Dexible Project Contract Hacked by Logical Vulnerability

02/17/2023 08:36 • Metaverse & Beyond • 102 views

On February 17, according to the Beosin EagleEye security risk monitoring, early warning and blocking platform monitoring of Beosin, a blockchain security audit company, the Dexible project contract was attacked by hackers. The Beosin security team found that there is a logical vulnerability in the Dexible contract selfSwap function, which will call the fill function. This function contains a call to the attacker’s customized data. The attacker constructed a transferfrom function in this data, and passed in the address of other users (0x58f5f0684c381fcfc203d77b2bba468ebb29b098) and his attack address (0x684083f312ac50f538cc4b634d85a2feafaab77a), The token authorized by the user to the contract was transferred by the attacker. The stolen funds were 1.54 million yuan. Beosin Trace tracked and found that the attacker had transferred the stolen funds to Tornado Cash. Beosin reminds users: cancel the token authorization of the address 0xde62e1b0edaa55aac5ffbe21984d321706418024 to prevent theft.

The Dexible project was attacked and the stolen funds were about $1.54 million

Interpretation of the news:

According to Beosin EagleEye, a blockchain security audit company’s security risk monitoring, early warning and blocking platform, the Dexible project contract was recently attacked by hackers. The Beosin security team discovered a logical vulnerability in the Dexible contract’s selfSwap function, which called the fill function containing a call to the attacker’s customized data. The attacker misused this function and constructed a transferfrom function in this data. They passed the address of another user and their attack address, therefore authorizing the transfer of the user’s tokens to the attacker’s address. The losses incurred due to this malicious attack were approximately 1.54 million yuan.

The hackers transferred the stolen funds to Tornado Cash, which was then tracked and found by Beosin Trace. The security company also warned users to cancel the token authorization of the address 0xde62e1b0edaa55aac5ffbe21984d321706418024 to prevent theft.

This message highlights the importance of having a robust security system for blockchain platforms, especially when dealing with smart contracts such as Dexible’s. Hackers are always looking for opportunities to exploit vulnerabilities in the system and steal funds. The attackers in this case leveraged a logical vulnerability in the contract’s selfSwap function, emphasizing the importance of conducting regular audits and checks for possible security risks.

The message also highlights the role of blockchain security companies such as Beosin, which can quickly recognize and respond to such attacks, notify affected parties and provide timely solutions to prevent further damage. Users are also encouraged to take their own precautions, such as cancelling token authorizations to prevent theft.

In conclusion, this news highlights the importance of being aware of the inherent security risks of blockchain technology and taking necessary steps to safeguard the assets in one’s possession. Title: Dexible Project Contract Hacked by Logical Vulnerability,

This article and pictures are from the Internet and do not represent qiAiAi's position. If you infringe, please contact us to delete:https://www.qiaiai.com/metaverse/1237.html

It is strongly recommended that you study, review, analyze and verify the content independently, use the relevant data and content carefully, and bear all risks arising therefrom.

Dexible Project Contract Hacked by Logical Vulnerability

The Dexible project was attacked and the stolen funds were about $1.54 million

Related recommendations