PANews reported on June 9th that Yu Xian, founder of SlowMist, stated that the attack on Asterix was similar to those on Flooring Protocol and BMP yesterday (one using DN404 and the other BT404 in the underlying protocol), involving overflow and reuse of high-order NFT ID shift operations. It seems the attackers were looking for common vulnerabilities.

Asterix disclosed an attack yesterday affecting its ASTX token contract, stating that its Uniswap v4 liquidity pool was attacked on June 8th, with attackers stealing approximately 30 ETH through 242 transactions. The vulnerability stemmed from an early version of DN404 lacking checks on token ID restrictions for approved operations. Attackers exploited outdated token approvals, repeatedly selling tokens in the pool to obtain ETH, then using forged IDs to withdraw the same amount of tokens, repeating this cycle until the funds were exhausted. The smart contract is immutable and unpatched. The team advises users to cease interaction with the current pool and tokens and is planning to migrate and deploy a security token. The team suspects the attackers used a jailbroken AI tool to perform fuzz testing to discover unconventional logical paths.