Decentralized crypto lending protocol Silo Finance confirmed on Wednesday that hackers had exploited a smart contract in its network. Reports from security analysts show that the exploit may have resulted in a loss of approximately $545,000.Â
According to blockchain security firm PeckShield, the vulnerability was discovered in a user-controlled input issue in the contract’s openLeveragePosition function.Â
We are aware of an ongoing security notification by our real-time risk monitoring partner @hypernativelabs.
Please rest assured that Silo’s core smart contracts, including markets and vaults, are not affected.
The scope is limited to a smart contract for automated leverage…
— Silo Labs (@SiloFinance) June 25, 2025
The Silo Finance team insisted that the specific contract was not part of the main protocol infrastructure and was instead being used to test a new leverage feature. It has assured users that the platform’s core contracts were not affected.
Following the exploit, SILO’s price plunged to approximately $0.04035, an 11% decline in the last 24 hours, according to data from Coingecko.
Exploiter used Tornado CashÂ
The malicious activity was traced to a wallet that received funds via Tornado Cash, a crypto mixing service used to obscure transaction trails.Â
PeckShield reported that their threat intelligence system detected the suspicious code three minutes and twenty seconds before the exploit was executed.
Earlier today, an audited contract for an unreleased leverage feature was exploited. This contract was for testing only.
Core contracts are safe – Markets and Vault. ✅
No user funds were lost, except for some Silo DAO's funds, which were used to test the leverage feature.
We…
— Ayham (AJ) (@ayham_eth) June 25, 2025
In response to the breach, Silo Finance paused the affected contract. The team issued a statement on X explaining, “The scope is limited to a smart contract for automated leverage, which is now paused. This is a function that is currently deployed for testing purposes only.”
Co-founder Aiham Jaabari also spoke on the incident, writing on his official X account:Â
“Earlier today, an audited contract for an unreleased leverage feature was exploited. This contract was for testing only. Core contracts are safe, Markets and Vault. No user funds were lost, except for some Silo DAO’s funds, which were used to test the leverage feature. We are on it.”
Silo dictated that none of its market or vault contracts, where user funds are actually held, were compromised. According to the team, the paused contract was not yet officially deployed as part of Silo’s main product offering, and no user deposits were affected.
Only funds belonging to Silo DAO, the decentralized autonomous organization that oversees protocol governance, were used in the affected smart contract. The internal funds were used to test the experimental leverage feature and were the sole assets lost in the exploit.
On-chain analytics show SILO traders rushed to offload or rebalance holdings after the smart contract breach. The 14-day Relative Strength Index (RSI) fell below 36, suggesting the token had entered oversold territory. Meanwhile, the 50-day moving average stood well above current price levels, at approximately $0.055, and there is a huge chance SILO will continue with its short-term downtrend.
Cork protocol exploiter resurfaces
Early today, blockchain security investigators tracked on-chain activity from the Cork Protocol exploiter. On the same day as the Silo hack, PeckShield Alert flagged transactions from addresses previously linked to the attacker who drained roughly $12 million from Cork Protocol in May.
#PeckShieldAlert #CorkProtocol Exploiter 2 – labeled address has transferred a total of 4,520 $ETH (worth ~$11M) to #TornadoCash & donated 10 $ETH to #Juicebox: Free Alexey & Roman (Tornado Cash developers’ legal fund) https://t.co/ITTET3M1Ak
— PeckShieldAlert (@PeckShieldAlert) June 25, 2025
The exploiter began by sending 1,410 ETH, worth around $3.2 million, to Tornado Cash. Minutes later, an additional 3,110 ETH was moved through the same service, bringing the total laundered amount to 4,520 ETH, equivalent to approximately $11 million at current prices.
Security firm CertiK also confirmed the transaction, stating, “This morning the Cork protocol exploiter deposited 4,520.2 ETH (~$11.4M) into TornadoCash.”
This is the first fund movement from the exploit-related addresses since the May 28 breach. The original exploit targeted Cork’s wstETH:weETH market, which led to the theft of 3,761 wrapped staked ETH (wstETH).
