Aave「外圍」合約被駭客攻擊價值 5.6 萬美元，引發與 Euler Finance 的口角

今天早些時候，去中心化金融 (DeFi) 領域最大的借貸平台 Aave 的一份「外圍」合約遭到駭客攻擊，損失總計 56,000 美元。

A ‘periphery’ contract of the decentralized finance (DeFi) sector’s biggest lending platform, Aave, was hacked for a total of $56,000 earlier today.

今天早些時候，去中心化金融 (DeFi) 領域最大的借貸平台 Aave 的一份「外圍」合約遭到駭客攻擊，損失總計 56,000 美元。

Aave, which contains assets worth over $11 billion according to data from DeFiLlama, has made clear that the attack, which began, around 04:30 UTC placed no user funds at risk. Founder Stani Kulechov and governance delegate Marc Zeller both took to Twitter to reassure users.

根據 DeFiLlama 的數據，Aave 包含的資產價值超過 110 億美元，該公司已明確表示，這次攻擊於世界標準時間 04:30 左右開始，沒有使用戶資金面臨風險。創辦人 Stani Kulechov 和治理代表 Marc Zeller 都在 Twitter 上安撫用戶。

A periphery contract of @AAVE is hacked due to an arbitrary call/logic error. Most user funds are SAFU

@AAVE 的外圍合約因任意呼叫/邏輯錯誤而被駭客攻擊。大部分用戶資金為 SAFU

pic.twitter.com/WXa0w64n0c

pic.twitter.com/WXa0w64n0c

Read more: Compound DAO asleep at the wheel as $25M governance ‘attack’ passes

閱讀更多：隨著 2500 萬美元的治理「攻擊」過去，Compound DAO 沉睡了

Fuzzland’s Chaofan Shou identified the cause of the hack, pointing to transactions on four networks: Ethereum, Aribtrum, Arbitrum, Polygon, and Optimism. He estimated the total funds at risk to be around $70,000.

Fuzzland 的 Chaofan Shou 確定了駭客攻擊的原因，指出了四個網路上的交易：Ethereum、Aribtrum、Arbitrum、Polygon 和 Optimism。他估計面臨風險的資金總額約為 7 萬美元。

According to analysis by security firm QuillAudits, the losses to attacks on the above networks totaled approximately $51,000. A further attack on Avalanche netted around $5,000. Funds were forwarded to a holding address on all networks.

根據安全公司 QuillAudits 的分析，上述網路的攻擊造成的損失總計約為 51,000 美元。對 Avalanche 的進一步攻擊造成了約 5,000 美元的損失。資金被轉發到所有網路上的持有地址。

The affected periphery contract, ParaSwapRepayAdapter, isn’t part of the core Aave protocol and appears not to have been audited. It allows users to repay borrow positions using existing collateral, swapping assets via decentralized exchange ParaSwap.

受影響的外圍合約 ParaSwapRepayAdapter 不是核心 Aave 協議的一部分，似乎尚未經過審核。它允許用戶使用現有抵押品償還借入頭寸，透過去中心化交易所 ParaSwap 交換資產。

While the contract itself isn’t designed to hold user funds, the positive slippage on swaps leads to a gradual accrual of any leftover tokens.

雖然合約本身並不是為了持有用戶資金而設計的，但掉期的正滑點會導致剩餘代幣逐漸增加。

In response to questions about the origin of the funds stolen, Aave delegate Marc Zeller said, “Someone raided the tip jar.”

在回答有關被盜資金來源的問題時，Aave 代表 Marc Zeller 表示，“有人襲擊了小費罐。”

Aave development contributor BGD Labs later responded with more detail, informing users that losses were limited to the affected contracts and couldn’t spread to the wider protocol. The post also highlights that there’s no risk of a token approval-related attack.

Aave 開發貢獻者 BGD Labs 隨後做出了更詳細的回應，告知用戶損失僅限於受影響的合約，不會擴散到更廣泛的協議。該貼文還強調，不存在與代幣批准相關的攻擊的風險。

Today, a series of transactions across different networks were detected showing what it looked like an exploit on some Aave peripheral contracts (not part of the Aave Protocol itself).Before any further detailed report, we would like to clarify the following for transparency…

今天，檢測到一系列跨不同網路的交易，顯示出對某些 Aave 外圍合約（不是 Aave 協議本身的一部分）的利用。

Read more: Seneca Protocol hack highlights dangers of Ethereum’s token approval mechanism

閱讀更多：塞內卡協議黑客事件凸顯了以太坊代幣審批機制的危險

Two days ago, Euler Finance founder Michael Bently accused Aave of sweeping “major security issues” under the rug, in response to Kulechov’s teasing over Euler’s $200 million hack in March last year.

兩天前，Euler Finance 創始人 Michael Bently 指責 Aave 掩蓋“重大安全問題”，以回應 Kulechov 去年 3 月對 Euler 2 億美元黑客事件的調侃。

The comments, made in popular DeFi Telegram community LobsterDAO, resurfaced after today’s news, devolving into an argument between the two lending protocols.

這些評論是在流行的 DeFi Telegram 社群 LobsterDAO 上發表的，在今天的新聞發布後重新出現，演變成兩種借貸協議之間的爭論。

Bently accused the Aave team of “celebrating and tweeting misinformation” shortly after Euler was drained, as well as claiming that Aave is held to different security standards by the community at large.

Bently 指責 Aave 團隊在 Euler 被耗盡後不久就“慶祝並發布錯誤信息”，並聲稱整個社區對 Aave 採取了不同的安全標準。

In November 2023, a reported security incident led to a number of Aave pools being paused, but full details remained unpublished, citing concern for potentially vulnerable ‘forks’.

2023 年 11 月，據報導的安全事件導致多個 Aave 礦池暫停，但完整細節尚未公佈，理由是擔心「分叉」可能存在漏洞。

However, plenty of Aave forks have been hacked in the past, with little sympathy from the original protocol.

然而，過去許多 Aave 分叉都曾遭到駭客攻擊，原始協定並沒有引起太多同情。

Today we received a report of an issue on a certain feature of the Aave Protocol. After validation by community developers, the guardian has taken the following temporary prevention measure (no funds are at risk):

今天，我們收到了有關 Aave 協定某些功能的問題報告。經社區開發者驗證，監護人採取以下臨時防範措施（資金不存在風險）：

Read more: Linea protocol ZeroLend is a ‘copy-paste’ Aave fork, linking to original’s docs

了解更多：Linea 協定 ZeroLend 是一個「複製貼上」Aave 分支，連結到原始文檔

Kulechov dismissed his own earlier comment as “shitposting” while downplaying today’s event as “basically a tip jar arbed.” Then referring to Bently’s “tiring” talk of the upcoming Euler v2, Kulechov snapped “go build it and fuck off.”

庫列喬夫駁回了自己先前的評論，稱其為“垃圾帖”，同時淡化了今天的活動，稱其為“基本上是小費罐套利”。然後，在提到 Bently 對即將推出的 Euler v2 的“累人”談話時，Kulechov 厲聲說道：“去構建它，然後滾蛋。”

Aave is certainly no stranger to heated relationships with other organizations in DeFi. Earlier this year, risk management team Gauntlet decided to leave the protocol after frustrations boiled over.

Aave 當然對與 DeFi 領域其他組織的激烈關係並不陌生。今年早些時候，風險管理團隊 Gauntlet 在不滿情緒爆發後決定退出協議。