Best crypto insights delivered straight to your inbox.
- Silo Finance confirms $545K loss from a smart contract exploit tied to a test leverage feature, with core contracts unaffected.
- SILO token drops over 11% as investors react; RSI falls below 36, indicating oversold conditions amid heightened trading activity.
- On the same day, Cork Protocol’s May attacker moves $11M in ETH through Tornado Cash and donates 10 ETH to Tornado Cash’s legal fund.
Decentralized crypto lending protocol Silo Finance confirmed on Wednesday that hackers had exploited a smart contract in its network. Reports from security analysts show that the exploit may have resulted in a loss of approximately $545,000.
According to blockchain security firm PeckShield, the vulnerability was discovered in a user-controlled input issue in the contract’s openLeveragePosition function.
We are aware of an ongoing security notification by our real-time risk monitoring partner @hypernativelabs.
Please rest assured that Silo’s core smart contracts, including markets and vaults, are not affected.
The scope is limited to a smart contract for automated leverage…
— Silo Labs | V3 Live (@SiloFinance) June 25, 2025
The Silo Finance team insisted that the specific contract was not part of the main protocol infrastructure and was instead being used to test a new leverage feature. It has assured users that the platform’s core contracts were not affected.
Following the exploit, SILO’s price plunged to approximately $0.04035, an 11% decline in the last 24 hours, according to data from Coingecko.
Exploiter used Tornado Cash
The malicious activity was traced to a wallet that received funds via Tornado Cash, a crypto mixing service used to obscure transaction trails.
PeckShield reported that their threat intelligence system detected the suspicious code three minutes and twenty seconds before the exploit was executed.
Earlier today, an audited contract for an unreleased leverage feature was exploited. This contract was for testing only.
Core contracts are safe – Markets and Vault. ✅
No user funds were lost, except for some Silo DAO’s funds, which were used to test the leverage feature.
We…
— Ayham (AJ) (@ayham_eth) June 25, 2025
In response to the breach, Silo Finance paused the affected contract. The team issued a statement on X explaining, “The scope is limited to a smart contract for automated leverage, which is now paused. This is a function that is currently deployed for testing purposes only.”
Co-founder Aiham Jaabari also spoke on the incident, writing on his official X account:
“Earlier today, an audited contract for an unreleased leverage feature was exploited. This contract was for testing only. Core contracts are safe, Markets and Vault. No user funds were lost, except for some Silo DAO’s funds, which were used to test the leverage feature. We are on it.”
Silo dictated that none of its market or vault contracts, where user funds are actually held, were compromised. According to the team, the paused contract was not yet officially deployed as part of Silo’s main product offering, and no user deposits were affected.
Only funds belonging to Silo DAO, the decentralized autonomous organization that oversees protocol governance, were used in the affected smart contract. The internal funds were used to test the experimental leverage feature and were the sole assets lost in the exploit.
On-chain analytics show SILO traders rushed to offload or rebalance holdings after the smart contract breach. The 14-day Relative Strength Index (RSI) fell below 36, suggesting the token had entered oversold territory. Meanwhile, the 50-day moving average stood well above current price levels, at approximately $0.055, and there is a huge chance SILO will continue with its short-term downtrend.
Cork protocol exploiter resurfaces
Early today, blockchain security investigators tracked on-chain activity from the Cork Protocol exploiter. On the same day as the Silo hack, PeckShield Alert flagged transactions from addresses previously linked to the attacker who drained roughly $12 million from Cork Protocol in May.
#PeckShieldAlert #CorkProtocol Exploiter 2 – labeled address has transferred a total of 4,520 $ETH (worth ~$11M) to #TornadoCash & donated 10 $ETH to #Juicebox: Free Alexey & Roman (Tornado Cash developers’ legal fund) https://t.co/ITTET3M1Ak
— PeckShieldAlert (@PeckShieldAlert) June 25, 2025
The exploiter began by sending 1,410 ETH, worth around $3.2 million, to Tornado Cash. Minutes later, an additional 3,110 ETH was moved through the same service, bringing the total laundered amount to 4,520 ETH, equivalent to approximately $11 million at current prices.
Security firm CertiK also confirmed the transaction, stating, “This morning the Cork protocol exploiter deposited 4,520.2 ETH (~$11.4M) into TornadoCash.”
This is the first fund movement from the exploit-related addresses since the May 28 breach. The original exploit targeted Cork’s wstETH:weETH market, which led to the theft of 3,761 wrapped staked ETH (wstETH).
Don’t just read crypto news. Understand it. Subscribe to our newsletter. It's free.
Disclaimer. The information provided is not trading advice. Cryptopolitan.com holds no liability for any investments made based on the information provided on this page. We strongly recommend independent research and/or consultation with a qualified professional before making any investment decisions.
Florence Muchai
Florence has been covering for the past 6 years crypto, gaming, tech, and AI news. Her Computer Studies at Meru University of Science and Technology and Disaster Management and International Diplomacy at MMUST amply equip her with language, observation and technical skills. Florence has worked at VAP Group and as an editor for several crypto media houses.
CRASH COURSE
- Which cryptocurrencies can make you money
- How to boost your security with a wallet (and which ones are actually worth using)
- Little-known investment strategies that the pros use
- How to get started investing in crypto (which exchanges to use, the best crypto to buy etc)