Tom qab Platypus raws tu qauv raug hacked nag hmo, tsawg kawg 2.4 lab USDC raug xa rov qab mus rau lub exploited platform nrog kev pab los ntawm blockchain ruaj ntseg tuam txhab BlockSec.
Ntawm yuav luag $ 9.1 lab hauv cov nyiaj nyiag los ntawm Platypus, nws yog qhia tias tus neeg tawm tsam tsuas tuaj yeem them nyiaj tawm $ 270,000, raws li MetalSleuth, lub cuab yeej pom pom los ntawm Blocksec.
Qee qhov $ 8.5 lab ntawm cov nyiaj nyiag khoom tau raug khov rau hauv daim ntawv cog lus lawv tau pauv mus rau, thiab lwm $ 380,000 los ntawm kev sim siv thib ob yog ua yuam kev xa rov qab mus rau Aave, on-chain data show.
Retrieving ib feem ntawm cov nyiaj nyiag los rau Platypus revolved nyob ib ncig ntawm BlockSec txoj kev npaj coj kom zoo dua ntawm ib tug tsis txaus siab nyob rau hauv lub attacker daim ntawv cog lus.
"Los ntawm kev siv qhov tsis zoo no, qhov project tuaj yeem hloov cov nyiaj los ntawm kev cog lus tawm tsam mus rau qhov project tus account," Yajin Zhou, co-founder ntawm BlockSec hais rau The Block.
"Qhov project tau rov qab tau $ 2 lab siv cov ntaub ntawv pov thawj ntawm lub tswv yim muab los ntawm peb. Qhov no yog kom rov qab tau cov nyiaj hauv tus neeg tawm tsam daim ntawv cog lus, "raws li Zhou, uas tau hais ntxiv tias qee qhov $ 8 lab hauv cov cuab tam tau tso tseg txij li daim ntawv cog lus tawm tsam tsis muaj kev hloov pauv.
Callback lub hack
Txhawm rau kom rov qab tau cov crypto txiaj, BlockSec siv lub luag haujlwm hu rov qab hauv tus neeg tawm tsam daim ntawv cog lus.
"Qhov kev tawm tsam tau pib los ntawm kev qiv nyiaj qiv rov qab interface hauv daim ntawv cog lus tawm tsam. Txoj haujlwm hu rov qab no tsis muaj kev tswj xyuas. Thiab thaum lub sijhawm hu rov qab no, tus neeg tawm tsam hardcoded lub logic kom pom zoo USDC rau qhov project daim ntawv cog lus (uas yog tus neeg sawv cev), "Zhou sau tseg.
"Yog li qhov project tuaj yeem ua thawj zaug hu rov qab ua haujlwm hauv daim ntawv cog lus tawm tsam kom pom zoo USDC rau qhov project daim ntawv cog lus. Tom qab ntawd daim ntawv cog lus ua haujlwm tuaj yeem thim USDC ntawm daim ntawv cog lus tawm tsam los ntawm kev hloov kho lub npe mus rau qhov kev siv tshiab, "Zhou hais.
Kho: Hloov kho kom kho Platypus lub npe raug cai.
Tau qhov twg los: https://www.theblock.co/post/212966/platypusdefi-salvages-2-4-million-in-hacked-funds-with-blocksecs-help?utm_source=rss&utm_medium=rss