DeFi-протокол DeltaPrime потерял 6 млн долларов в сети Arbitrum в результате эксплойта

investing.ruPublicado a 2024-09-16Actualizado a 2024-09-16

GetBlock Magazine - Что произошло? DeFi-протокол DeltaPrime, работающий в блокчейне Avalanche и сети второго уровня (L2) Arbitrum на базе блокчейна Ethereum, потерял 6 млн долларов в результате эксплойта. В ИБ-компании Cyvers заявили, что причиной стала утечка закрытого ключа администратора.

Источник: X.com

Что еще известно? Получение доступа к кошельку проекта позволило хакерам заменить адреса контрактов на собственные и опустошить пулы DeltaPrime в сети Arbitrum. После вывода средств они начали обменивать украденные активы на монеты ETH.

Инцидент произошел всего через два месяца после того, как DeltaPrime потерял 1 млн долларов в результате атаки. Тогда причиной стала уязвимость, позволившая хакеру передать права собственности на аккаунты, погасить их кредиты и вывести залоговое обеспечение. Всего он использовал 13 учетных записей.

После этого команда DeltaPrime заявила, что провела повторный аудит кода и устранила уязвимость. Она также выплатила компенсацию пострадавшим: $900 000 были восстановлены после взлома, еще $100 000 — взяты из резервного фонда.

Комментируя новый инцидент, команда отметила, что из протокола Delta Prime Blue на базе Arbitrum выведено 5,98 млн долларов. Причины утечки ключа в настоящее время устанавливаются. В свою очередь протокол DeltaPrime Red в сети Avalanche не пострадал.

«Риск ограничен, мы работаем над восстановлением активов, а страховой пул покроет любые потенциальные убытки. Кроме того, мы изучаем другие способы свести потери пользователей к минимуму», — заключили разработчики.
Источник: X.com

Анонимный блокчейн-аналитик ZachXBT, известный своими расследованиями о взломах в криптоиндустрии, отметил, что DeltaPrime ранее нанимала ИТ-специалистов из Северной Кореи.

Он заявил, что ранее в этом году предостерег разработчиков от найма сотрудников из страны, находящейся под санкциями. Хотя позже в DeltaPrime заверили, что уволили таких сотрудников, потенциальная связь между взломом и КНДР остается неясной.

Источник: X.com

Аналитики ранее сообщали, что северокорейские хакеры проникают в криптокомпании под видом сотрудников для получения доступа к инсайдерской информации и проведения атак.

Хакеры из КНДР причастны к нескольким громким инцидентам в индустрии, включая взлом индийской криптобиржи WazirX на 235 млн долларов в августе и индонезийской криптобиржи Indodax на 20 млн в текущем месяце.

Читайте оригинальную статью на сайте GetBlock Magazine

Lecturas Relacionadas

Tiger Research: Zuckerberg Begins Betting on Prediction Markets, While Asian Nations Still View Them as Gambling

This article examines the rise of prediction markets, contrasting their growing institutional acceptance in the West with their restrictive regulation in Asia. It details how prediction markets, which originated from informal political betting and academic experiments like the Iowa Electronic Market, aggregate crowd wisdom into probabilistic prices through binary contracts. Their growth accelerated around 2020, reaching over $14 billion in monthly volume. A key driver is the "skin in the game" principle, where users risk their own capital, leading to high accuracy in predicting events like Fed rate decisions and elections, as demonstrated by platforms like Polymarket. Meta's entry, with Mark Zuckerberg reportedly leading the development of the Arena app, signals the market's maturation. In the U.S., court rulings have distinguished prediction markets from gambling, facilitating entry by traditional financial institutions. However, most Asian jurisdictions still classify them as gambling, focusing on social control rather than financial innovation. The article argues this stance creates three problems for Asia: 1) regulatory arbitrage pushes users to riskier offshore platforms, 2) loss of sovereign information infrastructure as valuable social sentiment data accumulates abroad, and 3) abandonment of user protection. It concludes that Asia needs a policy shift from prohibition to constructive regulation, integrating these markets into the formal system to harness their data as a national asset, as initiatives like Limitless Research are beginning to do.

marsbitHace 6 min(s)

Tiger Research: Zuckerberg Begins Betting on Prediction Markets, While Asian Nations Still View Them as Gambling

marsbitHace 6 min(s)

