最近黑客分散的金融协议的创始人先生。交易向攻击者发出了情感上的认罪

最近被黑客分散的财务协议的创始人SIR。交易向攻击者发出了情感上的认罪，敦促他们退还大约70％的被盗客户资金。

The founder of recently hacked decentralized finance protocol SIR.trading has issued an emotional plea to the attacker to return around 70% of the stolen customer funds.

最近被黑客分散的财务协议的创始人SIR。交易向攻击者发出了情感上的认罪，要求返回被盗的客户资金的70％。

Without the recovery of these funds, the protocol is unlikely to survive.

没有这些资金的收回，该方案不可能生存。

“Here is my proposal, keep $100k as a fair share for your critical bug find, and return the remaining,” SIR.trading’s pseudonymous founder 'Xatarrer' wrote in a March 31 onchain message to the attacker following the $355,000 hack on March 30.

“这是我的提议，将10万美元作为您的关键错误找到的公平份额，并返回剩余的股份。”

“We’ll call it even. No legal games, no drama.”

“我们甚至会称呼它。没有法律游戏，没有戏剧。”

Xatarrer said that SIR.trading was built on the back of four years of late-night coding and $70,000 from friends and believers without any additional venture capital funding.

Xatarrer说，爵士。交易是建立在四年的深夜编码的后面，从朋友和信徒那里建造了70,000美元，而没有任何额外的风险投资资金。

“It pains me deeply to see you use your skills on this.”

“看到您在这方面使用自己的技能，这让我深感痛苦。”

Xatarrer added that they had nothing but respect for the hacker’s skills and that they were welcome to join the SIR.trading team.

Xatarrer补充说，他们只尊重黑客的技能，欢迎他们加入Sir.Trading团队。

“I’m sure you could help us build something amazing.”

“我敢肯定，您可以帮助我们建造一些惊人的东西。”

Onchain message from SIR.trading founder to the hacker. Source: SIR.trading

爵士的on链信息。贸易创始人到黑客。资料来源：先生

The hacker has yet to respond and has already transferred the stolen funds through to Ethereum privacy solution Railgun, according to data from Ethereum block explorer Etherscan.

根据Ethereum Block Explorer Etherscan的数据，黑客尚未做出回应，并且已经将被盗的资金转移到以太坊隐私解决方案中。

Xatarrer initially said on March 30 that the SIR.trading team intended to keep the protocol up and running despite the setback. “Those impacted by the hack will not be forgotten,” it said on March 31.

Xatarrer最初在3月30日表示，尽管挫折，但Trading团队仍打算保持协议的启动和运行。它在3月31日说：“受黑客攻击的人不会被遗忘。”

Hack resulted from feature added to Ethereum’s Dencun upgrade

hack是由添加到以太坊的dencun升级的功能引起的

The hacker targeted a callback function used in the protocol’s ‘vulnerable contract' Vault which leverages Ethereum’s transient storage feature.

黑客针对协议的“脆弱合同”保险库中使用的回调函数，该库利用以太坊的瞬态存储功能。

The hacker managed to replace the real Uniswap pool address used in this callback function with an address under the hacker’s control, allowing them to redirect the funds in the vault to their address by repeatedly calling the callback function until all of the protocol’s total value locked was drained.

黑客设法用黑客控件下的地址替换了此回调功能中使用的真实uniswap池地址，从而使他们能够通过反复调用回调功能，直到所有协议的总数锁定的所有总值锁定为止。

The transient storage feature was part of the Dencun upgrade to Ethereum which launched in March 2024 and is designed to offer users lower gas fees than gas typically required for regular storage.

瞬态存储功能是Dincun升级到以太坊的一部分，该兴趣于2024年3月推出，旨在为用户提供比常规存储通常所需的气体较低的汽油费用。

SIR.trading’s documentation shows that it was billed as “a new DeFi protocol for safer leverage” to address some of the challenges that often occur in leveraged trading — such as volatility decay and liquidation risks.

先生的文档表明，它被称为“一种新的更安全杠杆的规程”，以应对杠杆交易中经常出现的一些挑战 - 例如波动性衰减和清算风险。

It comes as crypto lost to exploits and scams fell to $28.8M in March, blockchain security firm CertiK said in a March 31 X post.

区块链安全公司Certik在3月31日X帖子中说，这是因为加密货币输给了漏洞，骗局跌至3月的2880万美元。

Around $4.8 million was subtracted from that figure after hackers involved in the 1inch Resolver incident returned the stolen funds.

在涉及1英寸解析器事件的黑客返还了被盗资金之后，该数字从该数字中减去了约480万美元。

Crypto exploits and scams had one of their worst months in February, headlined by the $1.4 billion Bybit hack.

Crypto exploits和Scams在2月的最糟糕的月份之一，以14亿美元的bybit Hack为标题。