avatar
Cos(余弦)😶‍🌫️

又見 durable nonce 這種離線預簽名機制利用,這種釣魚技巧流行至少 2 年了,被釣走這種簽名後,攻擊者可以在未來時機成熟時發起“簽名合法”的鏈上操作,比如 Drift 這個場景是接管了其鏈上 admin 權限。 這次看去是專業黑客組織所為(至少行為上看,準備充分,手法老辣)。

Drift
@DriftProtocol
Earlier today, a malicious actor gained unauthorized access to Drift Protocol through a novel attack involving durable nonces, resulting in a rapid takeover of Drift’s Security Council administrative powers. This was a highly sophisticated operation that appears to have involved
相关赛道:
Jump Crypto
DEX
治理
來自推特
免責聲明:以上內容僅為作者觀點,不代表Followin的任何立場,不構成與Followin相關的任何投資建議。
喜歡
收藏
評論
相關推薦