Home 零对冲(ZeroHedge)每日HackerNews

用户在苹果应用商店中,因虚假Ledger钱包应用而损失了950万美元。
Users lose $9.5M to fake Ledger wallet app on the Apple App Store

原始链接: https://www.web3isgoinggreat.com/?id=fake-ledger-app

Drift,一个在Solana上的永续期货交易所,遭受了2.85亿美元的攻击,源于利用“持久nonce”进行复杂攻击,从而夺取了管理权限。攻击者迅速移除了风险限制并清空了资金,将其转换为USDC,然后转到以太坊。 初步迹象表明,这是一支技术高超的团队所为,可能与朝鲜黑客有关,他们使用了高级社会工程学手段。此次事件是DeFi历史上最大的盗窃案之一,并引发了对USDC发行方Circle的批评。 许多人质疑,鉴于Circle的中心化控制以及通常冻结非法资产的做法——以太坊缺乏这种能力,为什么Circle没有在被盗资金停留USDC的六个小时内将其冻结。此次攻击凸显了DeFi协议中的漏洞,并引发了人们对中心化稳定币发行方在缓解大规模盗窃方面的响应能力的问题。

黑客新闻 新的 | 过去的 | 评论 | 提问 | 展示 | 工作 | 提交 登录 用户在苹果应用商店丢失 950 万美元,原因是假的 Ledger 钱包应用程序 (web3isgoinggreat.com) 20 分,来自 CharlesW 1 小时前 | 隐藏 | 过去的 | 收藏 | 3 条评论 帮助 LunaSea 34 分钟前 | 下一个 [–] 我以为苹果正在审查每一个应用程序,这正是他们从所有应用程序收入中获得 30% 荒谬利润的理由?回复 tencentshill 49 分钟前 | 上一个 | 下一个 [–] 它只需要在应用商店存在一周,就能窃取数百万美元,而没有任何补救措施。 这些富有的加密货币人士需要停止吝啬,并聘请财务顾问。不这样做的原因只有一种,那就是他们的财富最初是非法获得的。回复 dude250711 29 分钟前 | 上一个 [–] 单向封闭花园。回复 指南 | 常见问题 | 列表 | API | 安全 | 法律 | 申请 YC | 联系 搜索:
相关文章
原文
The Solana-based Drift defi perpetual futures exchange was exploited for $285 million. The project alerted the community on social media, writing: "Drift Protocol is experiencing an active attack. ... This is not an April Fools joke."

The project later described the exploit as "a novel attack involving durable nonces, resulting in a rapid takeover of Drift's Security Council administrative powers." Once the attacker had access to admin capabilities, they quickly eliminated risk management limits on the protocol and drained huge quantities of tokens, which they swapped to USDC and then ETH. The attack was attributed to extremely sophisticated social engineering, likely by North Korean hackers.

Some have criticized USDC's issuer, Circle, for not freezing the stolen funds during the six hours they were held in USDC. Unlike ETH, USDC is controlled by a centralized company that can, and regularly does, freeze assets determined to have been stolen or connected to illicit activity.

The theft is among the largest in defi history.

联系我们 contact @ memedata.com