温馨提示:本站仅提供公开网络链接索引服务,不存储、不篡改任何第三方内容,所有内容版权归原作者所有
AI智能索引来源:http://www.bee.com/zh_cn/53589.html
点击访问原文链接

More than $40 million stolen, GMX ambushed | Bee Network

进入原网站 导航首页
More than $40 million stolen, GMX ambushed | Bee Network Login 热门新闻 备忘录启动板 人工智能代理 德西 TopChainExplorer 给 Newbee 100 倍金币 蜜蜂游戏 重要网站 必备应用程序 加密货币名人 德平 新手必备 陷阱探测器 基本工具 高级网站 交流 NFT 工具 你好、, 签出 Web3 宇宙 游戏 DApp 蜂巢 成长平台 生态 搜索 英语 充值金币 登录 下载 Web3 大学 游戏 DApp 蜂巢 生态 分析•正文 More than $40 million stolen, GMX ambushed分析8个月前更新怀亚特 26,625 47 原创 | Odaily星球日报( @OdailyChina )

作者 | Asher ( @Asher_0210 )

Last night, the GMX platform , a leading DeFi protocol on the chain , suffered a major security incident. More than 40 million US dollars of 加密 assets were stolen by hackers, involving WBTC, WETH, UNI, FRAX, LINK, USDC, USDT and other mainstream tokens. After the incident, Bithumb issued an announcement announcing that the deposit and withdrawal services of GMX will be suspended until the network is stable.

Affected by the theft, the GMX token fell by more than 25% in 4 hours, and the price once fell below $11, and is now at $11.8. According to DefiLlama data, GMX TVL fell from $500 million before the theft to $400 million, a short-term drop of up to 20%.

GMX platform TVL was affected by the theft incident and fell to $400 million in a short period of time

Next, Odaily Planet Daily will sort out the reasons for the GMX theft, the team’s response, and the latest trends of hackers.

Attacker exploits reentrancy vulnerability

The root cause of the GMX theft is a reentrancy vulnerability in the core function executeDecreaseOrder. The first parameter of the function should have been an external account (EOA), but the attacker passed in a smart contract address, which allowed the attacker to re-enter the system during the redemption process and manipulate the internal state. Ultimately, the redeemed assets far exceeded the actual value of the GLP they held.

SlowMist partner and chief information security officer 23pds posted on the X platform that in GMX V1, the establishment of a short position will immediately update the global short average price (globalShortAveragePrices), which directly affects the calculation of total assets under management (AUM), and thus affects the valuation and redemption amount of GLP tokens.

The attacker took advantage of GMXs design of enabling the timelock.enableLeverage function during order execution (a prerequisite for opening large short positions) and triggered a reentrancy vulnerability in the executeDecreaseOrder function through a contract call. Using this vulnerability, the attacker repeatedly created short positions, artificially raising the global average short price without actually changing the market price.

Since AUM relies on this price calculation, the platform mistakenly included the inflated short losses in the total assets, causing the GLP valuation to be artificially inflated. The attacker then redeemed GLP and withdrew assets far in excess of his share, realizing huge profits.

Attack transaction example: https://app.blocksec.com/explorer/tx/arbitrum/0x03182d3f0956a91c4e4c8f225bbc7975f9434fab042228c7acdc5ec9a32626ef?line=93

GMX official response: The GLP liquidity pool of GMX V1 on Arbitrum was attacked by a vulnerability, and the GMX V2 version was not affected In response to this major security incident, the GMX team has made an official response as soon as possible. It posted on the X platform that the GLP pool of GMX V1 on the Arbitrum platform was attacked by a vulnerability, and about $40 million of tokens have been transferred from the GLP pool to an unknown wallet. Security partners have participated in the investigation of this attack.

Currently, the Arbitrum and Avalanche platforms have disabled transactions for GMX V1 and the minting and redemption functions of GLP to prevent any further attacks, but the vulnerability does not affect the GMX V2 version or the GMX token itself.

Since GMX V1 has been attacked, users can reduce the risk by doing the following:

Disable leverage: Call Vault.setIsLeverageEnabled(false) to turn it off; if Vault Timelock is used, call Timelock.setShouldToggleIsLeverageEnabled(false).

Set maxUsdgAmounts of all tokens to 1: Use Vault.set代币Config or Timelock.setTokenConfig to prevent GLP from being further minted. It is worth noting that this value must be set to 1, not 0, because setting it to 0 means there is no upper limit, which will cause the vulnerability to continue to be exploited.

According to the latest update, the official said that it was confirmed that the attack was only aimed at GMX V1, and the GMX V2 version of the contract did not use the same calculation mechanism. However, out of caution, GMX has updated the upper limit of GMX V2 version tokens on Arbitrum and Avalanche, so the minting of new tokens in most liquidity pools is currently restricted. Once this restriction is lifted, you will be notified as soon as possible.

In addition, on-chain data shows that GMX has left a message to the hackers address, admitting that it has encountered a vulnerability in the GMX Vl version and is willing to provide a 10% white hat bounty. If the remaining 90% of the funds are returned within 48 hours, it will promise not to take further legal action.

GMX has left a message to the hacker address and is willing to provide a 10% white hat bounty

Hackers have moved over $30 million to new addresses Judging from the signs on the chain, this was a long-planned action. The hackers initial funds were transferred from the privacy mixing protocol Tornado Cash a few days ago, indicating that they had already made sufficient preparations for this attack.

