The Dexible project was attacked and the stolen funds were about $1.54 million
On February 17, according to the Beosin EagleEye security risk monitoring, early warning and blocking platform monitoring of Beosin, a blockchain security audit company, the Dexible project contract was attacked by hackers. The Beosin security team found that there is a logical vulnerability in the Dexible contract selfSwap function, which will call the fill function. This function contains a call to the attacker’s customized data. The attacker constructed a transferfrom function in this data, and passed in the address of other users (0x58f5f0684c381fcfc203d77b2bba468ebb29b098) and his attack address (0x684083f312ac50f538cc4b634d85a2feafaab77a), The token authorized by the user to the contract was transferred by the attacker. The stolen funds were 1.54 million yuan. Beosin Trace tracked and found that the attacker had transferred the stolen funds to Tornado Cash. Beosin reminds users: cancel the token authorization of the address 0xde62e1b0edaa55aac5ffbe21984d321706418024 to prevent theft.
Interpretation of this information:
According to a report from Beosin EagleEye, the Dexible project contract was attacked by hackers on February 17. The Beosin security team discovered a logical vulnerability in the Dexible contract’s selfSwap function, which was exploited by the hackers. The function contained a call to the attacker’s customized data, which included a transferfrom function that allowed the attacker to transfer tokens authorized by other users to their own address. The stolen funds amounted to 1.54 million yuan, and the attacker transferred the funds to Tornado Cash. Beosin recommends that users cancel the token authorization of the address 0xde62e1b0edaa55aac5ffbe21984d321706418024 to prevent further theft.
The first keyword is “hackers,” as they were responsible for the attack on the Dexible project contract. The second keyword is “vulnerability,” referring to the logical vulnerability in the Dexible contract’s selfSwap function that allowed the hackers to exploit the system. The third keyword is “Tornado Cash,” as this is where the stolen funds were transferred to by the attacker.
This article and pictures are from the Internet and do not represent 96Coin's position. If you infringe, please contact us to delete:https://www.96coin.com/45270.html
It is strongly recommended that you study, review, analyze and verify the content independently, use the relevant data and content carefully, and bear all risks arising therefrom.