|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
雖然Aave 和Maker(現在的Sky)這兩個OG 協議的創始人在享受「DeFi 復興時刻」的同時沉思《星際爭霸》,但該行業的一些不太成熟的項目卻因為錯誤的原因而被載入史冊。
Two decentralized finance (DeFi) protocols were hacked on Friday for a combined total of over $5 million, while compromised wallets saw a further $5 million drained on Wednesday.
週五,兩個去中心化金融 (DeFi) 協議遭到駭客攻擊,損失總額超過 500 萬美元,而周三,受攻擊的錢包又損失了 500 萬美元。
While the founders of two OG protocols, Aave and Maker (now Sky), enjoyed a game of Starcraft and reveled in a “DeFi renaissance moment,” some of the sector’s less well-established projects were going down in history for the wrong reasons.
雖然Aave 和Maker(現在的Sky)這兩個OG 協議的創始人都在享受星際爭霸遊戲並陶醉於“DeFi 復興時刻”,但該行業的一些不太成熟的項目卻因為錯誤的原因而被載入史冊。
Repeat DeFi hack or a new bug?
重複 DeFi 駭客攻擊還是新錯誤?
First up was Onyx Protocol, whose $3.8 million loss was initially thought to be a repeat of the well-known bug that drained $2.1 million from the project toward the back end of last year.
首先是 Onyx Protocol,其 380 萬美元的損失最初被認為是去年年底該項目損失 210 萬美元的眾所周知的錯誤的重複。
Hi @OnyxDAO, you may want to take a look pic.twitter.com/fcU6fHP4jr
嗨@OnyxDAO,您可能想看看 pic.twitter.com/fcU6fHP4jr
Read more: Compound DAO asleep at the wheel as $25M governance ‘attack’ passes
閱讀更多:隨著 2500 萬美元的治理「攻擊」過去,Compound DAO 沉睡了
Onyx is a fork of Compound Finance, which contains an infamous vulnerability in which freshly-launched, empty lending markets are briefly left open to a price manipulation attack, if not handled correctly.
Onyx是Compound Finance的一個分支,它包含一個臭名昭著的漏洞,如果處理不當,新推出的空貸款市場會短暫地遭受價格操縱攻擊。
Given the popularity of Compound’s v2 codebase with fast-forking DeFi devs, the bug is exploited with alarming regularity across the sector, and was initially identified as having been the cause of Onyx’s latest loss.
鑑於Compound v2程式碼庫在快速分叉的DeFi開發者中很受歡迎,該漏洞在整個行業中被利用的頻率令人震驚,最初被認為是造成Onyx最近虧損的原因。
However, as the team pointed out in a ‘post-mortem’ thread on X (formerly Twitter), this time the vulnerability also lay in the platform’s ‘NFT Liquidation contract.’ The attacker was able to drain the vUSD stablecoin, which was then sold off, causing it to depeg.
然而,正如該團隊在 X(以前稱為 Twitter)上的「事後分析」貼文中指出的那樣,這次漏洞也存在於該平台的「NFT 清算合約」中。攻擊者能夠耗盡 vUSD 穩定幣,然後該穩定幣被拋售,導致其脫鉤。
Something’s not adding up
有些東西沒有加起來
Next came ‘bitcoin restaking’ protocol Bedrock, which appeared to be overly bullish on ETH, costing it around $2 million.
接下來是「比特幣重新抵押」協議 Bedrock,該協議似乎過度看好 ETH,導致其損失約 200 萬美元。
uniBTC by @Bedrock_DeFi was exploited today. The vulnerability allowed for you to mint uniBTC with eth! This function was likely leftover from the uniETH implementation 😅 @spreekaway pic.twitter.com/Xj69wQg2GX
@Bedrock_DeFi 的 uniBTC 今天被利用。該漏洞允許您使用 eth 鑄造 uniBTC!此函數可能是 uniETH 實作遺留下來的 😅 @spreekaway pic.twitter.com/Xj69wQg2GX
Read more: ‘Cryptographic performance art’ drains contract one block after launch
閱讀更多:「加密表演藝術」在推出後耗盡了合約一個區塊
The faulty code allowed users to mint Bedrock’s uniBTC token at a 1:1 ratio with staked ETH tokens, not taking into account the price difference between the two assets (valued at the time at approximately $65,000 vs $2,650, respectively).
