coin-img-ETHETH+0.79%coin-img-BTCBTC+0.22%coin-img-SOLSOL+0.64%coin-img-XRPXRP-0.21%coin-img-UFOUFO-76.84%coin-img-HOGRUNHOGRUN-10.84%coin-img-USDCUSDC+0.01%coin-img-XAUTXAUT-1.61%coin-img-ETHETH+0.79%coin-img-BTCBTC+0.22%coin-img-SOLSOL+0.64%coin-img-XRPXRP-0.21%coin-img-UFOUFO-76.84%coin-img-HOGRUNHOGRUN-10.84%coin-img-USDCUSDC+0.01%coin-img-XAUTXAUT-1.61%coin-img-ETHETH+0.79%coin-img-BTCBTC+0.22%coin-img-SOLSOL+0.64%coin-img-XRPXRP-0.21%coin-img-UFOUFO-76.84%coin-img-HOGRUNHOGRUN-10.84%coin-img-USDCUSDC+0.01%coin-img-XAUTXAUT-1.61%coin-img-ETHETH+0.79%coin-img-BTCBTC+0.22%coin-img-SOLSOL+0.64%coin-img-XRPXRP-0.21%coin-img-UFOUFO-76.84%coin-img-HOGRUNHOGRUN-10.84%coin-img-USDCUSDC+0.01%coin-img-XAUTXAUT-1.61%

Alchemix Yearn yvVault user hit by $1M loss after malicious contract exploit

On-chain security firm PeckShield (@PeckShieldAlert) reported that an Alchemix Yearn yvVault position tied to $yvWETH was taken over, leading to an estimated $1 million loss. The incident traces back to the victim previously approving an unverified contract at 0x143a, deployed 10 days ago. PeckShield's reverse-engineering indicates the contract included a flaw that allowed arbitrary call execution, which the attacker used to transfer the victim's yvVault position. PeckShield has since published details of the vulnerable logic. Users are urged to review and revoke token approvals granted to unknown or unverified contracts to reduce asset risk.
Вибрані
ALCX
ALCX-1.73%
YFI
YFI+0.85%
Застереження: Вищенаведений вміст є лише думкою автора і не представляє позицію BingX. Він не повинен розглядатися як інвестиційна порада від BingX. Для отримання додаткової інформації перегляньте Умови.