0G Foundation: Contract attacked, resulting in 520,000 $0G stolen
2025-12-13 10:16:04
On December 13, 0G Foundation posted on the X platform that a targeted attack compromised its reward contract. The attacker took advantage of the emergency withdrawal function of the 0G reward contract used to distribute alliance rewards and stole 520,010 $0G tokens, which were then bridged and decentralized through Tornado Cash. The attacker obtained the leaked private key in the Alibaba Cloud instance, which is responsible for managing NFT status and reward updates, and stored the private key locally. Due to a critical vulnerability in Next.js (CVE-2025-66478), which was exploited on December 5, multiple Alibaba Cloud instances were compromised. The attackers moved laterally through internal IP addresses, affecting calibration services, validator nodes, Gravity NFT services, node sales services, compute, Aiverse, Perpdex, Ascend, etc. Total confirmed losses: 520,010 $0G, 9.93 ETH, and $4,200 USDT. No core chain infrastructure or user funds were affected except for the reward distribution contract.
Disclaimer:
1. The information provided does not constitute investment advice. Investors should make independent decisions and bear all risks themselves.
2. The copyright of this content belongs to the original author. The views expressed herein are solely those of the author and do not represent the stance or position of this website.
Previous article:
Reuters: Strategy to Remain in Nasdaq 100 IndexNext article:
本周美国现货以太坊ETF净流入2.091亿美元