|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Moonwell DeFi 是一種在 Optimism 網路上運行的去中心化借貸協議,遭受了閃電貸攻擊,導致損失 32 萬美元。
DeFi lending protocol Moonwell, operating on the Optimism network, fell victim to a flash loan exploit, leading to a loss of $320,000. The perpetrator targeted the protocol's USDC lending contract, using a malicious contract address disguised as a “mToken.” This act granted unauthorized token approvals, allowing the attacker to siphon funds from Moonwell users.
在 Optimism 網路上運行的 DeFi 借貸協議 Moonwell 成為閃電貸漏洞的受害者,導致損失 32 萬美元。犯罪者使用偽裝成「mToken」的惡意合約地址,針對該協議的 USDC 借貸合約。該行為授予了未經授權的代幣批准,允許攻擊者從 Moonwell 用戶那裡竊取資金。
DeFi lending protocol Moonwell, operating on the Optimism network, fell victim to a flash loan exploit on February 23, 2024. The attacker managed to pilfer $320,000 from the protocol, which was quickly flagged by the platform's security systems. The incident highlighted suspicious funding sources and malicious contract activity, prompting further investigation.
在Optimism 網路上運行的DeFi 借貸協議Moonwell 於2024 年2 月23 日成為閃電貸漏洞的受害者。 。這事件凸顯了可疑的資金來源和惡意合約活動,促使進一步調查。
According to on-chain sleuths, the attacker's wallet was pre-funded via Tornado Cash on the Ethereum network. The stolen USDC was strategically swapped for DAI, and at press time, the stolen assets remained in the attacker's wallet, making recovery efforts difficult.
據鏈上偵探稱,攻擊者的錢包是透過以太坊網路上的 Tornado Cash 預先提供資金的。被盜的 USDC 被策略性地換成了 DAI,截至發稿時,被盜的資產仍留在攻擊者的錢包中,使得恢復工作變得困難。
Flash Loan Exploits Continue to Plague DeFi Protocols
閃電貸漏洞持續困擾 DeFi 協議
Flash loan exploits have emerged as a prominent mode of attack within the decentralized finance (DeFi) ecosystem. In this type of exploit, an attacker can borrow a large sum of cryptocurrency without putting up any upfront collateral. The loan is then used to manipulate a DeFi protocol, often resulting in a profit for the attacker.
閃電貸漏洞已經成為去中心化金融(DeFi)生態系統中的重要攻擊模式。在這種類型的攻擊中,攻擊者可以藉入大量加密貨幣,而無需提供任何前期抵押品。然後,這筆貸款被用來操縱 DeFi 協議,通常會為攻擊者帶來利潤。
This particular exploit targeted Moonwell's USDC lending contract, where the attacker used a malicious contract address that was disguised as a “mToken.” This action granted unauthorized token approvals, allowing the attacker to drain funds from Moonwell users.
這個特殊漏洞針對 Moonwell 的 USDC 借貸合約,攻擊者使用偽裝成「mToken」的惡意合約地址。此操作授予了未經授權的代幣批准,允許攻擊者從 Moonwell 用戶那裡榨取資金。
The incident serves as a stark reminder of the ongoing risks that DeFi protocols face, despite undergoing stringent audits and implementing preventive measures. These exploits underscore the critical need for DeFi platforms to continuously monitor, patch, and enhance their security infrastructure.
該事件清楚地提醒人們,儘管 DeFi 協議經過了嚴格的審計並採取了預防措施,但仍面臨持續的風險。這些漏洞凸顯了 DeFi 平台迫切需要持續監控、修補和增強其安全基礎架構。
DeFi Biggest Loser in Q1, Centralized Services Follow Suit
第一季 DeFi 最大輸家,中心化服務緊隨其後
DeFi protocols accounted for the largest share of stolen assets in the first quarter of 2024, according to a recent report. Centralized service providers, on the other hand, were the most heavily targeted in Q2 and Q3.
根據最近的一份報告,2024 年第一季 DeFi 協議在被盜資產中所佔份額最大。另一方面,中心化服務提供者是第二季和第三季最受攻擊的目標。
Some of the most notable centralized service hacks included DMM Bitcoin (May 2024, $305 million) and WazirX (July 2024, $234.9 million). Both incidents involved large-scale thefts of user funds, impacting thousands of customers.
一些最著名的中心化服務駭客攻擊包括 DMM 比特幣(2024 年 5 月,3.05 億美元)和 WazirX(2024 年 7 月,2.349 億美元)。這兩起事件都涉及用戶資金大規模被盜,影響了數千名客戶。
Meanwhile, other types of cryptocurrency projects, such as centralized exchanges and NFT marketplaces, also faced significant losses due to exploits and scams throughout the year. These events collectively resulted in the theft of billions of dollars worth of digital assets.
同時,其他類型的加密貨幣項目,例如中心化交易所和 NFT 市場,全年也因漏洞和詐騙而面臨重大損失。這些事件總共導致價值數十億美元的數位資產被盜。
At press time, the Moonwell team had yet to release an official statement regarding the incident or potential user reimbursements. This attack adds to the growing list of high-profile DeFi breaches in 2024, where bad actors have repeatedly exploited protocol loopholes for personal gain.
截至發稿時,Moonwell 團隊尚未就該事件或潛在的用戶賠償發布官方聲明。這次攻擊又增加了 2024 年越來越多的備受矚目的 DeFi 違規事件,不良行為者多次利用協議漏洞謀取個人利益。
To mitigate future risks and better protect user funds, security experts suggest implementing enhanced multi-layer defenses, conducting regular contract audits, and establishing strong incident response strategies.
為了降低未來風險並更好地保護用戶資金,安全專家建議實施增強的多層防禦、定期進行合約審計並建立強大的事件回應策略。
免責聲明:info@kdj.com
The information provided is not trading advice. kdj.com does not assume any responsibility for any investments made based on the information provided in this article. Cryptocurrencies are highly volatile and it is highly recommended that you invest with caution after thorough research!
If you believe that the content used on this website infringes your copyright, please contact us immediately (info@kdj.com) and we will delete it promptly.
-
- 美國證券交易委員會終於批准了第一隻現貨比特幣和以太坊組合交易所交易基金
- 2024-12-25 09:31:12
- 這一巨大的進步是數位資產和傳統金融市場主流化過程中最引人注目的里程碑。
-
- MicroStrategy 安排股東會議批准股票發行策略的變更,為額外的比特幣收購提供資金
- 2024-12-25 08:50:04
- 該公司已於 12 月完成了三輪 BTC 購買。