Hyperbridge:本次攻击事件漏洞源于Merkle证明验证逻辑缺陷
BlockBeats 消息,4 月 13 日,区块链互操作协议 Hyperbridge 披露此前 DOT 攻击事件详情,损失约 23.7 万美元。漏洞根源在于 HandlerV1 合约 VerifyProof()函数缺少输入验证,未对 leaf_index < leafCount 进行校验,导致攻击者可伪造 Merkle 证明。攻击者借此获得以太坊上桥接 DOT 代币合约的管理员权限,随即增发 10 亿枚桥接 DOT(为合法流通量约 35.6 万枚的 2800 余倍),并在去中心化交易所套现。Hyperbridge 表示,目前正与安全合作方追踪资金,跨链功能将持续暂停至调查完成。
Disclaimer: OKX Orbit content is provided for informational purposes only. Learn more
Replies
Related Flash News
Blockbeats•4h agoPolkadot OpenGov plans to require validators to self-stake at least 10,000 DOT
TechFlow•17d ago21Shares launches the first ETF in the United States to track the native token of Canton Network
Odaily•27d agoBinance will delist five margin trading pairs, including TRX/ETH, in May 2026
TechFlow•27d agoBinance Leverage will remove multiple trading pairs such as TRX/ETH, LINK/ETH, etc
Blockbeats•35d agoMonad Lianchuang: If the collateral supply is set a rate limit, today's rsETH event can avoid a loss of about $200 million
TechFlow•39d agoHyperbridge: Raised vulnerability losses to approximately $2.5 million, with some funds traced to Binance
TechFlow•40d agoBridged Polkadot 漏洞攻击者将 26.9 万美元赃款转入 Tornado Cash
ChainCatcher•41d agoData: The top 100 crypto tokens by market cap today are up and down
Odaily•41d agoHyperbridge confirmed that Token Gateway was exploited and the bridge service has been suspended
Blockbeats•41d agoA trader bought the bottom of DOT on the chain and made a profit of $150,000 at a cost of $600