Dexible Project Contract Attack: Beosin Trace Identifies Hackers and Warns Users

02/17/2023 08:36 • Tech Trends • 83 views

On February 17, according to the Beosin EagleEye security risk monitoring, early warning and blocking platform monitoring of Beosin, a blockchain security audit company, the Dexible project contract was attacked by hackers. The Beosin security team found that there is a logical vulnerability in the Dexible contract selfSwap function, which will call the fill function. This function contains a call to the attacker’s customized data. The attacker constructed a transferfrom function in this data, and passed in the address of other users (0x58f5f0684c381fcfc203d77b2bba468ebb29b098) and his attack address (0x684083f312ac50f538cc4b634d85a2feafaab77a), The token authorized by the user to the contract was transferred by the attacker. The stolen funds were 1.54 million yuan. Beosin Trace tracked and found that the attacker had transferred the stolen funds to Tornado Cash. Beosin reminds users: cancel the token authorization of the address 0xde62e1b0edaa55aac5ffbe21984d321706418024 to prevent theft.

The Dexible project was attacked and the stolen funds were about $1.54 million

Analysis based on this information:

Blockchain security audit company, Beosin, recently reported an attack on the Dexible project contract on February 17. According to the Beosin EagleEye security risk monitoring platform, the Dexible project contract was hacked, resulting in the theft of 1.54 million yuan. Upon investigation, Beosin security team traced the vulnerability in the Dexible contract selfSwap function, which called the fill function that contained a call to the attacker’s customized data. The attacker used this function to construct a transferfrom function that transferred the token authorized by the user to the contract to the attacker’s address.

Beosin identified the attacker’s address (0x684083f312ac50f538cc4b634d85a2feafaab77a) and the address of other users (0x58f5f0684c381fcfc203d77b2bba468ebb29b098) whose tokens were authorized and stolen. Fortunately, Beosin Trace managed to track the stolen funds to Tornado Cash, which will make it easier to take further action.

Beosin has warned users to cancel the token authorization of the address 0xde62e1b0edaa55aac5ffbe21984d321706418024 to prevent theft. The company responded promptly to the attack and was able to identify the attacker and locate the stolen funds. This shows the importance of blockchain security audit companies in ensuring the security of the blockchain.

In conclusion, the attack on the Dexible project contract highlights the importance of cybersecurity in the blockchain industry. While the anonymity of blockchain transactions can be beneficial, it also provides a cover for attackers who can steal funds through logical vulnerabilities. Companies like Beosin play an important role in maintaining the security of blockchain transactions by monitoring risks, providing early warning, and identifying and locating attackers. Organizations and individuals in the blockchain industry should take cybersecurity seriously and work together to enhance the security of the blockchain ecosystem.

This article and pictures are from the Internet and do not represent aiwaka's position. If you infringe, please contact us to delete:https://www.aiwaka.com/2023/02/17/dexible-project-contract-attack-beosin-trace-identifies-hackers-and-warns-users/

It is strongly recommended that you study, review, analyze and verify the content independently, use the relevant data and content carefully, and bear all risks arising therefrom.

Dexible Project Contract Attack: Beosin Trace Identifies Hackers and Warns Users

The Dexible project was attacked and the stolen funds were about $1.54 million

Recommended articles