死亡协议从被黑池中泄露加密资金

黑客利用已失效的 DeFi 借贷协议 Yield Protocol 的智能合约中的漏洞，窃取了 181,000 美元的加密资产。尽管 Yield Protocol 在 2023 年 12 月关闭后多次发出平仓和提取资金的警告，但身份不明的攻击者仍然利用矿池代币余额与总供应量之间的差异来执行盗窃。

Hackers Exploit Smart Contract Vulnerability, Draining Funds from Yield Protocol

黑客利用智能合约漏洞，从 Yield Protocol 中抽走资金

Los Angeles, CA – April 10, 2024 – A sophisticated hacking operation has targeted the defunct decentralized finance (DeFi) lending protocol Yield Protocol, resulting in the theft of approximately $181,000 worth of crypto assets. The attack, which exploited a vulnerability in the protocol's smart contracts, has raised concerns about the security of DeFi protocols and the need for robust measures to prevent future breaches.

加利福尼亚州洛杉矶 – 2024 年 4 月 10 日 – 一场复杂的黑客行动针对已失效的去中心化金融 (DeFi) 借贷协议 Yield Protocol，导致价值约 181,000 美元的加密资产被盗。这次攻击利用了该协议智能合约中的漏洞，引发了人们对 DeFi 协议安全性的担忧，并需要采取强有力的措施来防止未来的违规行为。

Yield Protocol, which shut down its operations in December 2023 due to dwindling business demand and regulatory pressures, had repeatedly advised its users to close their positions, withdraw their funds, and repay any outstanding loans. Despite these warnings, an unidentified hacker managed to breach the protocol's security and drain funds from its strategic contracts on the Arbitrum blockchain.

由于业务需求下降和监管压力，Yield Protocol 于 2023 年 12 月关闭了运营，并多次建议其用户平仓、提取资金并偿还任何未偿还贷款。尽管有这些警告，一名身份不明的黑客还是设法破坏了该协议的安全性，并从 Arbitrum 区块链上的战略合约中窃取了资金。

Blockchain investigation firm PeckShield first detected the hack and later confirmed by CertiK. According to CertiK's investigation, the attacker exploited a discrepancy between the pool token balance and total supply, using flash-loaned assets to withdraw additional pool tokens before the discrepancy could be corrected.

区块链调查公司 PeckShield 最先发现了此次黑客攻击，随后得到了 CertiK 的证实。根据 CertiK 的调查，攻击者利用矿池代币余额与总供应量之间的差异，在差异得到纠正之前使用闪贷资产提取额外的矿池代币。

Official support for Yield Protocol ended on February 2, 2024, and given the protocol's past history of recovering from attacks, the likelihood of recovering the stolen funds seems remote.

对 Yield Protocol 的官方支持于 2024 年 2 月 2 日结束，考虑到该协议过去从攻击中恢复的历史，找回被盗资金的可能性似乎很小。

This incident is a stark reminder of the vulnerabilities that exist within DeFi protocols, which often rely on complex smart contract systems to automate financial transactions. While DeFi protocols offer the potential for increased financial freedom and transparency, they also present a tempting target for hackers seeking to exploit weaknesses in their systems.

这一事件清楚地提醒人们，DeFi 协议中存在漏洞，这些协议通常依赖复杂的智能合约系统来实现金融交易的自动化。虽然 DeFi 协议提供了提高财务自由度和透明度的潜力，但它们也为寻求利用其系统弱点的黑客提供了一个诱人的目标。

In March 2023, Yield Protocol was among 10 DeFi protocols that suffered losses in the wake of an attack on the noncustodial lending protocol Euler Finance. Through collaboration with Euler, Yield Protocol was able to fully recover from the flash loan attack by deploying new contracts and resetting the maturities of its fixed-yield tokens.

2023 年 3 月，非托管借贷协议 Euler Finance 遭受攻击后，Yield Protocol 是遭受损失的 10 个 DeFi 协议之一。通过与 Euler 的合作，Yield Protocol 能够通过部署新合约并重置其固定收益代币的到期日，从闪贷攻击中完全恢复。

However, the recent attack on Yield Protocol underscores the need for continuous vigilance and collaboration among DeFi developers, security experts, and law enforcement agencies to prevent and mitigate future breaches.

然而，最近对 Yield Protocol 的攻击凸显了 DeFi 开发人员、安全专家和执法机构之间需要持续保持警惕和合作，以防止和减轻未来的违规行为。

Blockchain security firm Immunefi, in a recent report, noted a 23% decline in losses due to hacking and scams in the first quarter of 2024 compared to the same period in 2023. While this is a positive trend, the report identified 46 hacking incidents and 15 cases of fraudulent activities in the first quarter of this year.

区块链安全公司 Immunefi 在最近的一份报告中指出，与 2023 年同期相比，2024 年第一季度因黑客和诈骗造成的损失下降了 23%。虽然这是一个积极的趋势，但该报告发现了 46 起黑客事件和今年第一季度共发生15起欺诈活动案件。

The report highlighted the cross-chain bridge protocol Orbit Bridge as the most significant victim of a hacking incident, losing approximately $81.7 million.

该报告强调，跨链桥协议 Orbit Bridge 是黑客事件的最大受害者，损失约 8170 万美元。

The challenges faced by DeFi protocols in securing their systems are compounded by the constant evolution of hacking techniques and the increasing sophistication of attackers. As DeFi continues to attract users and investors, it is imperative for protocols to implement robust security measures, conduct thorough audits, and educate users on best practices for protecting their assets.

由于黑客技术的不断发展和攻击者的日益复杂，DeFi 协议在保护系统安全方面面临的挑战变得更加复杂。随着 DeFi 不断吸引用户和投资者，协议必须实施强有力的安全措施，进行彻底的审计，并教育用户保护其资产的最佳实践。

The recent attack on Yield Protocol serves as a wake-up call for the DeFi industry, emphasizing the critical importance of prioritizing security and investing in measures to prevent and respond to hacking incidents. By working together and adopting a proactive approach to security, DeFi protocols can mitigate risks and build trust among users and investors alike.

最近对 Yield Protocol 的攻击给 DeFi 行业敲响了警钟，强调了优先考虑安全性并投资于预防和应对黑客事件的措施的至关重要性。通过共同努力并采取积极主动的安全方法，DeFi 协议可以降低风险并在用户和投资者之间建立信任。