tracking and recovery difficult.
As of April 1, the attacker has not responded to the message.
Exploit Tied to Ethereum’s Dencun Upgrade
The vulnerability targeted a callback function in SIR.trading’s Vault contract, which used transient storage, a feature introduced in Ethereum’s Dencun upgrade in March 2024.
The attacker was able to replace the intended Uniswap pool address with their own contract address. By repeatedly calling the callback function, they drained all the vault’s funds.
This attack showcases how new protocol features, even those meant to reduce gas costs, can introduce unforeseen attack vectors when implemented improperly.
Developer Vows to Continue, But Future Uncertain
Despite the setback, the SIR.trading team announced they are exploring recovery options.
“We’ve already started planning our next steps. Those impacted by the hack will not be forgotten,” the team posted on March 31.
Still, without returned funds or outside help, the path forward appears limited.
Context: DeFi Security Still a Major Risk
SIR.trading’s vulnerability highlights a persistent problem in DeFi: under-resourced teams shipping complex contracts without full security audits.
While major hacks grab headlines, small protocols often suffer silent collapses after exploits of just a few hundred thousand dollars.
According to CertiK, March saw $28.8 million in crypto lost to hacks and scams, down significantly from February’s staggering $1.4 billion—driven largely by the Bybit exploit. Some of the March losses were mitigated by the return of $4.8 million by the hackers in the 1inch Resolver case.
Lessons for DeFi Investors
For crypto investors, the SIR.trading hack is another reminder that even well-meaning, transparent teams are not immune to sophisticated exploits.
It underscores the importance of:
-
Verifying audit reports
-
Understanding how new Ethereum upgrades may impact protocols
-
Allocating only what you can afford to lose in early-stage DeFi products
The hacker’s silence and the founder’s public plea also reignite the ethical debate: Are exploiters acting as security researchers—or financial predators?
For now, SIR.trading’s survival hangs in the balance.
