黑客瞄准 DeFi 协议，Nexera 遭受黑客攻击，损失 150 万美元

据区块链安全公司 Cyvers 称，DeFi 协议 Nexera 于 8 月 7 日遭到黑客攻击，损失达 150 万美元。它在 X 帖子中披露了该漏洞

DeFi protocol Nexera was hacked for $1.5 million on August 7, blockchain security firm Cyvers revealed in an X post on Monday.

区块链安全公司 Cyvers 周一在 X 帖子中透露，8 月 7 日，DeFi 协议 Nexera 遭到黑客攻击，损失达 150 万美元。

"Hey @Nexera_Official,

“嘿@Nexera_Official，

Our system has detected a suspicious transaction involving your proxy contract.

我们的系统检测到涉及您的代理合同的可疑交易。

An address took ownership of your proxy contract and upgraded it. Shortly after, the address used the withdraw admin function to transfer all the $NXRA tokens."

一个地址取得了您的代理合约的所有权并对其进行了升级。不久之后，该地址使用提款管理功能转移了所有 $NXRA 代币。”

Nexera connects DeFi with traditional finance, enabling the tokenizing of real-world and digital assets for on-chain benefits. In this case, the hacker managed to hijack Nexera’s contracts and alter them to withdraw $1.5 million worth of NXRA, the platform’s native tokens.

Nexera 将 DeFi 与传统金融连接起来，实现现实世界和数字资产的代币化，以获得链上利益。在这种情况下，黑客成功劫持了 Nexera 的合约并对其进行了修改，以提取价值 150 万美元的 NXRA（该平台的原生代币）。

Following the hack, the bad actor traded the stolen NXRA for ETH in order to mask their tracks. Hackers often convert stolen assets to ETH to access mixer services like Tornado Cash that work to obfuscate its users’ fund flows, thereby letting criminals get away with their ill-gotten proceeds. This hacker has also bridged the ETH to the BNB chain.

黑客攻击后，坏人将被盗的 NXRA 换成 ETH，以掩盖他们的踪迹。黑客经常将偷来的资产转换为 ETH，以访问 Tornado Cash 等混合服务，这些服务会混淆用户的资金流，从而让犯罪分子逃脱其不义之财。该黑客还将 ETH 桥接至 BNB 链。

Cyvers added, "The address is currently selling all the tokens for $ETH, and some of the funds have already been bridged to the $BNB chain."

Cyvers 补充道，“该地址目前正在以 ETH 价格出售所有代币，部分资金已经桥接至 BNB 链。”

But the story doesn’t end there. On-chain data reveals this exploit was not the hacker’s first rodeo. Transaction history from their wallet reveals that they are associated with multiple exploits from the past.

但故事并没有就此结束。链上数据显示，该漏洞并不是黑客的第一次表演。他们钱包中的交易历史记录显示，他们与过去的多次漏洞利用有关。

Blockchain sleuth ZachXTB uncovered the fact, "Attacker is connected on-chain to recent private key compromise incidents such as SpaceCatch, Concentric Finance, OKX DEX, Serenity Shield, Reach, and many more."

区块链侦探 ZachXTB 发现了这样一个事实：“攻击者在链上与最近的私钥泄露事件有关，例如 SpaceCatch、Concentric Finance、OKX DEX、Serenity Shield、Reach 等等。”

This marks yet another hack in a series of such incidents that have occurred recently. For instance, numerous successful attacks took place last month.

这标志着最近发生的一系列此类事件中的又一起黑客事件。例如，上个月发生了多次成功的攻击。

WazirX was the victim of a $230 million exploit, Convergence was exploited for $212,000, and LI.FI had over $11 million drained from its contracts.

WazirX 被利用了 2.3 亿美元，Convergence 被利用了 212,000 美元，LI.FI 的合约被盗走了超过 1100 万美元。