最近黑客分散的金融協議的創始人先生。交易向攻擊者發出了情感上的認罪

最近被黑客分散的財務協議的創始人SIR。交易向攻擊者發出了情感上的認罪，敦促他們退還大約70％的被盜客戶資金。

The founder of recently hacked decentralized finance protocol SIR.trading has issued an emotional plea to the attacker to return around 70% of the stolen customer funds.

最近被黑客分散的財務協議的創始人SIR。交易向攻擊者發出了情感上的認罪，要求返回被盜的客戶資金的70％。

Without the recovery of these funds, the protocol is unlikely to survive.

沒有這些資金的收回，該方案不可能生存。

“Here is my proposal, keep $100k as a fair share for your critical bug find, and return the remaining,” SIR.trading’s pseudonymous founder 'Xatarrer' wrote in a March 31 onchain message to the attacker following the $355,000 hack on March 30.

“這是我的提議，將10萬美元作為您的關鍵錯誤找到的公平份額，並返回剩餘的股份。”

“We’ll call it even. No legal games, no drama.”

“我們甚至會稱呼它。沒有法律遊戲，沒有戲劇。”

Xatarrer said that SIR.trading was built on the back of four years of late-night coding and $70,000 from friends and believers without any additional venture capital funding.

Xatarrer說，爵士。交易是建立在四年的深夜編碼的後面，從朋友和信徒那裡建造了70,000美元，而沒有任何額外的風險投資資金。

“It pains me deeply to see you use your skills on this.”

“看到您在這方面使用自己的技能，這讓我深感痛苦。”

Xatarrer added that they had nothing but respect for the hacker’s skills and that they were welcome to join the SIR.trading team.

Xatarrer補充說，他們只尊重黑客的技能，歡迎他們加入Sir.Trading團隊。

“I’m sure you could help us build something amazing.”

“我敢肯定，您可以幫助我們建造一些驚人的東西。”

Onchain message from SIR.trading founder to the hacker. Source: SIR.trading

爵士的on鏈信息。貿易創始人到黑客。資料來源：先生

The hacker has yet to respond and has already transferred the stolen funds through to Ethereum privacy solution Railgun, according to data from Ethereum block explorer Etherscan.

根據Ethereum Block Explorer Etherscan的數據，黑客尚未做出回應，並且已經將被盜的資金轉移到以太坊隱私解決方案中。

Xatarrer initially said on March 30 that the SIR.trading team intended to keep the protocol up and running despite the setback. “Those impacted by the hack will not be forgotten,” it said on March 31.

Xatarrer最初在3月30日表示，儘管挫折，但Trading團隊仍打算保持協議的啟動和運行。它在3月31日說：“受黑客攻擊的人不會被遺忘。”

Hack resulted from feature added to Ethereum’s Dencun upgrade

hack是由添加到以太坊的dencun升級的功能引起的

The hacker targeted a callback function used in the protocol’s ‘vulnerable contract' Vault which leverages Ethereum’s transient storage feature.

黑客針對協議的“脆弱合同”保險庫中使用的回調函數，該庫利用以太坊的瞬態存儲功能。

The hacker managed to replace the real Uniswap pool address used in this callback function with an address under the hacker’s control, allowing them to redirect the funds in the vault to their address by repeatedly calling the callback function until all of the protocol’s total value locked was drained.

黑客設法用黑客控件下的地址替換了此回調功能中使用的真實uniswap池地址，從而使他們能夠通過反複調用回調功能，直到所有協議的總數鎖定的所有總值鎖定為止。

The transient storage feature was part of the Dencun upgrade to Ethereum which launched in March 2024 and is designed to offer users lower gas fees than gas typically required for regular storage.

瞬態存儲功能是Dincun升級到以太坊的一部分，該興趣於2024年3月推出，旨在為用戶提供比常規存儲通常所需的氣體較低的汽油費用。

SIR.trading’s documentation shows that it was billed as “a new DeFi protocol for safer leverage” to address some of the challenges that often occur in leveraged trading — such as volatility decay and liquidation risks.

先生的文檔表明，它被稱為“一種新的更安全槓桿的規程”，以應對槓桿交易中經常出現的一些挑戰 - 例如波動性衰減和清算風險。

It comes as crypto lost to exploits and scams fell to $28.8M in March, blockchain security firm CertiK said in a March 31 X post.

區塊鏈安全公司Certik在3月31日X帖子中說，這是因為加密貨幣輸給了漏洞，騙局跌至3月的2880萬美元。

Around $4.8 million was subtracted from that figure after hackers involved in the 1inch Resolver incident returned the stolen funds.

在涉及1英寸解析器事件的黑客返還了被盜資金之後，該數字從該數字中減去了約480萬美元。

Crypto exploits and scams had one of their worst months in February, headlined by the $1.4 billion Bybit hack.

Crypto exploits和Scams在2月的最糟糕的月份之一，以14億美元的bybit Hack為標題。