Security firm: Aurellion Labs contract suffered a reentrancy initialization attack, resulting in the loss of approximately 455,000 USDC.
ChainCatcher news, blockchain security firm SlowMist tweeted that the Diamond contract related to Aurellion Labs was exploited because the `initialize(address)` function in the SafeOwnable Facet was unprotected. The attacker reentered to initialize and tampered with the contract owner, then executed `diamondCut` to inject a malicious Facet containing `pullERC20`, thereby transferring authorized USDC assets. SlowMist stated that the affected contracts include 0x0adc63e7... (victim contract), 0x2e933518..., 0xa90714a1..., 0xeced2d37..., and so on. The attacker’s address is 0x9f49591a3b..., and the total loss is approximately 455,003 USDC.
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
BIT Official: BNB follows ETH's trend, but BNB is quietly gaining the upper hand
Midday Key Developments
A Chinese crude oil supertanker is attempting to leave the Strait of Hormuz.
The South Korean KOSPI index reached as high as 7,800 points, up 2.11% intraday
Trending news
MoreCrypto prices
More
