|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Moonwell DeFi 是一种在 Optimism 网络上运行的去中心化借贷协议,遭受了闪电贷攻击,导致损失 32 万美元。
DeFi lending protocol Moonwell, operating on the Optimism network, fell victim to a flash loan exploit, leading to a loss of $320,000. The perpetrator targeted the protocol's USDC lending contract, using a malicious contract address disguised as a “mToken.” This act granted unauthorized token approvals, allowing the attacker to siphon funds from Moonwell users.
在 Optimism 网络上运行的 DeFi 借贷协议 Moonwell 成为闪电贷漏洞的受害者,导致损失 32 万美元。犯罪者使用伪装成“mToken”的恶意合约地址,针对该协议的 USDC 借贷合约。该行为授予了未经授权的代币批准,允许攻击者从 Moonwell 用户那里窃取资金。
DeFi lending protocol Moonwell, operating on the Optimism network, fell victim to a flash loan exploit on February 23, 2024. The attacker managed to pilfer $320,000 from the protocol, which was quickly flagged by the platform's security systems. The incident highlighted suspicious funding sources and malicious contract activity, prompting further investigation.
在 Optimism 网络上运行的 DeFi 借贷协议 Moonwell 于 2024 年 2 月 23 日成为闪电贷漏洞的受害者。攻击者成功从该协议中窃取了 32 万美元,该协议很快就被平台的安全系统标记出来。该事件凸显了可疑的资金来源和恶意合同活动,促使进一步调查。
According to on-chain sleuths, the attacker's wallet was pre-funded via Tornado Cash on the Ethereum network. The stolen USDC was strategically swapped for DAI, and at press time, the stolen assets remained in the attacker's wallet, making recovery efforts difficult.
据链上侦探称,攻击者的钱包是通过以太坊网络上的 Tornado Cash 预先提供资金的。被盗的 USDC 被战略性地换成了 DAI,截至发稿时,被盗的资产仍留在攻击者的钱包中,使得恢复工作变得困难。
Flash Loan Exploits Continue to Plague DeFi Protocols
闪电贷漏洞继续困扰 DeFi 协议
Flash loan exploits have emerged as a prominent mode of attack within the decentralized finance (DeFi) ecosystem. In this type of exploit, an attacker can borrow a large sum of cryptocurrency without putting up any upfront collateral. The loan is then used to manipulate a DeFi protocol, often resulting in a profit for the attacker.
闪电贷漏洞已经成为去中心化金融(DeFi)生态系统中的一种重要攻击模式。在这种类型的攻击中,攻击者可以借入大量加密货币,而无需提供任何前期抵押品。然后,这笔贷款被用来操纵 DeFi 协议,通常会为攻击者带来利润。
This particular exploit targeted Moonwell's USDC lending contract, where the attacker used a malicious contract address that was disguised as a “mToken.” This action granted unauthorized token approvals, allowing the attacker to drain funds from Moonwell users.
这一特殊漏洞针对 Moonwell 的 USDC 借贷合约,攻击者使用伪装成“mToken”的恶意合约地址。此操作授予了未经授权的代币批准,允许攻击者从 Moonwell 用户那里榨取资金。
The incident serves as a stark reminder of the ongoing risks that DeFi protocols face, despite undergoing stringent audits and implementing preventive measures. These exploits underscore the critical need for DeFi platforms to continuously monitor, patch, and enhance their security infrastructure.
该事件清楚地提醒人们,尽管 DeFi 协议经过了严格的审计并采取了预防措施,但仍面临着持续的风险。这些漏洞凸显了 DeFi 平台迫切需要持续监控、修补和增强其安全基础设施。
DeFi Biggest Loser in Q1, Centralized Services Follow Suit
第一季度 DeFi 最大输家,中心化服务紧随其后
DeFi protocols accounted for the largest share of stolen assets in the first quarter of 2024, according to a recent report. Centralized service providers, on the other hand, were the most heavily targeted in Q2 and Q3.
根据最近的一份报告,2024 年第一季度 DeFi 协议在被盗资产中所占份额最大。另一方面,中心化服务提供商是第二季度和第三季度最受攻击的目标。
Some of the most notable centralized service hacks included DMM Bitcoin (May 2024, $305 million) and WazirX (July 2024, $234.9 million). Both incidents involved large-scale thefts of user funds, impacting thousands of customers.
一些最著名的中心化服务黑客攻击包括 DMM 比特币(2024 年 5 月,3.05 亿美元)和 WazirX(2024 年 7 月,2.349 亿美元)。这两起事件均涉及用户资金大规模被盗,影响了数千名客户。
Meanwhile, other types of cryptocurrency projects, such as centralized exchanges and NFT marketplaces, also faced significant losses due to exploits and scams throughout the year. These events collectively resulted in the theft of billions of dollars worth of digital assets.
与此同时,其他类型的加密货币项目,例如中心化交易所和 NFT 市场,全年也因漏洞和诈骗而面临重大损失。这些事件总共导致价值数十亿美元的数字资产被盗。
At press time, the Moonwell team had yet to release an official statement regarding the incident or potential user reimbursements. This attack adds to the growing list of high-profile DeFi breaches in 2024, where bad actors have repeatedly exploited protocol loopholes for personal gain.
截至发稿时,Moonwell 团队尚未就该事件或潜在的用户赔偿发布官方声明。这次攻击又增加了 2024 年越来越多的备受瞩目的 DeFi 违规事件,不良行为者多次利用协议漏洞谋取个人利益。
To mitigate future risks and better protect user funds, security experts suggest implementing enhanced multi-layer defenses, conducting regular contract audits, and establishing strong incident response strategies.
为了降低未来风险并更好地保护用户资金,安全专家建议实施增强的多层防御、定期进行合同审计并建立强大的事件响应策略。
免责声明:info@kdj.com
The information provided is not trading advice. kdj.com does not assume any responsibility for any investments made based on the information provided in this article. Cryptocurrencies are highly volatile and it is highly recommended that you invest with caution after thorough research!
If you believe that the content used on this website infringes your copyright, please contact us immediately (info@kdj.com) and we will delete it promptly.
-
- 美国证券交易委员会终于批准了第一只现货比特币和以太坊组合交易所交易基金
- 2024-12-25 09:31:12
- 这一巨大的进步是数字资产和传统金融市场主流化过程中最引人注目的里程碑。
-
- MicroStrategy 安排股东会议批准股票发行策略的变更,为额外的比特币收购提供资金
- 2024-12-25 08:50:04
- 该公司已于 12 月完成了三轮 BTC 购买。