攻撃トランザクション:
0x26aa86261c834e837f6be93b2d589724ed5ae644bc8f4b8af2207e6bd70828f9
攻撃 スマートコントラクト はオープンソースです。
ステップ 1: 0x054e がトランザクションを送信し、ウォレット (0x41b8) の 0x0eba に管理者ロールを付与します。
次に、0x0eba が「DAO コントラクト」ロールを 0x1c93 に付与します。
最後に、0x1c93 (XXX) が withdrawFromUser 関数を呼び出し、XXX コントラクトに資金を転送します。
興味深いことに、被害者 0x41b8 は 0x054e によって作成されています。
要約すると、0x054e は被害者 0x41b8 ウォレットを作成します。次に、0x054e が 0x0eba に管理者ロールを付与し、0x0eba が「DAO コントラクト」ロールを 0x1c93 に付与します。最後に、0x1c93 が被害者から資金を引き出します。
Tether Freezes $6.76M USDT Linked to Iran's IRGC & Houthi Forces: Why On-Chain Compliance is Now a Geopolitical Battlefield
Looking ahead, targeted freezing events like this $6.76M USDT action will only become more common. On-chain data analysis is improving. Stablecoin issuers are also working closely with regulators. As a result, hidden illicit financial networks will be exposed.
Weekly Web3 Security Incident Roundup | Mar 2 – Mar 8, 2026
During the week of March 2 to March 8, 2026, seven blockchain security incidents were reported with total losses of ~$3.25M. The incidents occurred across Base, BNB Chain, and Ethereum, exposing critical vulnerabilities in smart contract business logic, token deflationary mechanics, and asset price manipulation. The primary causes included a double-minting logic flaw during full token deposits that allowed an attacker to exponentially inflate their balances through repeated burn-and-mint cycles, a price manipulation vulnerability in an AMM-based lending market where artificially inflated vault shares created divergent price anchors to incorrectly force healthy positions into liquidation, and a flawed access control implementation relying on trivially spoofed contract interfaces that enabled attackers to bypass authorization to batch-mint and dump arbitrary tokens.
Weekly Web3 Security Incident Roundup | Feb 23 – Mar 1, 2026
During the week of February 23 to March 1, 2026, seven blockchain security incidents were reported with total losses of ~$13M. The incidents affected multiple protocols, exposing critical weaknesses in oracle design/configuration, cryptographic verification, and core business logic. The primary drivers included oracle manipulation/misconfiguration that led to the largest loss at YieldBloxDAO (~$10M), a crypto-proof verification flaw that enabled the FOOMCASH (~$2.26M) exploit, and additional token design and logic errors impacting Ploutos, LAXO, STO, HedgePay, and an unknown contract, underscoring the need for rigorous audits and continuous monitoring across all protocol layers.