On the evening of July 25th, EraLend, the lending protocol with the highest TVL on zkSync, was suddenly attacked by hackers.

According to the announcement issued by EraLend afterwards, the reason for this attack was that the hacker manipulated the oracle price and obtained about $2.76 million from EraLend's USDC pool, while other pools were unaffected.

After the incident, in order to contain further impact, EraLend temporarily suspended borrowing activities in all pools, as well as depositing activities in the USDC pool and SyncSwap LP pool.

Because I am keen on exploring new projects in the ecological environment, I always interact with various emerging projects in a radical manner. Naturally, I did not miss EraLend, a relatively popular project with a large scale of data in the ecosystem.

Unfortunately, I happened to deposit 1000 USDC in EraLend's USDC pool, so I "luckily" became a direct victim of this incident.

On July 26th, when I opened EraLend's main interface and saw that the scale of the USDC pool was almost reduced to 0 and there seemed to be no hope of withdrawal, I could only sigh and say, "What bad luck!"

Out of curiosity about the development of the situation, I opened EraLend's official Discord interface and browsed the announcement channel, which showed no progress. Then, I opened the Chinese channel to see if there were any victims like me.

After entering that channel, I found that although there were some sympathetic individuals intermittently inquiring about the situation, more Chinese experts were actively discussing another matter - "liquidating the pool".

Like a revelation, I instantly realized that there seemed to be a turning point in the situation!

The so-called "liquidating the pool" refers to actively monitoring the changes in the size of the USDC pool, looking for new funds flowing in, and gradually "liquidating" one's deposits from the pool by initiating multiple transactions.

So why does the USDC pool, which has been completely drained by hackers and suspended deposits, continue to receive funds?

The answer lies in the fact that in this hacking incident, only USDC was affected, while ETH and SyncSwap LP pool were not affected. Due to concerns about the security of the project, users who have assets in these two pools and have borrowed USDC against them need to repay their USDC debt before they can withdraw their funds (in ETH or SyncSwap LP tokens). This constant flow of debt funds back into the USDC pool also gives victims the opportunity to "dig" their funds back.

Of course, since each debt repayment will only result in an uncertain amount of USDC flowing back, and there are many victims hoping to recover their funds from the pool. In this situation, the most powerful competitors are naturally the scientists who have deployed robots. However, perhaps due to the limited popularity of the L2 project itself (most likely because scientists who can understand the code generally don't get involved in such unfortunate situations), many users have stated that manually "digging" can also have a high success rate.

When I entered this channel, several big shots happened to mention how much funds they had "dug", especially the person below who had dug 1000 USDC overnight. Since the amount of funds happened to be the same, their statements gave me the determination to make a big move.

So, starting from this afternoon around 2 o'clock, I also started to try to "dig" from the pool.

After several attempts to initiate withdrawal requests on the EraLend frontend but receiving an error message, I finally submitted the first transaction when the balance in the pool was around 4 US dollars, but unfortunately, it failed to confirm on the chain. For this, I asked the experts in the community and got the answer that this is normal, considering that everyone is scrambling for these funds. Although there will be some gas loss due to transaction failures, this loss is not significant compared to the funds being withdrawn.

So I continued to try and gradually discovered that approximately every 2-3 withdrawal requests, there would be one successful transaction that could bypass the error message. Later, approximately every 2-3 transactions, there would be one successful confirmation (there may also be a series of failures, but this is just the overall probability), thus completing the withdrawal of sporadic funds.

As for the amount that can be obtained from each successful withdrawal, in most cases, it is only 1-3 US dollars.

However, if you happen to encounter a "living bodhisattva" who makes a large repayment, there is also an opportunity to "dig" a large amount. In my personal experience, the highest amount I have "dug" at once was 301 USDC, which greatly accelerated my overall progress.

This completely random feedback gives me a different kind of excitement, and I'm not the only one who thinks so. Some people jokingly say in the community, "I even find it fun, pulling out a big one can make me happy for half an hour."

More users are jokingly encouraging each other, saying, "This is more reliable than delivering takeout."

In short, as more and more people "dig" their money back, it seems that there is not much repressed emotions in the community due to the hacker incident.

In the end, around 5 o'clock in the afternoon, I "dug" out the last transaction of about $6, successfully retrieving the 1000 USDC that I thought I would never get back, taking about 3 hours in total.

Overall, I made less than a hundred transactions (including failed ones). Taking into account that EraLend's successful withdrawal transactions will receive some gas refunds, the gas consumption for each transaction is about $0.4, so the total cost is about 40 dollars. It's worth it, this deal is completely cost-effective!

As of the time of writing, many users are still "digging" and trying to retrieve their funds in EraLend. However, it can be foreseen that as more users participate and the total amount of funds available in the USDC pool continues to decrease, the later it gets, the lower the chances of "digging" back the funds.

It's hard to judge whether this is right or wrong. From the perspective of the protocol operation, some victims are escaping the bad debt risk caused by the hacker incident by "digging into the pool", transferring it to the protocol itself and other users who have not escaped. But looking at the current situation of EraLend, as the TVL continues to shrink (mainly due to users of the other two pools constantly withdrawing funds), the protocol may even face the potential of insolvency. In this difficult time, the victims have an opportunity to recover their losses naturally.

Anyway, I'm running away first as a sign of respect.