有缺陷的代碼允許用戶以 1:1 的比例與質押的 ETH 代幣鑄造 Bedrock 的 uniBTC 代幣,而不考慮兩種資產之間的價格差異(當時的價值分別約為 65,000 美元和 2,650 美元)。
The uniBTC tokens were then sold off for an alternative wrapped bitcoin token, for a return of almost 25x.
然後,uniBTC 代幣被出售為另一種包裝的比特幣代幣,回報率接近 25 倍。
Crypto security auditor Dedaub claims to have identified the vulnerability in advance, stating that such a simple bug could be discovered and exploited automatically by ‘fuzzing bots.’
加密安全審計員 Dedaub 聲稱已經提前發現了該漏洞,並表示這樣一個簡單的錯誤可以被「模糊測試機器人」自動發現和利用。
Despite warning the Bedrock team two hours before the attack, there was no response due time zone differences. However, by raising the issue separately with Pendle, a platform with $30 million of exposure to uniBTC, further losses were successfully averted.
儘管在襲擊發生前兩小時向基岩團隊發出了警告,但由於時區差異,他們沒有做出任何回應。然而,透過單獨向 Pendle(一個擁有 3000 萬美元 uniBTC 敞口的平台)提出問題,成功避免了進一步的損失。
The Bedrock team responded to the incident, reassuring users that all uniBTC collateral remains intact. It estimated the losses at “approximately $2 million (mostly in DEX LPs),” adding that a “comprehensive reimbursement plan is being finalized.”
Bedrock 團隊對這一事件做出了回應,向用戶保證所有 uniBTC 抵押品均完好無損。它估計損失“約 200 萬美元(主要是 DEX LP)”,並補充說“全面的賠償計劃正在敲定”。
Compromised keys?
密鑰受損?
On Wednesday, real-world-asset-focused Truflation warned of “some abnormal activity,” which it attributed to a malware attack.
週三,專注於現實世界資產的 Truflation 警告稱,存在“一些異常活動”,並將其歸因於惡意軟體攻擊。
On September 25th, 2024, the Truflation team detected some abnormal activity. An attacker launched an attack using malware. We are currently monitoring the situation and are taking measures to protect funds while we are investigating and working with law enforcement. The…
2024 年 9 月 25 日,Truflation 團隊偵測到一些異常活動。攻擊者使用惡意軟體發動了攻擊。我們目前正在監控局勢,並在調查和與執法部門合作的同時採取措施保護資金。這…
Read more: Chelsea FC sponsor BingX tried to hide $40M hack behind ‘wallet maintenance’
閱讀更多:切爾西足球俱樂部贊助商 BingX 試圖在“錢包維護”背後隱藏 4000 萬美元的黑客攻擊
Blockchain investigator ZachXBT traced total losses of over $5 million from addresses identified as the project’s “treasury multisig and personal wallets,” providing a list of addresses via his Investigations Telegram channel.
區塊鏈調查員 ZachXBT 追蹤到該專案「財務多重簽名和個人錢包」地址的總損失超過 500 萬美元,並透過他的 Investigations Telegram 頻道提供了地址清單。
While the initial disclosure was scant on details, it does mention a reward to any whitehats able to aid the investigation. This was followed up with an on-chain message to the hacker, offering a 10% ‘bounty’ for the return of the funds.
