KiloEx releases summary of hacker incident: TrustedForwarder contract in smart contracts has vulnerabilities

金色财经|Apr 21, 2025 11:07

On April 21st, KiloEx released a root cause analysis and post event summary of a hacking incident. The incident was caused by the TrustedForwarder contract in its smart contract inheriting the MinimalForwarderUpgradeable from OpenZeppelin but not rewriting the execute method, which allowed the function to be called arbitrarily. The attack occurred on April 14th from 18:52 to 19:40 (UTC), and the hacker carried out the attack by deploying attack contracts on multiple chains including opBNB, Base, BSC, Taiko, B2, and Manta. After negotiation, the hacker agreed to retain a 10% bounty and has returned all stolen assets (including USDT, USDC, ETH, BNB, WBTC, and DAI) to the multi signature wallet designated by KiloEx.

+4

Mentioned

|

APP

Windows

Mac

Share To

X

Telegram

Facebook

Reddit

CopyLink

|

Share To

Timeline

Apr 25, 01:21【Anza reports vulnerabilities in precompiled programs in Solana virtual machines】

Apr 24, 23:50【Exploration into the Relationship between Block Rewards and System Security】

Apr 24, 06:56【Truflation vulnerability user redeems 4.5 WBTC for 230 ETH】

Apr 23, 20:27【BNB has a vulnerability, exhausting $60000】

Apr 23, 16:20【Account takeover attacks are increasing】

Apr 23, 07:37【Solana staking amount exceeds ETH】

Apr 22, 19:16【Xrpl JavaScript Inventory in Potential Security Vulnerabilities】

Apr 22, 19:08【XRPL JavaScript library version reveals serious vulnerability】

Apr 22, 08:44【The fun and benefits of discovering Web3 vulnerabilities】

Apr 21, 15:16【The Deep Logic and Future Prospects of the Failure of Blockchain Social Platforms】

HotFlash

|

APP

Windows

Mac

Share To

X

Telegram

Facebook

Reddit

CopyLink

APP

Windows

Mac

X

Telegram

Facebook

Reddit

CopyLink

Hot Reads