温馨提示:本站仅提供公开网络链接索引服务,不存储、不篡改任何第三方内容,所有内容版权归原作者所有
AI智能索引来源:http://www.bee.com/zh/53589.html
点击访问原文链接

More than $40 million stolen, GMX ambushed | Bee Network

进入原网站 导航首页
More than $40 million stolen, GMX ambushed | Bee Network Login 熱門新聞 Meme Launchpad AI 代理商 DeSci 熱門鏈瀏覽器 新人必讀 衝百倍幣 蜜蜂遊戲 必備網站 必備APP 必關大神 DePIN 新人必備 教我避坑 基本工具 深度網站 交易所 NFT 工具 你好, 登出 Web3宇宙 遊戲 DApp 蜂巢 增長平台 生態 搜尋 英語 Coins儲值 登入 下載 Web3大學 遊戲 DApp 蜂巢 生態 分析•正文 超過 $.4 億元被盜,GMX 遭到伏擊分析8 年前更新懷亞特 26,691 48 原創| Odaily星球日報( @Odaily中國 )

作者 |亞瑟( @Asher_0210 )

昨晚, the GMX platform , a leading DeFi protocol on the chain , suffered a major security incident. More than 40 million US dollars of 加密貨幣 assets were stolen by hackers, involving WBTC, WETH, UNI, FRAX, LINK, USDC, USDT and other mainstream tokens. After the incident, Bithumb issued an announcement announcing that the deposit and withdrawal services of GMX will be suspended until the network is stable.

Affected by the theft, the GMX token fell by more than 25% in 4 hours, and the price once fell below $11, and is now at $11.8. According to DefiLlama data, GMX TVL fell from $500 million before the theft to $400 million, a short-term drop of up to 20%.

GMX platform TVL was affected by the theft incident and fell to $400 million in a short period of time

Next, Odaily Planet Daily will sort out the reasons for the GMX theft, the team’s response, and the latest trends of hackers.

Attacker exploits reentrancy vulnerability

The root cause of the GMX theft is a reentrancy vulnerability in the core function executeDecreaseOrder. The first parameter of the function should have been an external account (EOA), but the attacker passed in a smart contract address, which allowed the attacker to re-enter the system during the redemption process and manipulate the internal state. Ultimately, the redeemed assets far exceeded the actual value of the GLP they held.

SlowMist partner and chief information security officer 23pds posted on the X platform that in GMX V1, the establishment of a short position will immediately update the global short average price (globalShortAveragePrices), which directly affects the calculation of total assets under management (AUM), and thus affects the valuation and redemption amount of GLP tokens.

The attacker took advantage of GMXs design of enabling the timelock.enableLeverage function during order execution (a prerequisite for opening large short positions) and triggered a reentrancy vulnerability in the executeDecreaseOrder function through a contract call. Using this vulnerability, the attacker repeatedly created short positions, artificially raising the global average short price without actually changing the market price.

Since AUM relies on this price calculation, the platform mistakenly included the inflated short losses in the total assets, causing the GLP valuation to be artificially inflated. The attacker then redeemed GLP and withdrew assets far in excess of his share, realizing huge profits.

Attack transaction example: https://app.blocksec.com/explorer/tx/arbitrum/0x03182d3f0956a91c4e4c8f225bbc7975f9434fab042228c7acdc5ec9a32626ef?line=93

GMX official response: The GLP liquidity pool of GMX V1 on Arbitrum was attacked by a vulnerability, and the GMX V2 version was not affected In response to this major security incident, the GMX team has made an official response as soon as possible. It posted on the X platform that the GLP pool of GMX V1 on the Arbitrum platform was attacked by a vulnerability, and about $40 million of tokens have been transferred from the GLP pool to an unknown wallet. Security partners have participated in the investigation of this attack.

Currently, the Arbitrum and Avalanche platforms have disabled transactions for GMX V1 and the minting and redemption functions of GLP to prevent any further attacks, but the vulnerability does not affect the GMX V2 version or the GMX token itself.

Since GMX V1 has been attacked, users can reduce the risk by doing the following:

Disable leverage: Call Vault.setIsLeverageEnabled(false) to turn it off; if Vault Timelock is used, call Timelock.setShouldToggleIsLeverageEnabled(false).

Set maxUsdgAmounts of all tokens to 1: Use Vault.set代幣Config or Timelock.setTokenConfig to prevent GLP from being further minted. It is worth noting that this value must be set to 1, not 0, because setting it to 0 means there is no upper limit, which will cause the vulnerability to continue to be exploited.

According to the latest update, the official said that it was confirmed that the attack was only aimed at GMX V1, and the GMX V2 version of the contract did not use the same calculation mechanism. However, out of caution, GMX has updated the upper limit of GMX V2 version tokens on Arbitrum and Avalanche, so the minting of new tokens in most liquidity pools is currently restricted. Once this restriction is lifted, you will be notified as soon as possible.

In addition, on-chain data shows that GMX has left a message to the hackers address, admitting that it has encountered a vulnerability in the GMX Vl version and is willing to provide a 10% white hat bounty. If the remaining 90% of the funds are returned within 48 hours, it will promise not to take further legal action.

GMX has left a message to the hacker address and is willing to provide a 10% white hat bounty

Hackers have moved over $30 million to new addresses Judging from the signs on the chain, this was a long-planned action. The hackers initial funds were transferred from the privacy mixing protocol Tornado Cash a few days ago, indicating that they had already made sufficient preparations for this attack.

