|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Delta Prime 是在 Arbitrum 网络上运行的 DeFi 平台,已成为黑客利用漏洞进行重大网络攻击的受害者
A DeFi platform on the Arbitrum network, Delta Prime, has fallen victim to a major cyberattack. According to on-chain data, a hacker exploited a vulnerability in the platform’s token minting system, managing to drain over $6 million from its liquidity pools.
Arbitrum 网络上的 DeFi 平台 Delta Prime 已成为重大网络攻击的受害者。根据链上数据,一名黑客利用该平台代币铸造系统的漏洞,成功从其流动性池中抽走超过 600 万美元。
The breach began when the attacker gained control of Delta Prime’s admin account, likely by stealing a developer’s private key. With access to the admin wallet, the attacker used the platform’s upgrade function to modify several liquidity pool contracts. These contracts were linked to proxy addresses, a mechanism designed to allow developers to implement software upgrades.
当攻击者获得 Delta Prime 管理员帐户的控制权时,漏洞就开始了,很可能是通过窃取开发人员的私钥。通过访问管理员钱包,攻击者利用平台的升级功能修改了多个流动性池合约。这些合约链接到代理地址,这是一种旨在允许开发人员实现软件升级的机制。
However, instead of upgrading the software, the attacker pointed the contracts to malicious versions that allowed them to mint arbitrarily large numbers of tokens. According to blockchain data from block explorer Arbiscan, the hacker initially minted over 115 duovigintillion Delta Prime USD (DPUSDC) tokens. In scientific notation, this astronomical figure is represented as 1.1*10^69.
然而,攻击者没有升级软件,而是将合约指向恶意版本,从而允许他们铸造任意数量的代币。根据区块浏览器 Arbiscan 的区块链数据,黑客最初铸造了超过 115 个 duovigintillion Delta Prime USD (DPUSDC) 代币。用科学计数法来说,这个天文数字表示为1.1*10^69。
DPUSDC is a deposit receipt token for the USDC stablecoin, intended to be redeemable at a 1:1 ratio. Despite minting a massive amount of DPUSDC, the hacker only went on to redeem $2.4 million worth of USDC.
DPUSDC 是 USDC 稳定币的存款收据代币,可按 1:1 的比例兑换。尽管铸造了大量的 DPUSDC,但黑客仅赎回了价值 240 万美元的 USDC。
The same exploit was applied to other deposit receipt tokens, including Delta Prime Wrapped Bitcoin (DPBTCb), Delta Prime Wrapped Ether (DPWETH), and Delta Prime Arbitrum (DPARB). The attacker minted massive quantities of these tokens and redeemed a small fraction, ultimately stealing over $6 million in assets, including BTC, ETH, ARBI, and USDC.
同样的漏洞也适用于其他存款收据代币,包括 Delta Prime Wrapped Bitcoin (DPBTCb)、Delta Prime Wrapped Ether (DPWETH) 和 Delta Prime Arbitrum (DPARB)。攻击者铸造了大量这些代币并赎回了一小部分,最终窃取了超过 600 万美元的资产,包括 BTC、ETH、ARBI 和 USDC。
Cyvers, an on-chain security platform, was one of the first to report the attack, warning that the losses initially stood at $4.5 million but quickly escalated as the hacker continued draining pools.
链上安全平台 Cyvers 是最早报告此次攻击的平台之一,并警告称损失最初为 450 万美元,但随着黑客继续耗尽资金池,损失迅速扩大。
ALERT
警报
@DeltaPrimeDefi has faced a security incident on their admin keys. Attacker had control on the private key of 0x40e4ff9e018462ce71fa34abdfa27b8c5e2b1afbthen he upgraded the proxy!
@DeltaPrimeDefi 的管理密钥面临安全事件。攻击者控制了0x40e4ff9e018462ce71fa34abdfa27b8c5e2b1afb的私钥,然后升级了代理!
So far $5.93M has been drained!
到目前为止$593万已经被耗尽!
Want to keep your company off our alerts radar? Learn… https://t.co/yOmNZJyp5l pic.twitter.com/lztFvXVmfI
想让您的公司远离我们的警报雷达吗?学习… https://t.co/yOmNZJyp5l pic.twitter.com/lztFvXVmfI
— Cyvers Alerts (@CyversAlerts) September 16, 2024
- Cyvers Alerts (@CyversAlerts) 2024 年 9 月 16 日
Later, blockchain security specialist Chaofan Shou confirmed that the total theft amounted to approximately $6 million.
