駭客瞄準 DeFi 協議，Nexera 遭受駭客攻擊，損失 150 萬美元

據區塊鏈安全公司 Cyvers 稱，8 月 7 日，DeFi 協議 Nexera 遭到駭客攻擊，損失達 150 萬美元。它在 X 帖子中披露了該漏洞

DeFi protocol Nexera was hacked for $1.5 million on August 7, blockchain security firm Cyvers revealed in an X post on Monday.

區塊鏈安全公司 Cyvers 週一在 X 貼文中透露，8 月 7 日，DeFi 協議 Nexera 遭到駭客攻擊，損失達 150 萬美元。

"Hey @Nexera_Official,

「嘿@Nexera_Official，

Our system has detected a suspicious transaction involving your proxy contract.

我們的系統偵測到涉及您的代理合約的可疑交易。

An address took ownership of your proxy contract and upgraded it. Shortly after, the address used the withdraw admin function to transfer all the $NXRA tokens."

一個地址取得了您的代理合約的所有權並對其進行了升級。不久之後，該地址使用提款管理功能轉移了所有 $NXRA 代幣。

Nexera connects DeFi with traditional finance, enabling the tokenizing of real-world and digital assets for on-chain benefits. In this case, the hacker managed to hijack Nexera’s contracts and alter them to withdraw $1.5 million worth of NXRA, the platform’s native tokens.

Nexera 將 DeFi 與傳統金融連接起來，實現現實世界和數位資產的代幣化，以獲得鏈上利益。在這種情況下，駭客成功劫持了 Nexera 的合約並對其進行了修改，以提取價值 150 萬美元的 NXRA（該平台的原生代幣）。

Following the hack, the bad actor traded the stolen NXRA for ETH in order to mask their tracks. Hackers often convert stolen assets to ETH to access mixer services like Tornado Cash that work to obfuscate its users’ fund flows, thereby letting criminals get away with their ill-gotten proceeds. This hacker has also bridged the ETH to the BNB chain.

在駭客攻擊後，壞人將被盜的 NXRA 換成 ETH，以掩蓋他們的蹤跡。駭客經常將偷來的資產轉換為 ETH，以訪問 Tornado Cash 等混合服務，這些服務會混淆用戶的資金流，從而讓犯罪分子逃脫不義之財。該駭客還將 ETH 橋接至 BNB 鏈。

Cyvers added, "The address is currently selling all the tokens for $ETH, and some of the funds have already been bridged to the $BNB chain."

Cyvers 補充道，“該地址目前正在以 ETH 價格出售所有代幣，部分資金已橋接至 BNB 鏈。”

But the story doesn’t end there. On-chain data reveals this exploit was not the hacker’s first rodeo. Transaction history from their wallet reveals that they are associated with multiple exploits from the past.

但故事並沒有就此結束。鏈上數據顯示，該漏洞並不是駭客的第一次表演。他們錢包中的交易歷史記錄顯示，他們與過去的多次漏洞有關。

Blockchain sleuth ZachXTB uncovered the fact, "Attacker is connected on-chain to recent private key compromise incidents such as SpaceCatch, Concentric Finance, OKX DEX, Serenity Shield, Reach, and many more."

區塊鏈偵探 ZachXTB 發現了這樣一個事實：“攻擊者在鏈上與最近的私鑰洩露事件有關，例如 SpaceCatch、Concentric Finance、OKX DEX、Serenity Shield、Reach 等等。”

This marks yet another hack in a series of such incidents that have occurred recently. For instance, numerous successful attacks took place last month.

這標誌著最近發生的一系列此類事件中的又一起駭客事件。例如，上個月發生了許多成功的攻擊。

WazirX was the victim of a $230 million exploit, Convergence was exploited for $212,000, and LI.FI had over $11 million drained from its contracts.

WazirX 被利用了 2.3 億美元，Convergence 被利用了 212,000 美元，LI.FI 的合約被盜走了超過 1100 萬美元。