According to BlockSec Phalcon (@Phalcon_xyz), a suspicious transaction against the Bunni protocol (@bunni_xyz) contract was detected on the Ethereum network, causing about $2.30 million in losses.
据 BlockSec Phalcon(@Phalcon_xyz)监测,以太坊网络上发现一笔针对 Bunni 协议(@bunni_xyz)合约的可疑交易,造成约 230 万美元损失。
BlockSec Phalcon monitoring revealed that WebKeyDao, the Web3 launcher platform, was hacked, causing approximately $73,000 in losses. The attacker used an unprotected function to buy wkeyDao tokens at a low price and sell them on a decentralized exchange for a profit. Specifically, the attacker used the buy function in the exploit contract to buy 230 wkeyDao tokens using 1159 BUSD, and then sold them on DEX for 13,167 BUSD, making a profit of approximately 10x.
BlockSec Phalcon 监测显示,Web3 启动器平台 WebKeyDao 遭受黑客攻击,造成约 7.3 万美元损失。攻击者利用一个未受保护的函数以低价购买 wkeyDao 代币,并在去中心化交易所上出售这些代币获利。具体而言,攻击者利用漏洞合约中的 buy 函数,使用 1159 BUSD 购买了 230 个 wkeyDao 代币,随后在 DEX 上以 13,167 BUSD 的价格出售这些代币,获得约 10 倍的利润。
According to BlockSec Phalcon, it has detected suspicious transactions involving multiple chains, resulting in losses of about $170,000, which were originated from the same address. Analysis shows that due to insufficient access control, attackers were able to forcibly inject funds into the fraudulent Uni-V3 pool and profit from it.
BlockSec Phalcon said on social media that the system detected suspicious transactions targeting an unknown project on Base, causing about $1 million in losses. The affected project appears to be a Compound fork with multiple markets emptied. Since the contract was not open-sourced, we suspect this could be a classic price manipulation attack as it relies on Uniswap's spot price.
BlockSec Phalcon said on social media that the system has detected hundreds of suspicious transactions against an unknown and unopen-sourced contract (0xff2481) on BSC in the past few hours, indicating a possible reentry attack. Total losses have now reached about $140,000. After the first attack on the transaction (making a profit of about $78,000), the deployer (0x7baa94) repeatedly called the "emergencyWithdrawUSDT" function of the victim contract, withdrawing only a small amount of funds eac...