Security agency: Aurelion Labs contract suffered a reentrancy initialization attack resulting in the loss of approximately 455,000 USDC.

This article is machine translated

Show original

According to Mars Finance, blockchain security firm SlowMist tweeted that Aurelion Labs' Diamond contract was compromised because the `initialize(address)` function in the SafeOwnable Facet was not protected. An attacker re-entered the initialization, altered the contract owner, and executed `diamondCut` to inject a malicious Facet containing `pullERC20`, thereby transferring authorized USDC assets. SlowMist stated that affected contracts include addresses such as 0x0adc63e7… (victim contract), 0x2e933518…, 0xa90714a1…, and 0xeced2d37…, while the attacker's address was 0x9f49591a3b…, resulting in a loss of approximately 455,003 USDC.

Sector:

Stablecoin

Source

Disclaimer: The content above is only the author's opinion which does not represent any position of Followin, and is not intended as, and shall not be understood or construed as, investment advice from Followin.

Add to Favorites

Comments

Relevant content

ODAILY

From A9 Myth to Millions in Debt: A Meme Player's Five-Year Rise and Fall

POPCAT

2.59%

Foresight News

Circle pre-sells $220 million worth of ARC tokens, firing the first shot in its second battle.

ARC

Foresight News

VVV has surged more than 20 times in six months. Why has this AI cryptocurrency skyrocketed?

2.3%