Little Boy Plus bị tấn công, ghi nhận thiệt hại khoảng 377.642 USDT, tương đương 610,555 BNB. SlowMist cho biết lỗ hổng nằm ở hàm _update trong hợp đồng LBPHashrate. Hàm này có thể bị kích hoạt qua một lệnh transferFrom giá trị 0, qua đó vượt qua cơ chế kiểm tra quyền của OpenZeppelin....

Little Boy Plus bị tấn công, ghi nhận thiệt hại khoảng 377.642 <a href="https://tintucbitcoin.com/tether-usdt-la-gi/" title="USDT là gì? Tổng quan về đồng stablecoin USDT" rel="nofollow">USDT</a>, tương đương 610,555 BNB.SlowMist cho biết lỗ hổng nằm ở hàm _update trong hợp đồng LBPHashrate. Hàm này có thể bị kích hoạt qua một lệnh transferFrom giá trị 0, qua đó vượt qua cơ chế kiểm tra quyền của OpenZeppelin.Kẻ tấn công có thể gọi hàm này mà không cần cấp quyền, kích hoạt _harvest và mint token LBP vào địa chỉ PancakePair thông qua LBP.mintReward.Số LBP được mint làm tăng số dư của pool nhưng không thay đổi reserves, sau đó kẻ tấn công rút USDT qua lệnh PancakePair.swap.

SlowMist: Little Boy Plus bị tấn công, thiệt hại khoảng 378.000 USD

Little Boy Plus was attacked, resulting in losses of approximately 377,642 USDT, equivalent to 610,555 BNB. SlowMist stated that the vulnerability lay in the _update function within the LBPHashrate contract. This function could be triggered via a transferFrom command with a value of 0, thereby bypassing OpenZeppelin's permission checking mechanism.

Little Boy Plus was hacked, resulting in losses of approximately 377,642 <a href="https://tintucbitcoin.com/tether-usdt-la-gi/" title="What is USDT? An overview of the USDT stablecoin." rel="nofollow">USDT</a> , equivalent to 610,555 BNB. SlowMist reported that the vulnerability lies in the _update function within the LBPHashrate contract. This function can be triggered via a transferFrom command with a value of 0, thereby bypassing OpenZeppelin&#39;s permission checking mechanism. An attacker can call this function without granting permissions, trigger _harvest , and send the Mint Token LBP to the PancakePair address via LBP.mintReward . The Mint LBP increases the pool balance but does not change the reserves, after which the attacker withdraws USDT via the PancakePair.swap command.

SlowMist: Little Boy Plus hacked, causing approximately $378,000 in damages.

Original article | Odaily Odaily(@OdailyChina)
Author｜Azuma (@azuma_eth)
At dawn on June 18th, Beijing time, the Federal Reserve officially announced its latest interest rate decision. As expected, the federal funds rate remained unchanged within the established range, in line with market expectations.
Over the past few weeks, the market has largely priced in the interest rate path, with little debate. Therefore, the real focus of this interest rate decision is not on whether to cut rates, but on how new Federal Reserve Chairman Warsh will begin his first term...

Warsh's debut: The dot plot is still there, but the Fed may have changed.

Kevin Warsh held his first press conference as Fed Vai on June 17, 2026.
Gold and Bitcoin prices plummeted as Warsh's launch brought statements unfavorable to these assets...

Kevin Warsh caused Bitcoin and gold prices to fall during the first FOMC press conference: What did he say?

Decentralized exchange Aster is getting a major upgrade to its tokenomics! According to an official X account announcement, starting today (17th) [...]
The article, "Aster Announces Buyback and Burn Ratio to 198%, $ASTER Price BlockTempo 9%," was originally published on BlockTempo, the most influential ABMedia media.