Venus发布黑客攻击手段初步分析,并将7个市场的抵押因子降至0
BlockBeats 消息,3 月 16 日,Venus Protocol 发布 THE 资金池异常活动后续进展。除此前已暂停 THE 借款与提取外,目前还已将 7 个市场的抵押因子(CF)降至 0,预防措施针对单一用户持有抵押品比例过高的市场,7 个市场分别为 BCH、LTC、UNI、AAVE、FIL 、TWT 以及 lisUSD,其他所有市场均未受影响,继续正常运营。
对于攻击手段初步判定为,攻击者从 2025 年 6 月开始,通过正常存款流程缓慢积累 THE 代币,最终持有上限的 84%(约 1220 万枚 THE)。昨日黑客直接将 THE 代币转入协议合约,瞬间将供应量推高,形成巨额抵押品。并进行递归循环价格操纵,利用链上 THE 流动性极低叠加 TWAP 预言机延迟,黑客启动循环:存入 THE、借出其他资产、利用借出资产在链上买更多 THE 、等待 TWAP 预言机更新并推高价格。
Venus 表示,始终致力于透明度,调查结束后将发布完整报告。
Disclaimer: OKX Orbit content is provided for informational purposes only. Learn more
Replies
Related Flash News
ChainCatcher•6h agoKelp: rsETH recovery makes key progress, with multiple DeFi protocols collectively liquidating attacker positions
ChainCatcher•17h agoDelphi Digital: Aave's three core markets have structural problems, with an annualized loss of about $52 million
ChainCatcher•20h agoStandard Chartered Bank: It is expected that the scale of on-chain tokenized assets will reach $4 trillion by the end of 2028, and DeFi protocols will be the biggest beneficiaries
币界网•1d agoAAVE恢复WETH借贷,Kelp DAO恢复进展
Odaily•3d agoThe Multicoin Capital address transferred 286,000 AAVE to Coinbase Prime, worth $26.68 million
TechFlow•3d agoMulticoin Capital transferred 150,000 AAVE to cause the price to drop by 7%, and then Galaxy Digital bought back 98,000 at a low price
ChainCatcher•4d agoAave Upgrade Bug Bounty Program: The maximum bounty for critical vulnerabilities in V4 and Core V3 will be increased by 5 times
ChainCatcher•4d agoGate Research Institute: The crypto market recovered in April, with RWA and on-chain capital flows becoming the focus
ChainCatcher•5d agoAave V4 plans to access Babylon to enable native BTC lending, freeing itself from the dependence on wrapped tokens
TechFlow•5d agoAave: The cross-chain between rsETH mainnet and L2 has been reopened