Artículos Relacionados con Exploit

El Centro de Noticias de HTX ofrece los artículos más recientes y un análisis profundo sobre "Exploit", cubriendo tendencias del mercado, actualizaciones de proyectos, desarrollos tecnológicos y políticas regulatorias en la industria de cripto.

These Days, Even Hackers Are Losing Money

An article titled "Even Hackers Are Losing Money These Days" details a cyber heist targeting Web3 social platform UXLink’s multi-signature wallet in September 2025. The attacker exploited a delegateCall vulnerability, bypassing security to steal over $11.3 million in assets, including stablecoins, ETH, WBTC, and UXLINK tokens. The hacker then dumped a large amount of UXLINK, causing its price to crash over 70%. Unlike typical hackers who launder funds through mixers like Tornado Cash, this attacker engaged in active on-chain trading, executing 625 transactions on CoW Swap over six months. However, poor trading decisions led to significant losses—at one point, the address was down nearly $4.8 million. The hacker repeatedly bought high and sold low, barely breaking even after six months of activity. Despite the traceability of the funds via platforms like Arkham, recovering the assets remains challenging for UXLink. The project has attempted to rebuild, but its token price has fallen 99% from its peak. The incident underscores that while technical skills enable theft, market volatility affects everyone equally—even hackers aren’t immune to losses.

marsbit03/25 05:25

These Days, Even Hackers Are Losing Money

marsbit03/25 05:25

Besides the Resolv Hack, This Type of DeFi Vulnerability Has Occurred Four Times Already

An attacker exploited a compromised off-chain signing key in the stablecoin protocol Resolv, minting 80 million USR tokens (pegged to USD) from a $100k–$200k USDC deposit within minutes. The stolen keys allowed unlimited minting due to a design flaw—lacking a minting cap—despite multiple audits. The attacker then converted USR to its wrapped version (wstUSR) and dumped it on DEXs, netting ~11,400 ETH (~$24M). This caused USR to depeg, trading at ~$0.25. The depeg triggered a second-phase crisis: lending markets (including Morpho and Fluid/Instadapp) using wstUSR as collateral relied on hardcoded oracles that priced it near $1 instead of its real market value. Arbitrageurs bought cheap wstUSR, used it as overvalued collateral to borrow stablecoins, and amplified losses. Fluid absorbed over $10M in bad debt; Morpho had 15 vaults exposed. This incident repeats a known DeFi pattern: similar oracle failures occurred with Usual Protocol (Jan 2025), Stream Finance (Nov 2025), and Moonwell (late 2025), where mispriced collateral led to massive bad debt. Critics highlight flawed incentives in the "curator" model (e.g., Gauntlet), where third-party vault managers prioritize high yields without adequate risk controls, and protocols outsource risk management without enforcing safeguards. The root cause is systemic: over-reliance on static oracles for volatile assets and insecure off-chain infrastructure.

marsbit03/24 12:10

Besides the Resolv Hack, This Type of DeFi Vulnerability Has Occurred Four Times Already

marsbit03/24 12:10

Resolv exploit triggers USR depeg after $80M uncollateralized mint

Resolv protocol was exploited due to a private key compromise, leading to an unauthorized mint of approximately $80M in unbacked USR stablecoins. This inflated the total supply by 71M tokens, causing a severe depeg—USR fell 56% to around $0.19. The team paused contracts, burned 9M of the attacker’s tokens, and confirmed that underlying collateral remains intact with only $0.5M in losses from redemptions. Recovery efforts include allowlisted redemptions and tracing illicit tokens. The incident highlights risks from over-reliance on off-chain controls in DeFi minting mechanisms.

ambcrypto03/23 17:47

Resolv exploit triggers USR depeg after $80M uncollateralized mint

ambcrypto03/23 17:47

Turning 200,000 into Nearly 100 Million: DeFi Stablecoin Attacked Again

DeFi stablecoin protocol Resolv Labs was exploited, resulting in a hacker minting 80 million USR tokens using only 200,000 USDC. The attacker’s address (starting with 0x04A2) first created 50 million USR with 100,000 USDC, and later minted another 30 million with an additional 100,000 USDC. This caused USR to depeg, dropping to around $0.25 before partially recovering to approximately $0.80. The incident also impacted related lending markets on Morpho and Lista DAO, which paused new borrowing requests. Additionally, RLP token holders, including Stream Finance—which holds over 13 million RLP tokens—face significant exposure, with estimated losses around $17 million. Initial analysis by DeFi community YAM suggests the exploit occurred because the protocol’s SERVICE_ROLE, which provides minting parameters, was compromised. The system fully trusted this role’s input without on-chain verification or minting limits, allowing the attacker to manipulate the mint amount. The project’s emergency response was also slow, taking nearly three hours to pause the protocol due to multi-signature delays. This attack highlights critical vulnerabilities in off-chain role trust and emergency mechanisms within DeFi protocols.

marsbit03/22 09:47

Turning 200,000 into Nearly 100 Million: DeFi Stablecoin Attacked Again

marsbit03/22 09:47

BONK.fun relaunches after domain hijack, confirms $30K in losses

BONK.fun has restored its website following a domain hijack incident that resulted in approximately $30,000 in user losses. The breach, caused by a social engineering attack targeting its domain service provider, led to an unauthorized domain transfer. The attackers did not compromise BONK.fun’s internal systems or codebase. A phishing interface was deployed, tricking users into signing malicious transactions. The team will reimburse affected users at 110% of their losses. Full functionality was restored by March 19, though some antivirus providers still flag the domain. BONK’s price remains weak, trading near $0.0000059. The incident underscores vulnerabilities in third-party infrastructure rather than protocol-level flaws.

