死亡協議從被駭池中洩漏加密資金

駭客利用已失效的 DeFi 借貸協議 Yield Protocol 的智能合約中的漏洞，竊取了 181,000 美元的加密資產。儘管 Yield Protocol 在 2023 年 12 月關閉後多次發出平倉和提取資金的警告，但身份不明的攻擊者仍然利用礦池代幣餘額與總供應量之間的差異來執行盜竊。

Hackers Exploit Smart Contract Vulnerability, Draining Funds from Yield Protocol

駭客利用智能合約漏洞，從 Yield Protocol 抽走資金

Los Angeles, CA – April 10, 2024 – A sophisticated hacking operation has targeted the defunct decentralized finance (DeFi) lending protocol Yield Protocol, resulting in the theft of approximately $181,000 worth of crypto assets. The attack, which exploited a vulnerability in the protocol's smart contracts, has raised concerns about the security of DeFi protocols and the need for robust measures to prevent future breaches.

加州洛杉磯 – 2024 年 4 月 10 日 – 一場複雜的駭客行動針對已失效的去中心化金融 (DeFi) 借貸協議 Yield Protocol，導致價值約 181,000 美元的加密資產被盜。這次攻擊利用了該協議智能合約中的漏洞，引發了人們對 DeFi 協議安全性的擔憂，並需要採取強有力的措施來防止未來的違規行為。

Yield Protocol, which shut down its operations in December 2023 due to dwindling business demand and regulatory pressures, had repeatedly advised its users to close their positions, withdraw their funds, and repay any outstanding loans. Despite these warnings, an unidentified hacker managed to breach the protocol's security and drain funds from its strategic contracts on the Arbitrum blockchain.

由於業務需求下降和監管壓力，Yield Protocol 於 2023 年 12 月關閉了運營，並多次建議其用戶平倉、提取資金並償還任何未償還貸款。儘管有這些警告，一名身份不明的駭客還是設法破壞了協議的安全性，並從 Arbitrum 區塊鏈上的戰略合約中竊取了資金。

Blockchain investigation firm PeckShield first detected the hack and later confirmed by CertiK. According to CertiK's investigation, the attacker exploited a discrepancy between the pool token balance and total supply, using flash-loaned assets to withdraw additional pool tokens before the discrepancy could be corrected.

區塊鏈調查公司 PeckShield 最先發現了駭客攻擊，隨後得到了 CertiK 的證實。根據 CertiK 的調查，攻擊者利用礦池代幣餘額與總供應量之間的差異，在差異得到糾正之前使用閃貸資產提取額外的礦池代幣。

Official support for Yield Protocol ended on February 2, 2024, and given the protocol's past history of recovering from attacks, the likelihood of recovering the stolen funds seems remote.

對 Yield Protocol 的官方支持於 2024 年 2 月 2 日結束，考慮到協議過去從攻擊中恢復的歷史，找回被盜資金的可能性似乎很小。

This incident is a stark reminder of the vulnerabilities that exist within DeFi protocols, which often rely on complex smart contract systems to automate financial transactions. While DeFi protocols offer the potential for increased financial freedom and transparency, they also present a tempting target for hackers seeking to exploit weaknesses in their systems.

這事件清楚地提醒人們，DeFi 協議中存在漏洞，這些協議通常依賴複雜的智慧合約系統來實現金融交易的自動化。雖然 DeFi 協議提供了提高財務自由度和透明度的潛力，但它們也為尋求利用其係統弱點的駭客提供了一個誘人的目標。

In March 2023, Yield Protocol was among 10 DeFi protocols that suffered losses in the wake of an attack on the noncustodial lending protocol Euler Finance. Through collaboration with Euler, Yield Protocol was able to fully recover from the flash loan attack by deploying new contracts and resetting the maturities of its fixed-yield tokens.

2023 年 3 月，非託管借貸協議 Euler Finance 遭到攻擊後，Yield Protocol 是遭受損失的 10 個 DeFi 協定之一。透過與 Euler 的合作，Yield Protocol 能夠透過部署新合約並重置其固定收益代幣的到期日，從閃貸攻擊中完全恢復。

However, the recent attack on Yield Protocol underscores the need for continuous vigilance and collaboration among DeFi developers, security experts, and law enforcement agencies to prevent and mitigate future breaches.

然而，最近對 Yield Protocol 的攻擊凸顯了 DeFi 開發人員、安全專家和執法機構之間需要持續保持警惕和合作，以防止和減輕未來的違規行為。

Blockchain security firm Immunefi, in a recent report, noted a 23% decline in losses due to hacking and scams in the first quarter of 2024 compared to the same period in 2023. While this is a positive trend, the report identified 46 hacking incidents and 15 cases of fraudulent activities in the first quarter of this year.

區塊鏈安全公司Immunefi 在最近的報告中指出，與2023 年同期相比，2024 年第一季因駭客和詐騙造成的損失下降了23%。發現了46 起駭客事件和今年第一季共發生15起詐欺活動案件。

The report highlighted the cross-chain bridge protocol Orbit Bridge as the most significant victim of a hacking incident, losing approximately $81.7 million.

報告強調，跨鏈橋協議 Orbit Bridge 是駭客事件的最大受害者，損失約 8,170 萬美元。

The challenges faced by DeFi protocols in securing their systems are compounded by the constant evolution of hacking techniques and the increasing sophistication of attackers. As DeFi continues to attract users and investors, it is imperative for protocols to implement robust security measures, conduct thorough audits, and educate users on best practices for protecting their assets.

由於駭客技術的不斷發展和攻擊者的日益複雜，DeFi 協定在保護系統安全方面面臨的挑戰變得更加複雜。隨著 DeFi 不斷吸引用戶和投資者，協議必須實施強有力的安全措施，進行徹底的審計，並教育用戶保護其資產的最佳實踐。

The recent attack on Yield Protocol serves as a wake-up call for the DeFi industry, emphasizing the critical importance of prioritizing security and investing in measures to prevent and respond to hacking incidents. By working together and adopting a proactive approach to security, DeFi protocols can mitigate risks and build trust among users and investors alike.

最近對 Yield Protocol 的攻擊給 DeFi 行業敲響了警鐘，強調了優先考慮安全性並投資於預防和應對駭客事件的措施的至關重要性。透過共同努力並採取積極主動的安全方法，DeFi 協議可以降低風險並在用戶和投資者之間建立信任。