After stealing more than $40 million in crypto assets, hackers quickly transferred more than $30 million in assets. According to on-chain data, the GMX hacker marked address (address: https://debank.com/profile/0xdf3340a436c27655ba62f8281565c9925c3a5221 ) has transferred 88 BTC (worth approximately US$9.8 million), more than 2,200 ETH (worth approximately US$5.85 million), more than 3 million USDC, and more than 1.3 million DAI to the new address 0x99cdeb84064c2bc63de0cea7c6978e272d0f2dae ; and transferred more than 4,300 ETH (worth approximately US$11 million) to the new address 0x6acc60b11217a1fd0e68b0ecaee7122d34a784c1 . In total, more than $30 million in funds have been transferred to other new addresses.

Hackers stole over $40 million in assets

The remaining $10 million in funds in the current hacker address has not yet been transferred

Chain detective ZachXBT published an article on the X platform criticizing Circle for its inaction on the hacker behavior. He said that the GMX attack had occurred 1 to 2 hours ago, but Circle did not take any action against the hacker behavior. The attacker even used Circles cross-chain transfer protocol CCTP to transfer the stolen funds from Arbitrum to Ethereum.

summary

This theft not only revealed the key flaws of GMX V1 in caller permission verification, status update timing, and leverage mechanism design, but also once again sounded the alarm for the entire industry: in a system involving complex financial logic (such as leverage, dynamic pricing) and contract execution paths, any unprotected entry may evolve into the starting point of a black swan event.

It is worth noting that hackers have exchanged most of the stolen assets for cryptocurrencies that are more difficult to freeze, especially decentralized assets such as ETH and DAI, and dispersed the funds through multiple new addresses, further increasing the difficulty of tracking and recovering them. The 10% white hat bounty in exchange for exemption plan proposed by GMX also exposes the current reality of the lack of a unified legal accountability mechanism in the Web3 world.

For DeFi developers, perhaps the question they should think about more is not “how did the hacker succeed”, but whether sufficient mechanisms have been established to limit the occurrence of the most extreme attack paths when the system manages the real assets of users. Otherwise, no matter how perfect the product logic is, once there is a lack of security boundary design, it will eventually be difficult to escape the cost of systemic risk.

This article is sourced from the internet: More than $40 million stolen, GMX ambushed

Related: Can the PoL mechanism be saved? Looking at the liquidity game from the new low of BERA Original author: 1912212.eth, Foresight News Recently, the price of BERA has dropped to $2.66, a new low since the TGE in February this year. BERA has been falling since March. What happened to the once popular Berachain? TVL dropped from 3.4 billion to 1.147 billion As an emerging public chain, Berachain has attracted much attention from the market for its Meme culture, liquidity mechanism, and support from well-known VCs before its mainnet launch. Its core innovation lies in its Proof of Liquidity (PoL) mechanism, which incentivizes on-chain liquidity through BGT emissions and bribes. However, the complexity of this mechanism makes it difficult to attract new users and also exposes sustainability issues. PoL relies on the continuous injection of liquidity, but when the market environment deteriorates or incentives decrease, liquidity providers…

#分析# 加密# 定义# 以太坊# 交易所# 市场# 代币# web3© 版权声明文章版权归作者所有,未经允许请勿转载。 上一篇 Pump.fun finally issues coins, with a total of 1 trillion. Is the King of Meme coming? 下一篇 Written after the hacker attack: Is there any risk-free return in the DeFi world? 相关文章 The biggest airdrop in the crypto world is given by Yuanbao 6086cf14eb90bc67ca4fc62b 9,128 Conflict breaks out, does the market pay for it? A look back at the impact of previous international wars on Bitcoin 6086cf14eb90bc67ca4fc62b 29,926 2 “Black Monday” Strikes Again, Is Trump Once Again the “Flash Crash Engine”? 6086cf14eb90bc67ca4fc62b 9,223 2 Metya’s payment brand Metyacard officially upgraded to MePay 6086cf14eb90bc67ca4fc62b 18,040 Bitcoin Mining Outlook 2026: Seven Trends Defining the Industry’s Future 6086cf14eb90bc67ca4fc62b 11,530 2 When Polymarket Enters the Dow Jones, Prediction Markets Are Becoming Part of Serious Journalism 6086cf14eb90bc67ca4fc62b 9,797 无评论 您必须登录后才能发表评论! 立即登录 没有评论... Bee.com 全球最大的 Web3 门户网站 合作伙伴 硬币卡 Binance CoinMarketCap CoinGecko Coinlive 装甲 下载蜜蜂网络APP,开始web3之旅 白皮书 角色 常见问题 © 2021-2026.保留所有权利。. 隐私政策 | 服务条款 下载蜜蜂网络 APP 并开始 web3 之旅 全球最大的 Web3 门户网站 合作伙伴 CoinCarp Binance CoinMarketCap CoinGecko Coinlive Armors 白皮书 角色 常见问题 © 2021-2026.保留所有权利。. 隐私政策 | 服务条款 搜索 搜索InSite链上社会新闻 热门推荐: 空投猎人 数据分析 加密货币名人 陷阱探测器 简体中文 English 繁體中文 日本語 Tiếng Việt العربية 한국어 Bahasa Indonesia हिन्दी اردو Русский 简体中文

智能索引记录