According to BlockSec Phalcon (@Phalcon_xyz), a suspicious transaction against the Bunni protocol (@bunni_xyz) contract was detected on the Ethereum network, causing about $2.30 million in losses.
据 BlockSec Phalcon(@Phalcon_xyz)监测,以太坊网络上发现一笔针对 Bunni 协议(@bunni_xyz)合约的可疑交易,造成约 230 万美元损失。
According to the Web3 security company BlockSec system monitoring, the contract named D3XAT on the BSC ecosystem is suspected to have been attacked, and the current estimated loss is 160,000 US dollars. Although the contract is not open-source, preliminary analysis indicates that it may be a case of price manipulation due to spot price dependence.
据Web3安全公司BlockSec系统监测,BSC生态上名为D3XAT的合约疑似遭到攻击,目前预估损失达16万美元。尽管该合约不是开源的,但初步分析表明,由于现货价格依赖性,可能是价格操纵的情况。
Blockchain security firm BlockSec posted on social media that its systems detected a hack targeting the decentralized stablecoin protocol, Commonal (USUAL), which is currently suspended.
区块链安全公司 BlockSec 在社交媒体上发文表示,其系统监测到针对去中心化稳定币协议 Usual(USUAL)的黑客攻击,该协议目前已暂停。
协议需要动态安全监控和攻击阻断的全生命周期防护 —— 这是5月22日Cetus协议遭受2.23亿美元攻击后最重要的行业警示。 技术分析显示,漏洞源于inter-mate库的checked_shlw函数检查错误,导致攻击者仅用一个代币就能获得巨额流动性。尽管协议及其依赖的代码库历经多轮审计,仍未能发现该致命问题。 Block...
BlockSec Phalcon monitoring revealed that WebKeyDao, the Web3 launcher platform, was hacked, causing approximately $73,000 in losses. The attacker used an unprotected function to buy wkeyDao tokens at a low price and sell them on a decentralized exchange for a profit. Specifically, the attacker used the buy function in the exploit contract to buy 230 wkeyDao tokens using 1159 BUSD, and then sold them on DEX for 13,167 BUSD, making a profit of approximately 10x.
BlockSec Phalcon 监测显示,Web3 启动器平台 WebKeyDao 遭受黑客攻击,造成约 7.3 万美元损失。攻击者利用一个未受保护的函数以低价购买 wkeyDao 代币,并在去中心化交易所上出售这些代币获利。具体而言,攻击者利用漏洞合约中的 buy 函数,使用 1159 BUSD 购买了 230 个 wkeyDao 代币,随后在 DEX 上以 13,167 BUSD 的价格出售这些代币,获得约 10 倍的利润。
According to BlockSec Phalcon, it has detected suspicious transactions involving multiple chains, resulting in losses of about $170,000, which were originated from the same address. Analysis shows that due to insufficient access control, attackers were able to forcibly inject funds into the fraudulent Uni-V3 pool and profit from it.