PANews reported on May 12 that blockchain security firm SlowMist tweeted that Aurelion Labs' Diamond contract was compromised because the `initialize(address)` function in the SafeOwnable Facet was not protected. An attacker re-entered the initialization, altered the contract owner, and executed `diamondCut` to inject a malicious Facet containing `pullERC20`, thereby transferring authorized USDC assets. SlowMist stated that affected contracts include addresses such as 0x0adc63e7… (victim contract), 0x2e933518…, 0xa90714a1…, and 0xeced2d37…, while the attacker's address was 0x9f49591a3b…, resulting in a loss of approximately 455,003 USDC.