Ethereum's Next Decade in the Eyes of Vitalik

"Lean Ethereum" Long-Term Roadmap Unveiled by Vitalik Buterin On July 5, 2026, Vitalik Buterin published the "Lean Ethereum" roadmap, positioning it as Ethereum's third major evolution following the Merge. This multi-year, multi-phase upgrade aims to fundamentally transform Ethereum's core protocol through staged network upgrades extending to 2029. Key goals include achieving 1 gigagas per second L1 throughput (a massive increase from the current ~32 TPS), near-instant finality, and quantum-resistant cryptography. The plan involves transitioning Ethereum's security model from full transaction re-execution by all nodes to native verification via recursive STARK proofs. A major proposed change is replacing the EVM with a proof-friendly architecture like RISC-V or leanISA, though this remains a point of contention, especially with L2s like Arbitrum favoring alternatives like WASM. Other planned upgrades include a restructured state model with a large, cheap "warehouse" storage layer to drastically reduce fees for migrated applications, multi-dimensional gas pricing, and a new focus on making privacy a first-class, native protocol feature. While the roadmap significantly raises Ethereum's long-term technical ceiling, analysts note it does not directly address ETH's mid-term token economics or value capture. The plan's multi-year timeline means near-term price impact will likely depend on observable progress milestones, such as the successful deployment of the upcoming Glamsterdam gas limit increase, growth in L2 activity and blob usage, and trends in L1 fee revenue and ETH burn.

链捕手Hace 1 hora(s)

Ethereum's Next Decade in the Eyes of Vitalik

链捕手Hace 1 hora(s)

In Just 11 Days, Claude Rewrote Millions of Lines of Code, an Epic AI Engineering Feat Sparks Fury

In just 11 days, Bun's founder Jarred Sumner used Anthropic's Claude AI models to rewrite its million lines of code from Zig to Rust. This move sparked significant controversy, particularly from Zig's creator, Andrew Kelley, who publicly criticized Sumner's engineering practices and the decision to use AI for such a massive rewrite. Bun, a high-performance JavaScript/TypeScript runtime and rival to Node.js, was originally written in Zig. After Anthropic acquired Bun, the team encountered persistent stability and memory safety bugs in the Zig codebase. These issues, combined with Zig's strict policy against LLM-generated code, led to the decision to rewrite in Rust. The rewrite was executed using Claude AI tools at an estimated API cost of $165,000, dramatically reducing the expected time and financial cost. Andrew Kelley's response was scathing. He blamed the original bugs on poor engineering habits, calling Bun's Zig code a collection of "hacks on top of hacks." He expressed relief that Bun was no longer associated with Zig, fearing it would misrepresent the language and attract low-quality, AI-generated contributions. The tech community is divided; some view Kelley's critique as unprofessional, while others see it as a defense of engineering integrity. A major concern about the AI-driven rewrite is the resulting code quality. The translation from Zig left approximately 27,000 lines of unsafe Rust code, raising fears about long-term maintainability and technical debt. The debate centers on whether this project is a milestone in AI-assisted development or a future maintenance nightmare.

marsbitHace 2 hora(s)

In Just 11 Days, Claude Rewrote Millions of Lines of Code, an Epic AI Engineering Feat Sparks Fury

marsbitHace 2 hora(s)

From Auto Finance to Bitcoin to AI Engines: An Analysis of Cango's 'What Not to Do' Strategy

From Auto Finance to Bitcoin and Now AI: Cango's "What Not to Do" Strategy Cango, a Chinese auto finance platform that went public on the NYSE in 2018, is undergoing its third major transformation. After selling its entire auto business in 2024, it pivoted to become a large-scale Bitcoin miner, acquiring 50 exahash of mining rigs from Bitmain. However, its true goal was never Bitcoin, but owning and controlling energy infrastructure. Now, Cango is pivoting again. While most listed Bitcoin miners are leasing power to giant hyperscalers for AI training clusters, Cango is taking the opposite path. It has launched an AI inference subsidiary called EcoHash, focusing not on training but on distributed inference. The company's strategy hinges on the insight that over 70% of mining industry power is controlled by small, independent sites (10-50 MW), which are too small for hyperscalers but ideal for low-latency AI inference. Cango aims to partner with these small operators, providing the AI technology, customers, and financing through its EcoLink software layer, which can distribute workloads across sites for reliability. Cango maintains a hybrid model, running roughly 31.7 EH/s of Bitcoin mining for cash flow while aggressively cleaning its balance sheet—slashing long-term debt by 94.5% to $30.6 million and raising $75 million for its AI venture. Its first AI deployment will be at a 50 MW site in Georgia. The strategy faces skepticism, given the high costs of converting mining sites and the potential for an AI bubble. However, Cango's leadership believes discipline around "what not to do"—avoiding direct competition with hyperscalers in training—positions it to capture the long-tail demand for distributed AI inference power.

Foresight NewsHace 2 hora(s)

From Auto Finance to Bitcoin to AI Engines: An Analysis of Cango's 'What Not to Do' Strategy

Foresight NewsHace 2 hora(s)

Trading

Spot
活动图片