KiloEx Releases Hack Incident Analysis: Due to a missing function override in the smart contract, the attacker was able to steal assets cross-chain and has since returned 90%.

Blockbeats

昨天

BlockBeats News, April 21, KiloEx released a report on the root cause of the hack on April 21. The report pointed out that the incident was caused by the TrustedForwarder contract in its smart contract inheriting from OpenZeppelin's MinimalForwarderUpgradeable but failing to override the execute method, allowing this function to be called arbitrarily. The attack occurred from 18:52 to 19:40 (UTC) on April 14, with the attacker deploying malicious contracts on chains such as opBNB, Base, BSC, Taiko, B2, and Manta.

After negotiating with the attacker, KiloEx agreed to let them keep 10% as a bounty, and the remaining assets (including USDT, USDC, ETH, BNB, WBTC, and DAI) have all been returned to the project's multi-sig wallet. The platform has completed the vulnerability fix and resumed operations.

免责声明：投资有风险，本文并非投资建议，以上内容不应被视为任何金融产品的购买或出售要约、建议或邀请，作者或其他用户的任何相关讨论、评论或帖子也不应被视为此类内容。本文仅供一般参考，不考虑您的个人投资目标、财务状况或需求。TTM对信息的准确性和完整性不承担任何责任或保证，投资者应自行研究并在投资前寻求专业建议。

