"We Won’t Survive": SIR.trading Founder Makes Desperate Plea to Hacker

Apr. 01, 2025

In a distressing turn of events for the decentralized finance community, SIR.trading, an Ethereum-based protocol, fell victim to a sophisticated hack on March 30, 2025, resulting in the loss of approximately $355,000 in total value locked. The platform's pseudonymous founder, known as "Xatarrer," has since issued a heartfelt plea to the attacker, requesting the return of a significant portion of the stolen funds to ensure the protocol's survival.

After the attack, the stolen funds were routed through Ethereum's privacy solution, Railgun, making it more difficult to trace the transactions. (Image Source: Shutterstock)

In an on-chain message dated March 31, Xatarrer posted on X and proposed that the hacker retain $100,000 as a "fair share" for identifying a critical vulnerability, while returning the remaining funds. "We'll call it even. No legal games, no drama" Xatarrer implored, emphasizing the dire consequences of the full loss. He revealed that SIR.trading was the culmination of four years of dedicated development, supported by $70,000 from friends and early believers, without any venture capital backing. The platform had organically grown to a TVL of $400,000 without advertising efforts. "If you keep 100% of the funds, there is no chance for us to survive," he lamented.

We just texted the hacker.

If you (the hacker) are reading this, please keep in mind this is all the money we had. We had no VC backing. All was raised from regular folks on Twitter/X. pic.twitter.com/X4g1zJrynp
— SIR (🦍^🎩) (@leveragesir) March 31, 2025

The breach exploited a vulnerability in SIR.trading's vault contract, specifically targeting a callback function that utilizes Ethereum's transient storage feature. The attacker manipulated this function by substituting the legitimate Uniswap pool address with one under their control, enabling the repeated redirection of funds until the vault was entirely drained.

Following the attack, the stolen funds were transferred through Ethereum's privacy solution, Railgun, complicating tracking efforts. Despite the setback, Xatarrer initially expressed determination to continue operations, stating "We've already started planning our next steps. Those impacted by the hack will not be forgotten."

This incident underscores the persistent vulnerabilities within the DeFi sector. In March 2025 alone, losses from exploits and scams totaled $28.8 million, according to blockchain security firm CertiK. Notably, this figure reflects a decrease from previous months, partly due to the return of $4.8 million by hackers involved in the 1inch Resolver incident. Nonetheless, the industry continues to grapple with significant breaches, including the staggering $1.5 billion hack of Bybit in February.

The SIR.trading exploit is part of a larger trend of DeFi vulnerabilities that are putting both projects and users at risk. As more capital flows into decentralized platforms, the sophistication of attacks continues to grow. Smaller projects, often lacking the robust security infrastructure of their larger counterparts, are increasingly becoming targets. This exploit highlights the urgent need for more collaborative efforts in the space to share security insights and strengthen defenses collectively, ensuring that the ecosystem can thrive without constantly facing existential threats.

The SIR.trading hack serves as a stark reminder of the challenges facing DeFi projects, particularly those operating without substantial financial backing. It highlights the critical need for rigorous security audits and proactive measures to safeguard user funds. As the community awaits the hacker's response, the future of SIR.trading hangs in the balance, emblematic of the broader uncertainties within the rapidly evolving DeFi landscape.