Fusion has confirmed that its legacy USDC vault was attacked, resulting in a loss of $336,000. Users will receive full compensation.

PANews reported on January 7th that, according to an official announcement from Fusion (by IPOR), its Fusion USDC optimizer Vault, deployed on Arbitrum, suffered a smart contract attack on January 6th, resulting in a loss of $336,000 USDC. The attacker exploited a missing validation vulnerability in the "fuse" logic of an older version of Vault, and used the EIP-7702 mechanism to manipulate administrator privileges, successfully injecting malicious logic modules and initiating a withdrawal, transferring funds to Tornado.Cash.

This vulnerability only affected an older Vault deployed 490 days ago; other vaults were unaffected. IPOR stated that the DAO's finances will compensate users for their losses, and they are collaborating with security teams such as SEAL, Hexagate, and Blockaid to track down the funds. The incident has been confirmed to be triggered by a combination of a logical error and EIP-7702 privilege abuse; a complete technical recap has been released.

Share to:

Author: PA一线

This content is for informational purposes only and does not constitute investment advice.

Follow PANews official accounts, navigate bull and bear markets together
Telegram Discussion Group
Telegram News Channel
@PANews
Recommended Reading
3 minute ago
10 minute ago
17 minute ago
1 hour ago
2 hour ago
2 hour ago

Popular Articles

Industry News
Market Trends
Curated Readings
Subscribe

Curated Series

App内阅读