1inch黑客已归还大部分资金，解析器合约漏洞存在超两年

BlockBeatNews

2025-03-09 01:06:26

BlockBeats 消息，3 月 9 日，此前 3 月 7 日 1inch 团队发现其旧版 Fusion v1 解析器智能合约存在漏洞，造成约 240 万 USDC 和 1276 WETH 损失，总计超过 500 万美元。受损对象仅为使用 Fusion v1 的解析器合约。根据 Decurity 安全团队的事后调查报告，该漏洞存在于 2022 年 11 月从 Solidity 重写为 Yul 的代码中，尽管经过多家安全团队审计，但该漏洞仍在系统中存在超过两年。事件发生后，攻击者通过链上消息询问「我能获得赏金吗」，随后与受害方 TrustedVolumes 进行协商。谈判成功后，攻击者于 3 月 5 日晚间开始归还资金，最终在 3 月 6 日凌晨 4:12（UTC 时间）归还了除赏金外的全部资金。Decurity 作为 Fusion V1 审计团队之一，对此事件进行了内部调查，并总结了几点教训，包括明确威胁模型和审计范围、对审计期间变更的代码要求额外时间、验证已部署合约等。

Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to Disclaimer.

Commento

0/400

Nessun commento