热议股票

1
2
3
4
5
6
7
8
9
10

{"basename":"/hans","ssrTDKData":{"titleTemplate":"%s - 老虎证券","title":"老虎证券全球投资理财平台| 一站式投资美股新股港股A股","description":"老虎证券助您一站式投资美股，新股，港股，A股等全球金融理财产品。新加坡华人最信赖的在线投资平台，现在加入即享低费用，24/5 无时差炒美股投资理财！","keywords":"老虎证券,老虎证券开户,老虎券商,老虎证券官网,老虎证券app,tigertrade老虎证券,股票,炒股,新加坡股票交易平台,投资,投资理财","social":{"ogDescription":"老虎证券助您一站式投资美股，新股，港股，A股等全球金融理财产品。新加坡华人最信赖的在线投资平台，现在加入即享低费用，24/5 无时差炒美股投资理财！","ogImage":"https://c1.itigergrowtha.com/portal5/static/media/og-logo.be62fbe1.png","ogUrl":"https://www.itiger.com/hans/news/2529872910"},"companyName":"老虎证券"},"pageData":{"isMobile":false,"isTiger":false,"isTTM":true,"region":"SGP","license":"TBSG","edition":"fundamental"},"__swrFallback__":{"@#url:\"https://stock-news.skytigris.cn/v3/news\",params:#id:\"2529872910\",edition:\"fundamental\",,,undefined,":{"share":"https://ttm.financial/m/news/2529872910?lang=zh_CN&edition=fundamental","thumbnail":"","is_english":true,"pubTime":"2025-04-21 19:02","share_image_url":"https://static.laohu8.com/e9f99090a1c2ed51c021029395664489","id":"2529872910","market":"us","top_or_hot":-1,"title":"KiloEx Releases Hack Incident Analysis: Due to a missing function override in the smart contract, the attacker was able to steal assets cross-chain and has since returned 90%.","media":"Blockbeats","content":"<html><body><div><p>BlockBeats News, April 21, KiloEx released a report on the root cause of the hack on April 21. The report pointed out that the incident was caused by the TrustedForwarder contract in its smart contract inheriting from OpenZeppelin's MinimalForwarderUpgradeable but failing to override the execute method, allowing this function to be called arbitrarily. The attack occurred from 18:52 to 19:40 (UTC) on April 14, with the attacker deploying malicious contracts on chains such as opBNB, Base, BSC, Taiko, B2, and Manta.</p><p>After negotiating with the attacker, KiloEx agreed to let them keep 10% as a bounty, and the remaining assets (including USDT, USDC, ETH, BNB, WBTC, and DAI) have all been returned to the project's multi-sig wallet. The platform has completed the vulnerability fix and resumed operations.</p></div></body></html>","source":"theblockbeats_live","html":"<!DOCTYPE html>\n<html>\n<head>\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\" />\n<meta name=\"viewport\" content=\"width=device-width,initial-scale=1.0,minimum-scale=1.0,maximum-scale=1.0,user-scalable=no\"/>\n<meta name=\"format-detection\" content=\"telephone=no,email=no,address=no\" />\n<title>KiloEx Releases Hack Incident Analysis: Due to a missing function override in the smart contract, the attacker was able to steal assets cross-chain and has since returned 90%.</title>\n<style type=\"text/css\">\na,abbr,acronym,address,applet,article,aside,audio,b,big,blockquote,body,canvas,caption,center,cite,code,dd,del,details,dfn,div,dl,dt,\nem,embed,fieldset,figcaption,figure,footer,form,h1,h2,h3,h4,h5,h6,header,hgroup,html,i,iframe,img,ins,kbd,label,legend,li,mark,menu,nav,\nobject,ol,output,p,pre,q,ruby,s,samp,section,small,span,strike,strong,sub,summary,sup,table,tbody,td,tfoot,th,thead,time,tr,tt,u,ul,var,video{ font:inherit;margin:0;padding:0;vertical-align:baseline;border:0 }\nbody{ font-size:16px; line-height:1.5; color:#999; background:transparent; }\n.wrapper{ overflow:hidden;word-break:break-all;padding:10px; }\nh1,h2{ font-weight:normal; line-height:1.35; margin-bottom:.6em; }\nh3,h4,h5,h6{ line-height:1.35; margin-bottom:1em; }\nh1{ font-size:24px; }\nh2{ font-size:20px; }\nh3{ font-size:18px; }\nh4{ font-size:16px; }\nh5{ font-size:14px; }\nh6{ font-size:12px; }\np,ul,ol,blockquote,dl,table{ margin:1.2em 0; }\nul,ol{ margin-left:2em; }\nul{ list-style:disc; }\nol{ list-style:decimal; }\nli,li p{ margin:10px 0;}\nimg{ max-width:100%;display:block;margin:0 auto 1em; }\nblockquote{ color:#B5B2B1; border-left:3px solid #aaa; padding:1em; }\nstrong,b{font-weight:bold;}\nem,i{font-style:italic;}\ntable{ width:100%;border-collapse:collapse;border-spacing:1px;margin:1em 0;font-size:.9em; }\nth,td{ padding:5px;text-align:left;border:1px solid #aaa; }\nth{ font-weight:bold;background:#5d5d5d; }\n.symbol-link{font-weight:bold;}\n/* header{ border-bottom:1px solid #494756; } */\n.title{ margin:0 0 8px;line-height:1.3;color:#ddd; }\n.meta {color:#5e5c6d;font-size:13px;margin:0 0 .5em; }\na{text-decoration:none; color:#2a4b87;}\n.meta .head { display: inline-block; overflow: hidden}\n.head .h-thumb { width: 30px; height: 30px; margin: 0; padding: 0; border-radius: 50%; float: left;}\n.head .h-content { margin: 0; padding: 0 0 0 9px; float: left;}\n.head .h-name {font-size: 13px; color: #eee; margin: 0;}\n.head .h-time {font-size: 11px; color: #7E829C; margin: 0;line-height: 11px;}\n.small {font-size: 12.5px; display: inline-block; transform: scale(0.9); -webkit-transform: scale(0.9); transform-origin: left; -webkit-transform-origin: left;}\n.smaller {font-size: 12.5px; display: inline-block; transform: scale(0.8); -webkit-transform: scale(0.8); transform-origin: left; -webkit-transform-origin: left;}\n.bt-text {font-size: 12px;margin: 1.5em 0 0 0}\n.bt-text p {margin: 0}\n</style>\n</head>\n<body>\n<div class=\"wrapper\">\n<header>\n<h2 class=\"title\">\nKiloEx Releases Hack Incident Analysis: Due to a missing function override in the smart contract, the attacker was able to steal assets cross-chain and has since returned 90%.\n</h2>\n\n<h4 class=\"meta\">\n\n\n2025-04-21 19:02 GMT+8&nbsp;&nbsp;&nbsp;<a href=https://www.theblockbeats.info//en/flash/290564><strong>Blockbeats</strong></a>\n\n\n</h4>\n\n</header>\n<article>\n<div>\n<p>BlockBeats News, April 21, KiloEx released a report on the root cause of the hack on April 21. The report pointed out that the incident was caused by the TrustedForwarder contract in its smart ...</p>\n\n<a href=\"https://www.theblockbeats.info//en/flash/290564\">网页链接</a>\n\n</div>\n\n\n</article>\n</div>\n</body>\n</html>\n","isBrief":false,"type":0,"news_type":1,"symbol":"FT_SY_BTC","symbol_name":"CME比特币","start_time":0,"source_url":"https://www.theblockbeats.info//en/flash/290564","article_id":"2529872910","we_media_id":null,"thumbnails":[],"rights":null,"url":"https://stock-news.laohu8.com/highlight/detail?id=2529872910","pubTimestamp":1745233320,"columns":[],"sourceInfo":{"source_id":"theblockbeats_live","name":"Blockbeats快讯"},"weMediaInfo":null,"summary":"BlockBeats News, April 21, KiloEx released a report on the root cause of the hack on April 21. The report pointed out that the incident was caused by the TrustedForwarder contract in its smart contrac","collect":0,"end_time":0,"defaultTopTitle":"theblockbeats.info","property":[],"viewcount":null,"language":"en","relate_stocks":{"BK4601":"加密货币现货ETF","ETH":"迷你以太坊ETF-Grayscale","USDC":"USDATA Corp.","BTC":"Grayscale Bitcoin Mini Trust"},"translate_title":"KiloEx发布黑客事件分析：由于智能合约中缺少功能覆盖，攻击者能够跨链窃取资产，此后已返还90%。","themeId":null,"isJumpTheme":false,"ttsUrl":null,"symbols_score_info":{"BTC":1,"ETH":1,"BTCmain":1,"XBTmain":1,"USDC":1},"content_text":"BlockBeats News, April 21, KiloEx released a report on the root cause of the hack on April 21. The report pointed out that the incident was caused by the TrustedForwarder contract in its smart contract inheriting from OpenZeppelin's MinimalForwarderUpgradeable but failing to override the execute method, allowing this function to be called arbitrarily. The attack occurred from 18:52 to 19:40 (UTC) on April 14, with the attacker deploying malicious contracts on chains such as opBNB, Base, BSC, Taiko, B2, and Manta.After negotiating with the attacker, KiloEx agreed to let them keep 10% as a bounty, and the remaining assets (including USDT, USDC, ETH, BNB, WBTC, and DAI) have all been returned to the project's multi-sig wallet. The platform has completed the vulnerability fix and resumed operations.","kind":"highlight","is_publish_news":true,"is_publish_highlight":false,"is_publish_live":false,"is_publish_wemedia":null,"editions":null,"column":"","sentiment":"0","news_tag":"","news_rank":0,"symbols":[],"gpt_button":1,"code":"91000000","status":"200"}}}