After stealing more than $40 million in crypto assets, hackers quickly transferred more than $30 million in assets. According to on-chain data, the GMX hacker marked address (address: https://debank.com/profile/0xdf3340a436c27655ba62f8281565c9925c3a5221 ) has transferred 88 BTC (worth approximately US$9.8 million), more than 2,200 ETH (worth approximately US$5.85 million), more than 3 million USDC, and more than 1.3 million DAI to the new address 0x99cdeb84064c2bc63de0cea7c6978e272d0f2dae ; and transferred more than 4,300 ETH (worth approximately US$11 million) to the new address 0x6acc60b11217a1fd0e68b0ecaee7122d34a784c1 . In total, more than $30 million in funds have been transferred to other new addresses.

Hackers stole over $40 million in assets

The remaining $10 million in funds in the current hacker address has not yet been transferred

Chain detective ZachXBT published an article on the X platform criticizing Circle for its inaction on the hacker behavior. He said that the GMX attack had occurred 1 to 2 hours ago, but Circle did not take any action against the hacker behavior. The attacker even used Circles cross-chain transfer protocol CCTP to transfer the stolen funds from Arbitrum to Ethereum.

概括

This theft not only revealed the key flaws of GMX V1 in caller permission verification, status update timing, and leverage mechanism design, but also once again sounded the alarm for the entire industry: in a system involving complex financial logic (such as leverage, dynamic pricing) and contract execution paths, any unprotected entry may evolve into the starting point of a black swan event.

It is worth noting that hackers have exchanged most of the stolen assets for cryptocurrencies that are more difficult to freeze, especially decentralized assets such as ETH and DAI, and dispersed the funds through multiple new addresses, further increasing the difficulty of tracking and recovering them. The 10% white hat bounty in exchange for exemption plan proposed by GMX also exposes the current reality of the lack of a unified legal accountability mechanism in the Web3 world.

For DeFi developers, perhaps the question they should think about more is not “how did the hacker succeed”, but whether sufficient mechanisms have been established to limit the occurrence of the most extreme attack paths when the system manages the real assets of users. Otherwise, no matter how perfect the product logic is, once there is a lack of security boundary design, it will eventually be difficult to escape the cost of systemic risk.

This article is sourced from the internet: More than $40 million stolen, GMX ambushed

Related: Can the PoL mechanism be saved? Looking at the liquidity game from the new low of BERA Original author: 1912212.eth, Foresight News Recently, the price of BERA has dropped to $2.66, a new low since the TGE in February this year. BERA has been falling since March. What happened to the once popular Berachain? TVL dropped from 3.4 billion to 1.147 billion As an emerging public chain, Berachain has attracted much attention from the market for its Meme culture, liquidity mechanism, and support from well-known VCs before its mainnet launch. Its core innovation lies in its Proof of Liquidity (PoL) mechanism, which incentivizes on-chain liquidity through BGT emissions and bribes. However, the complexity of this mechanism makes it difficult to attract new users and also exposes sustainability issues. PoL relies on the continuous injection of liquidity, but when the market environment deteriorates or incentives decrease, liquidity providers…

#分析# 加密# 脫機#以太坊#交換#市場#代幣# 網路3© 版權聲明文章版权归作者所有,未经允许请勿转载。 上一篇 Pump.fun 終於發行硬幣,總數達 1 兆。Meme 之王要來了嗎? 下一篇 Written after the hacker attack: Is there any risk-free return in the DeFi world? 相關文章 開發者故事 01 |以太坊基金會 Justin Drake OKX Web3 產品負責人歐文:以太坊 2 的影響 6086cf14eb90bc67ca4fc62b 42,106 Ending Zero-Sum Games: In-Depth Research Report on Web3 Incentive Engineering and Odyssey Behavioral Dynamics 6086cf14eb90bc67ca4fc62b 4,417 1 Can XPL, which was snapped up by wealthy investors during its public sale, break the $1 mark when it goes online?Recomme 6086cf14eb90bc67ca4fc62b 23,109 1 B² Network Mid-Year Review and Outlook: How B² Network Reshapes Bitcoin’s Usage Landscape 6086cf14eb90bc67ca4fc62b 27,611 2 Kill the Bluebird: Can X Chat become Musk’s “Western WeChat”? 6086cf14eb90bc67ca4fc62b 15,477 3 2026 AI Agent Economy Outlook: Reshaping AI Identity and Network Value Flow 6086cf14eb90bc67ca4fc62b 9,523 暫無評論 您必須先登入才能發表評論! 立即登入 暫無評論... Bee.com 全球最大的 Web3 入口網站 合作夥伴 CoinCarp Binance CoinMarketCap CoinGecko 幣活 盔甲 下載Bee Network APP開啟您的Web3之旅 白皮書 角色 常問問題 © 2021-2026.版權所有。. 隱私政策 | 服務條款 下載蜜蜂網路APP 並開始 web3 之旅 全球最大的Web3入口網站 合作夥伴 CoinCarp Binance CoinMarketCap CoinGecko Coinlive Armors 白皮書 角色 常問問題 © 2021-2026.版權所有。. 隱私政策 | 服務條款 搜尋 搜尋站內鏈上社群媒體新聞 熱門推薦: 擼毛打金 數據分析 必關大神 教我避坑 繁體中文 English 简体中文 日本語 Tiếng Việt العربية 한국어 Bahasa Indonesia हिन्दी اردو Русский 繁體中文

智能索引记录