Silo Finance Bleeds $545K in Smart Contract Exploit—DeFi’s ’Trustless’ Myth Takes Another Hit
Another day, another DeFi exploit. Silo Finance joins the not-so-exclusive club of protocols learning the hard way that code isn't law—it's just code.
The breach: Attackers drained $545K by exploiting a vulnerability in Silo's smart contracts. No fancy social engineering—just pure, unadulterated math loopholes.
DeFi's dirty secret: The 'trustless' ecosystem still requires blind trust in unaudited (or poorly audited) contracts. But hey, at least the hackers got a nice ROI—unlike some bagholders.
Exploiter used Tornado Cash
The malicious activity was traced to a wallet that received funds via Tornado Cash, a crypto mixing service used to obscure transaction trails.
PeckShield reported that their threat intelligence system detected the suspicious code three minutes and twenty seconds before the exploit was executed.
Earlier today, an audited contract for an unreleased leverage feature was exploited. This contract was for testing only.
Core contracts are SAFE – Markets and Vault. ✅
No user funds were lost, except for some Silo DAO's funds, which were used to test the leverage feature.
We…
— Ayham (AJ) (@ayham_eth) June 25, 2025
In response to the breach, Silo Finance paused the affected contract. The team issued a statement on X explaining, “The scope is limited to a smart contract for automated leverage, which is now paused. This is a function that is currently deployed for testing purposes only.”
Co-founder Aiham Jaabari also spoke on the incident, writing on his official X account:
“Earlier today, an audited contract for an unreleased leverage feature was exploited. This contract was for testing only. Core contracts are safe, Markets and Vault. No user funds were lost, except for some Silo DAO’s funds, which were used to test the leverage feature. We are on it.”
Silo dictated that none of its market or vault contracts, where user funds are actually held, were compromised. According to the team, the paused contract was not yet officially deployed as part of Silo’s main product offering, and no user deposits were affected.
Only funds belonging to Silo DAO, the decentralized autonomous organization that oversees protocol governance, were used in the affected smart contract. The internal funds were used to test the experimental leverage feature and were the sole assets lost in the exploit.
On-chain analytics show SILO traders rushed to offload or rebalance holdings after the smart contract breach. The 14-day Relative Strength Index (RSI) fell below 36, suggesting the token had entered oversold territory. Meanwhile, the 50-day moving average stood well above current price levels, at approximately $0.055, and there is a huge chance SILO will continue with its short-term downtrend.
Cork protocol exploiter resurfaces
Early today, blockchain security investigators tracked on-chain activity from the Cork Protocol exploiter. On the same day as the Silo hack, PeckShield Alert flagged transactions from addresses previously linked to the attacker who drained roughly $12 million from Cork Protocol in May.
#PeckShieldAlert #CorkProtocol Exploiter 2 – labeled address has transferred a total of 4,520 $ETH (worth ~$11M) to #TornadoCash & donated 10 $ETH to #Juicebox: Free Alexey & Roman (Tornado Cash developers’ legal fund) https://t.co/ITTET3M1Ak
— PeckShieldAlert (@PeckShieldAlert) June 25, 2025
The exploiter began by sending 1,410 ETH, worth around $3.2 million, to Tornado Cash. Minutes later, an additional 3,110 ETH was moved through the same service, bringing the total laundered amount to 4,520 ETH, equivalent to approximately $11 million at current prices.
Security firm CertiK also confirmed the transaction, stating, “This morning the Cork protocol exploiter deposited 4,520.2 ETH (~$11.4M) into TornadoCash.”
This is the first fund movement from the exploit-related addresses since the May 28 breach. The original exploit targeted Cork’s wstETH:weETH market, which led to the theft of 3,761 wrapped staked ETH (wstETH).
KEY Difference Wire: the secret tool crypto projects use to get guaranteed media coverage
