Security agency: Aurelion Labs contract suffered a reentrancy initialization attack, resulting in the loss of approximately 455,000 USDC.

PA一线
PA一线

PANews reported on May 12 that blockchain security firm SlowMist tweeted that Aurelion Labs' Diamond contract was compromised because the `initialize(address)` function in the SafeOwnable Facet was not protected. An attacker re-entered the initialization, altered the contract owner, and executed `diamondCut` to inject a malicious Facet containing `pullERC20`, thereby transferring authorized USDC assets. SlowMist stated that affected contracts include addresses such as 0x0adc63e7… (victim contract), 0x2e933518…, 0xa90714a1…, and 0xeced2d37…, while the attacker's address was 0x9f49591a3b…, resulting in a loss of approximately 455,003 USDC.

Share to:

Author: PA一线

This content is for market information only and is not investment advice.

Follow PANews official accounts, navigate bull and bear markets together
Telegram Discussion Group
Telegram News Channel
@PANews
Recommended Reading
PA一线

PA一线

SlowMist: node-ipc has been compromised again, with three malicious versions carrying credentials to steal the load.
PA一线

PA一线

Coinbase and Circle will push for USDC to be integrated into Hyperliquid AQAv2.
PA一线

PA一线

Block's Spiral has launched Loupe, an AI-powered vulnerability scanning tool.
PA一线

PA一线

Gate's stock trading section now features SOXL (3x Leveraged Semiconductor ETF) and BRKB (Berkshire Hathaway) perpetual contracts.
PA一线

PA一线

Coinbase will become the official USDC vault deployment provider on Hyperliquid.
PA一线

PA一线

US Treasury Secretary Bessant: The three major AI giants are cooperating well with the US government.

Popular Articles

Industry News
Market Trends
Curated Readings
Subscribe
PANews App
24/7 blockchain news tracking and in-depth analysis.
Download PANews App
App StoreGoogle Play
PANews APP
Dartmouth College disclosed holdings of $7.7 million in Bitcoin ETFs and $3.4 million in SOL ETFs.
PANews Newsflash