随后,区块链安全专家手超凡确认,盗窃总额约为 600 万美元。
Delta Prime @DeltaPrimeDefi admin private key leaked. All pools are drained. $7M loss already. Withdraw ASAP!https://t.co/uNn5nZoHp3 pic.twitter.com/se3RebRjpX
Delta Prime @DeltaPrimeDefi 管理员私钥泄露。所有水池均已排干。已经损失了 700 万美元。尽快撤回!https://t.co/uNn5nZoHp3 pic.twitter.com/se3RebRjpX
— Chaofan Shou (@shoucccc) September 16, 2024
— Chaofan Shou (@shoucccc) September 16, 2024
This incident highlights the risks associated with upgradable contracts in the DeFi ecosystem. While upgradable contracts allow developers to fix bugs post-deployment, they introduce a centralization risk if an admin account is compromised, as seen in the Delta Prime hack.
这一事件凸显了 DeFi 生态系统中与可升级合约相关的风险。虽然可升级合约允许开发人员在部署后修复错误,但如果管理员帐户受到威胁,它们就会带来中心化风险,正如 Delta Prime 黑客事件中所见。
The attack on Delta Prime is part of a growing trend of high-profile DeFi breaches, with experts warning that future targets could include even larger institutions, such as Bitcoin exchange-traded funds, which hold billions in digital assets.
对 Delta Prime 的攻击是备受瞩目的 DeFi 漏洞日益增长的趋势的一部分,专家警告称,未来的目标可能包括更大的机构,例如持有数十亿数字资产的比特币交易所交易基金。
免责声明:info@kdj.com
所提供的信息并非交易建议。根据本文提供的信息进行的任何投资,kdj.com不承担任何责任。加密货币具有高波动性,强烈建议您深入研究后,谨慎投资!
如您认为本网站上使用的内容侵犯了您的版权,请立即联系我们(info@kdj.com),我们将及时删除。
-
- 5 种新的加密货币可以让你的钱增值 10 倍或 100 倍
- 2024-09-25 00:45:01
- 加密货币交易者总是在寻找新的机会,让自己的资金增值 10 倍和 100 倍。今天,我们将关注 Pepe、Ripple、BNB、FET 和 Cutoshi 这五种代币,看看哪一种最有可能获得巨额收益。
-
- 比特币 (BTC) 周一飙升至 64,000 美元以上,升至 64,400 美元高位,然后回落至当前水平
- 2024-09-25 00:25:01
-
- Dogecoin (DOGE) vs GoodEgg (GEGG):哪种 Meme 币在 2024 年会表现更好?
- 2024-09-25 00:25:01
- 多年来,狗狗币 (DOGE) 一直是模因币之王,以其俏皮的柴犬吉祥物和
-
- 开放艺术 (TONX) – 创新与表达自由相遇的夜晚
- 2024-09-25 00:25:01
- Open Art 由 Blum、TONX 和 TON Society 在 Token2049 期间主办,是一场让与会者沉浸在创新与表达自由相遇的夜晚的活动。
-
- Lunex (LNEX) 网络:一种革命性的 DeFi 协议,将所有孤立的区块链连接到一个非托管交易所
- 2024-09-25 00:15:02
- 加密货币市场有几个 DeFi 交易所,例如 Uniswap 和 PancakeSwap,但这些交易所都不允许用户跨不同的区块链交换加密货币。
-
- 美联储降息后 SUI 和 AVAX 飙升:下一步是什么?
- 2024-09-25 00:15:02
- 最近的联邦降息被许多人视为坏消息,但对于 Sui (SUI) 和 Avalanche (AVAX) 等加密货币来说实际上是因祸得福。
-
- Ripple (XRP) 价格预测:XRP 能否很快带来爆炸性的价格上涨?
- 2024-09-25 00:15:02
- 仔细观察加密货币市场就会发现,许多数字资产在为今年最后一个季度做准备时取得了巨大的收益。
-
- ALEO 空投已上线 — 索取您的免费代币!
- 2024-09-25 00:15:02
- 领取您的区块链 ALEO 代币非常简单!只需遵循这些快速步骤即可立即开始使用您的代币。
-
- 马龙·林 (Malone Lam) 正在流行,这一次是作为一个热门模因,已成为去中心化交易所的顶级交易对之一
- 2024-09-25 00:15:02
- 链上数据显示,Raydium DEX 上的 Malone/Solana(SOL)交易对 24 小时内暴涨超过 1000%。