FEG代幣2022年第三次被黑，用戶損失99%資金

週日，Feed Every Gorilla (FEG) 代幣的「SmartBridge」被疑似利用，駭客出售收益後，持有者損失了 99%

A suspected exploit of the Feed Every Gorilla (FEG) token’s “SmartBridge” left holders down 99% on Sunday, after the hacker sold off the proceeds into existing liquidity.

週日，Feed Every Gorilla (FEG) 代幣的「SmartBridge」被懷疑被利用，駭客將收益出售為現有流動性，導致持有人損失了 99%。

In what must feel like a depressingly familiar series of events, this attack is the third to hit the project following two separate incidents in 2022.

這一系列事件肯定讓人感到令人沮喪地熟悉，這是繼 2022 年發生的兩起獨立事件之後，該計畫第三次遭受攻擊。

Looks like @FEGtoken has been hacked. Price has dropped by 99%. As I can see, exploiter's profit is at least:712 $BNB on BSC73 $ETH on Base96 $ETH on EthereumFunds have been transfered to #TornadoCash. Total profit is over 1,070,000$. Protocol paused by team 🫣 pic.twitter.com/gGEHBurtif

看起來@FEGtoken 已被駭客攻擊。價格下降了99%。正如我所看到的，剝削者的利潤至少是：712 $BNB on BSC73 $ETH on Base96 $ETH on Ethereum資金已轉移到#TornadoCash。總利潤超過 1,070,000 美元。協議被團隊暫停🫣 pic.twitter.com/gGEHBurtif

Read more: Are North Korean hackers liquidated on HyperLiquid planning something?

了解更多：北韓駭客是否正在計劃對 HyperLiquid 進行清算？

The project’s response to the “Irregular Transactions” acknowledged its users’ frustration, which were shared by the team. It initially suspected “a vulnerability in the wormhole bridge, which had previously undergone an audit” by Peckshield (which claims to have identified the root cause, but is yet to comment officially).

該專案對「不規則交易」的回應承認用戶的沮喪，團隊也有同樣的感受。它最初懷疑「蟲洞橋存在漏洞，該漏洞此前曾接受過 Peckshield 的審計」（Peckshield 聲稱已經找到了根本原因，但尚未正式發表評論）。

In the meantime, crypto security and auditing firm BlockSec conducted its own analysis of the hack, finding that “only the relayer can register withdrawal in the SmartBridge. However, when receiving a wormhole bridge message, the relayer doesn’t check if the source address is allowed to trigger the withdrawal registration.”

同時，加密安全和審計公司 BlockSec 對這次駭客攻擊進行了自己的分析，發現「只有中繼者可以在 SmartBridge 中註冊提款。然而，當中繼器收到蟲洞橋訊息時，不會檢查來源位址是否允許觸發提現註冊。

The hacker was then able to craft a malicious bridge message on one chain, fraudulently withdraw large amounts of FEG on the destination chain, and swap it for the existing liquidity. The same three steps were followed on each chain.

然後，駭客能夠在一條鏈上製作惡意橋接訊息，在目標鏈上欺詐性地提取大量 FEG，並將其交換為現有的流動性。每條鏈上都遵循相同的三個步驟。

The FEG token ties together the project’s “SmartDeFi” token launchpads on ETH, Base and BNB Chain. According to Cyvers, the attacker made over $1 million dumping the tokens: 96 ETH, 73 ETH and 712 BNB profit on each chain, respectively.

FEG 代幣將專案在 ETH、Base 和 BNB 鏈上的「SmartDeFi」代幣啟動板連結在一起。據 Cyvers 稱，攻擊者透過拋售代幣賺取了超過 100 萬美元：每條鏈上分別獲利 96 ETH、73 ETH 和 712 BNB。

Many voiced their frustrations and disbelief via X despite replies to the team’s statement being disabled. Users remarked on the loss of credibility, a lack of surprise, feeling “trapped,” and even suggesting the events may have been inside jobs.

儘管對該團隊聲明的回應已被禁用，但許多人透過 X 表達了他們的沮喪和懷疑。用戶表示，他們失去了可信度，缺乏驚喜，感覺“被困”，甚至暗示這些事件可能發生在工作內部。

Some did show support, however, pointing to the team’s “proactive approach” and taking comfort in FEG’s “real-world utility,” while dismissing security concerns as “woke.”

然而，一些人確實表示了支持，指出該團隊的“積極主動的方法”，並對 FEG 的“現實世界實用性”感到安慰，同時將安全擔憂視為“覺醒”。

This isn’t FEG’s first rodeo

這不是 FEG 的第一場牛仔競技表演

May 2022 saw the project lose $1.3 million to a flash loan attack which also exploited a data validation issue to drain FEG tokens. Despite “respectfully request[ing]” the return of stolen funds, they were laundered via Tornado Cash a few days later.

2022 年 5 月，該專案因閃貸攻擊損失了 130 萬美元，該攻擊還利用數據驗證問題耗盡 FEG 代幣。儘管「恭敬地請求」歸還被盜資金，但幾天後這些資金還是透過龍捲風現金進行了洗錢。

The FEG team would like to keep the community updated on what had transpired on May 15, 2022 at approximately 8:20 PM (UTC). There was an exploit in the Swap-to-Swap (S2S) functionality within the FEGtoken swap contracts on BSC and ETH.(1/7)

FEG 團隊希望向社區通報 2022 年 5 月 15 日晚上 8:20 左右（世界標準時間）發生的最新情況。 BSC 和 ETH 上的 FEGtoken 互換合約中的互換到互換 (S2S) 功能存在漏洞。

Read more: DeFi project Delta Prime hacked again — months after private key leak

了解更多： DeFi 專案 Delta Prime 在私鑰洩漏幾個月後再次遭到駭客攻擊

After such a blow, FEG opted to use a third-party solution, locking its token’s liquidity with Team Finance to inspire confidence that users’ money would remain safe.

在遭受這樣的打擊後，FEG 選擇使用第三方解決方案，將其代幣的流動性鎖定在 Team Finance 上，以激發用戶資金安全的信心。

But in October of that same year, the token suffered a loss of almost $2 million when four of these “bulletproof” liquidity locks were exploited due to a fault in the migration system to move liquidity from Uniswap v2 and v3. The incident saw a total of over $15 million lost between the affected teams, though most funds were later returned.

但同年 10 月，由於從 Uniswap v2 和 v3 轉移流動性的遷移系統出現故障，其中四個「防彈」流動性鎖被利用，該代幣遭受了近 200 萬美元的損失。這次事件導致受影響團隊之間總共損失超過 1500 萬美元，不過大部分資金後來都被退回。