攻击交易:
0x26aa86261c834e837f6be93b2d589724ed5ae644bc8f4b8af2207e6bd70828f9
攻击智能合约是开源的。
第一步:0x054e 发送交易,将管理员角色授予钱包 (0x41b8) 的 0x0eba。
然后 0x0eba 将“DAO 合约”角色授予 0x1c93。
最后,0x1c93 (XXX) 调用 withdrawFromUser 函数将资金转移到 XXX 合约。
有趣的是,受害者 0x41b8 是由 0x054e 创建的。
总而言之,0x054e 创建了受害者 0x41b8 钱包。然后 0x054e 将管理员角色授予 0x0eba,后者又将“DAO 合约”角色授予 0x1c93。最后 0x1c93 从受害者那里提取了资金。
Tether Freezes $6.76M USDT Linked to Iran's IRGC & Houthi Forces: Why On-Chain Compliance is Now a Geopolitical Battlefield
Looking ahead, targeted freezing events like this $6.76M USDT action will only become more common. On-chain data analysis is improving. Stablecoin issuers are also working closely with regulators. As a result, hidden illicit financial networks will be exposed.
Weekly Web3 Security Incident Roundup | Mar 2 – Mar 8, 2026
During the week of March 2 to March 8, 2026, seven blockchain security incidents were reported with total losses of ~$3.25M. The incidents occurred across Base, BNB Chain, and Ethereum, exposing critical vulnerabilities in smart contract business logic, token deflationary mechanics, and asset price manipulation. The primary causes included a double-minting logic flaw during full token deposits that allowed an attacker to exponentially inflate their balances through repeated burn-and-mint cycles, a price manipulation vulnerability in an AMM-based lending market where artificially inflated vault shares created divergent price anchors to incorrectly force healthy positions into liquidation, and a flawed access control implementation relying on trivially spoofed contract interfaces that enabled attackers to bypass authorization to batch-mint and dump arbitrary tokens.
Weekly Web3 Security Incident Roundup | Feb 23 – Mar 1, 2026
During the week of February 23 to March 1, 2026, seven blockchain security incidents were reported with total losses of ~$13M. The incidents affected multiple protocols, exposing critical weaknesses in oracle design/configuration, cryptographic verification, and core business logic. The primary drivers included oracle manipulation/misconfiguration that led to the largest loss at YieldBloxDAO (~$10M), a crypto-proof verification flaw that enabled the FOOMCASH (~$2.26M) exploit, and additional token design and logic errors impacting Ploutos, LAXO, STO, HedgePay, and an unknown contract, underscoring the need for rigorous audits and continuous monitoring across all protocol layers.
