ChainCatcher 消息,据 GoPlus 监测,帐户抽象解决方案 Holdstation 遭遇供应链攻击,攻击者窃取开发者会话令牌,绕过双重认证,在应用更新中注入恶意代码,导致用户资金被盗。
此次攻击共造成 462,000 USDT 损失,攻击者地址为 0xcbfA60B39cfAeaE475f649fB6705bD477219bF8d。Holdstation 团队已暂停服务,承诺 100% 赔偿受影响用户,并正与安全团队合作调查事件,同时在链上发布消息,希望通过漏洞赏金计划促使攻击者归还资金。
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Articoli correlati
Kelp DAO 反駁 LayerZero 批評,Aave 壞帳最高達 2.3 億美元
Kelp DAO 於 4 月 21 日發布聲明,反駁 LayerZero 對其 1/1 DVN 配置的批評,將此次 2.92 億美元漏洞的根本責任指向 LayerZero 基礎設施。Aave 發布事件影響評估報告:損失均勻分配情境下約 1.24 億美元,損失集中在 L2 的情境下最高達 2.3 億美元。
MarketWhisper5m fa
DefiLlama 否認誇大指標,稱 Aave 數據已剔除循環流動性計算
KelpDAO 漏洞導致 Aave 總鎖定價值(TVL)從 2026 年 4 月 18 日的 264 億美元跌至 4 月 21 日約 170 億美元後,DefiLlama 創始人 0xngmi 在 X 平台正式回應外界有關其 Aave TVL 數據因循環流動性被誇大的指控,表示借出的代幣金額已從 TVL 中扣除。
MarketWhisper1h fa
Dune Analysis: 47% of LayerZero OApps Use Minimum 1-of-1 DVN Security Configuration
Analysis of LayerZero OApps post-KelpDAO hack reveals significant security issues, with 47% using the least secure 1-of-1 DVN tier. KelpDAO’s rsETH token also operates at this vulnerable level, exposing risks in single-validator architectures.
GateNews1h fa
Claude Desktop Installation Reportedly Writes Backdoor File to Chromium-Based Browsers
The Claude Desktop application by Anthropic installs a backdoor file in Chromium-based browsers without user consent, posing serious security and privacy risks by potentially allowing attackers to control users' browsers.
GateNews3h fa
Chinese National Arrested at Buenos Aires Airport for $49.4M Crypto Fraud Scheme
A Chinese national was arrested in Argentina for carrying a forged Paraguayan passport. He is wanted for orchestrating a $49.4 million cryptocurrency fraud in Nigeria, and extradition proceedings are being initiated.
GateNews3h fa
Lido EarnETH Vault Exposed to $21.6M rsETH Following Kelp Bridge Exploit, DAO Sets $3M Loss Protection
On April 18, a Kelp cross-chain bridge exploit led to the theft of $292 million in rsETH. Lido reported $21.6 million in exposure via its EarnETH vault, prompting Aave to freeze relevant markets. EarnETH has paused transactions and is deleveraging, while Lido's DAO treasury implemented a $3 million protection mechanism to cover potential losses. The core staking protocol remains unaffected.
GateNews3h fa