ambcrypto03/20 21:03

BONK.fun relaunches after domain hijack, confirms $30K in losses

ambcrypto03/20 21:03

ROBO airdrop under scrutiny as $8M linked to suspected sybil wallets

Fabric Protocol's ROBO token airdrop is under scrutiny after blockchain analytics from Bubblemaps revealed that approximately 7,000 wallets, exhibiting identical transaction patterns, claimed 199 million ROBO tokens (40% of the airdrop), valued at around $8 million at launch. The analysis identified a coordinated funding structure where new wallets were created, funded with similar amounts of ETH from at least seven exchanges, and routed through multiple intermediary layers before claiming the airdrop, strongly suggesting a Sybil attack by a single entity. While no evidence links this activity to the project's core teams, the incident highlights persistent vulnerabilities in airdrop mechanics and could introduce future sell pressure from the concentrated tokens. Despite the findings, the token's price has shown short-term resilience.

ambcrypto03/20 16:57

ROBO airdrop under scrutiny as $8M linked to suspected sybil wallets

ambcrypto03/20 16:57

Inside the $3.6mln Venus Protocol exploit on BNB Chain

Venus Protocol on BNB Chain suffered a $3.6 million exploit after an attacker manipulated THE token liquidity using flash loans. Over several months, the attacker accumulated 14.5 million THE (84% of its circulating supply) and deposited it into Venus, artificially inflating its collateral value. By repeatedly borrowing against the inflated collateral and buying more THE, the attacker drove up the oracle price, eventually borrowing $3.6 million in various assets. In response, Venus suspended the THE market and tightened collateral requirements for several high-risk tokens. This is not the first security issue for Venus, which lost $27 million in a 2025 phishing attack.

ambcrypto03/16 09:22

Inside the $3.6mln Venus Protocol exploit on BNB Chain

ambcrypto03/16 09:22

Post-Mortem of the Venus THE Attack: How to Profit in a Fleeting Window?

Approximately two hours ago, Venus Protocol's THE token was exploited using a classic Mango Markets-style price manipulation attack. The attacker targeted THE, a low-liquidity collateral asset, by depositing it, borrowing other assets, and using those to buy more THE, artificially inflating its price. Once the time-weighted average oracle updated, the inflated price allowed further leveraged borrowing. To bypass THE's borrowing cap, the attacker performed a "donation attack" by transferring THE directly to the vTHE contract, increasing the recognized collateral value. After the first manipulation phase, THE's price stabilized around $0.50. The attacker attempted to further amplify gains by continuing to buy THE, but mounting sell pressure limited price increases and pushed their health factor near 1.0, risking liquidation. The collateral, nominally valued around $30M, had extremely low liquidity, making large-scale liquidation at inflated prices impossible. Recognizing the situation, the writer opened a short position on THE with high leverage, anticipating a price collapse due to overvaluation, illiquidity, and forced selling. After liquidation, THE price plummeted to ~$0.24, below its pre-attack level, resulting in a ~$15K profit for the writer. Venus Protocol was left with ~$2M in bad debt. The attacker likely gained little or lost funds, though may have profited from off-chain positions. The event highlights that nominal collateral value in DeFi does not equal realizable value during liquidity crises.

marsbit03/16 08:37

Post-Mortem of the Venus THE Attack: How to Profit in a Fleeting Window?

marsbit03/16 08:37

Venus Protocol Detects $3.7M Supply Cap Attack on THE Pool

Venus Protocol detected a suspicious trading activity in its THE token liquidity pool on March 15. The incident, identified as a supply cap attack, occurred in two phases. First, the attacker accumulated approximately 84% of the total Thena token market capitalization. Then, they used these holdings as collateral to borrow other assets, including 6.67 million CAKE tokens, 1.58 million USDC, 2,801 BNB, and 20 Bitcoin, resulting in over $3.7 million in losses. Only the CAKE and THE pools were directly affected. In response, Venus halted all THE borrows and withdrawals, as well as those for other low-liquidity tokens. This attack represents a notable protocol-level exploit in DeFi for 2024.

TheNewsCrypto03/16 05:18

Venus Protocol Detects $3.7M Supply Cap Attack on THE Pool

TheNewsCrypto03/16 05:18

Crypto Warning: Bonk.fun Domain Hack Exposes Solana Traders To Wallet Drain

Crypto platform Bonk.fun suffered a domain hijacking attack on March 12, 2026, exposing users to a wallet-draining exploit. Hackers injected a malicious script on the website, prompting users to sign a fake "Terms of Service" agreement, which, when approved, allowed the attackers to steal funds. The team confirmed that only users who interacted with the fraudulent prompt after the hack were affected, and losses were reported as minimal. The breach was attributed to a Web2 infrastructure failure rather than a smart contract exploit. This incident highlights the growing threat of approval-phishing and domain hijacking attacks in the crypto space, underscoring the need for heightened user caution and improved security practices.

bitcoinist03/14 13:01

Crypto Warning: Bonk.fun Domain Hack Exposes Solana Traders To Wallet Drain

bitcoinist03/14 13:01

活动图片

Technology Trends

Project Updates