雖然最初披露的細節很少,但它確實提到了對任何能夠協助調查的白帽分子的獎勵。隨後向駭客發送一條鏈上訊息,為返還資金提供 10% 的「賞金」。
Assuming funds aren’t returned before 8am (UTC) on Saturday, the bounty will be opened up to the public in return for information leading to a conviction.
假設資金在周六上午 8 點(世界標準時間)之前未歸還,賞金將向公眾開放,以換取導致定罪的資訊。
Got a tip? Send us an email or ProtonMail. For more informed news, follow us on X, Instagram, Bluesky, and Google News, or subscribe to our YouTube channel.
有小費嗎?給我們發送電子郵件或 ProtonMail。如需了解更多訊息,請在 X、Instagram、Bluesky 和 Google News 上關注我們,或訂閱我們的 YouTube 頻道。
Disclaimer:info@kdj.com
The information provided is not trading advice. kdj.com does not assume any responsibility for any investments made based on the information provided in this article. Cryptocurrencies are highly volatile and it is highly recommended that you invest with caution after thorough research!
If you believe that the content used on this website infringes your copyright, please contact us immediately (info@kdj.com) and we will delete it promptly.
-
- 隨著 XRP 帳本區塊鏈的用戶參與度下降,XRP 難以跟上更廣泛的加密貨幣市場反彈的步伐
- 2024-09-28 06:20:02
- XRP 一直難以跟上上週聯準會降息後開始的更廣泛的加密貨幣市場上漲的步伐。
-
- 《紐約時報》「連結」謎題:以下是 9 月 28 日的類別和答案
- 2024-09-28 06:20:02
- Connections 是《紐約時報》的益智遊戲,玩家必須找出不同單字之間的“聯繫”,並將它們排列成四個一組。
-
- 熱門加密貨幣專家 Sherpa 表達了對 RWA 代幣 MANTRA (OM) 的看漲情緒,並分享了對 SOL、FTM 和 SUI 的看法
- 2024-09-28 06:20:02
- Sherpa 預測 RWA 區塊鏈的原生代幣 MANTRA (OM) 可能會比目前價格上漲 16% 左右
-
- Mango Markets 同意在 SEC 和解中銷毀 MNGO 代幣
- 2024-09-28 06:20:02
- Mango DAO、Mango Labs 和 Blockworks 基金會週五同意與美國證券交易委員會達成和解。
-
- 加密貨幣分析師表示,狗狗幣(DOGE)的競爭對手 Dogwifhat(WIF)看起來已準備好飆升
- 2024-09-28 06:20:02
- 一位廣受關注的加密貨幣分析師表示,一種以狗為主題的迷因幣在短短十個月內就實現了六位數的漲幅,正處於另一次突破的邊緣。
-
- 狗狗幣(DOGE)因指標訊號看漲突破而準備價格上漲
- 2024-09-28 06:20:02
- 一位受歡迎的加密貨幣交易員表示,一系列指標表明頂級迷因資產狗狗幣(DOGE)可能會迎來價格上漲。
-
- Shiba Inu (SHIB) 在過去 24 小時內飆升超過 20%,接近臨界阻力位
- 2024-09-28 06:20:02
- 柴犬 [SHIB] 最近經歷了價格大幅上漲,接近突破另一個關鍵阻力位。這種上升趨勢引起了越來越多的關注,使 SHIB 成為最熱門的加密貨幣之一。
-
- SUI 和 BNB 一直成為頭條新聞,但真正的焦點是圍繞 BlockDAG 的預售
- 2024-09-28 06:20:02
- 這份綜合指南將深入探討投資這些加密貨幣的複雜性,揭開炒作,並為您提供潛在提高投資成果所需的策略性見解。
-
- 比特幣在回吐漲幅之前最高達到 6.65 萬美元,以太幣也飆升
- 2024-09-28 06:20:02
- 週五中午前,比特幣價格達到 66,500 美元左右的峰值,隨後回吐漲幅,維持在 66,000 美元左右。領先的加密貨幣尚未達到