内容简介:Hackers have stolen more than $25 million in cryptocurrency from the Uniswap exchange and the Lendf.me lending platform.The attacks took place over the weekend, on Saturday and Sunday, respectively. Although an investigation is currently underway, the two
Hackers have stolen more than $25 million in cryptocurrency from the Uniswap exchange and the Lendf.me lending platform.
The attacks took place over the weekend, on Saturday and Sunday, respectively. Although an investigation is currently underway, the two attacks are believed to be related, and most likely carried out by the same group or individual.
According to investigators, hackers appear to have chained together bugs and legitimate features from different blockchain technologies to orchestrate a sophisticated "reentrancy attack."
Reentrancy attacks allow hackers to withdraw funds repeatedly, in a loop, before the original transaction is approved or declined.
The similarities between Uniswap and Lendf.me is that both platforms were using:
- Lendf.me protocol -- a decentralized finance (DeFi) protocol developed by the dForce Foundation to support lending operations on the Ethereum platform.
- imBTC -- a token (coin) that runs on the Ethereum platform and is valued at a 1:1 rate with the Bitcoin cryptocurrency.
- ERC-777 -- one of the underlying technologies of the Ethereum blockchain meant to support smart contracts (both Lendf.me and imBTC run as smart contracts on the Ethereum platform).
"The ERC-777 token standard has - to our knowledge - no security vulnerabilities," said Tokenlon, the company behind imBTC.
"However, the combination of using ERC777 tokens and Uniswap/Lendf.Me contracts enables [...] reentrancy attacks," the company wrote in a post-mortem report of the Uniswap and Lendf.me attacks.
The company believes the hackers used an exploit published in July 2019 on GitHub by OpenZeppelin, a company that performs security audits for cryptocurrency platforms.
At the time of writing, Uniswap is believed to have lost between $300,000 and $1.1 million in funds, while Lendf.me lost more than $24.5 million.
The hackers used the reentrancy attack to siphon funds from each platform into their wallet, and then immediately transfer the funds to other accounts.
Both websites have been taken down to prevent further attacks. Tokenlon has also suspended its imBTC token and is blocking all new transactions to prevent the hackers from carrying out new attacks against other platforms.
以上就是本文的全部内容,希望本文的内容对大家的学习或者工作能带来一定的帮助,也希望大家多多支持 码农网
猜你喜欢:
本站部分资源来源于网络,本站转载出于传递更多信息之目的,版权归原作者或者来源机构所有,如转载稿涉及版权问题,请联系我们。
王牌创业者:风口游戏
澈言 / 百花洲文艺出版社 / 2018-2 / 48.00
《王牌创业者:风口游戏》是一部围绕互联网创业展开的商战小说:故事的主人公莫飞是“毕业即创业”的当代年轻创业者的典型代表,他大学在校时就凭借创业项目拿到了天使融资,创业几年后,当产品估值越做越大时,他却忽然遭遇创业伙伴及投资人的联手陷害,失去了自己一手建立的公司。 此时, 莫飞的女友林姿参加了一场声势浩大的创业比赛,并一举夺魁,直进决赛。可在决赛中,突如其来的一场新闻事件让她名誉扫地。最终,为......一起来看看 《王牌创业者:风口游戏》 这本书的介绍吧!
