KiloEx publishes analysis of hacker incident: because the contract did not rewrite key functions, the attacker has returned 90% of the assets stolen across chains

04-21

This article is machine translated

Show original

On April 21, KiloEx released a root cause analysis report of the hacking incident. The report pointed out that the cause was the TrustedForwarder contract in its smart contract inherited from OpenZeppelin's MinimalForwarderUpgradeable without overwriting the execute method, which allowed the function to be called arbitrarily. The attack occurred from 18:52 to 19:40 (UTC) on April 14, with the attacker deploying malicious contracts on chains including opBNB, Base, BSC, Taiko, B2, and Manta.

After negotiating with the attacker, the latter agreed to keep 10% as a bounty, and the remaining assets (covering USDT, USDC, ETH, BNB, WBTC, and Dai) were fully returned to the project's multi-signature wallet. The platform has completed vulnerability repairs and resumed operations.

Source

Disclaimer: The content above is only the author's opinion which does not represent any position of Followin, and is not intended as, and shall not be understood or construed as, investment advice from Followin.

Add to Favorites

Comments

Relevant content

Alpha Sharing | RSI Usage That 90% of People Don't Know

All-in station

Binance announces its process and criteria for listing digital assets.