تم استغلال Clober، وهو سوق لا مركزي على Base، مقابل 133 ETH. عرض الفريق على القبعة البيضاء رسومًا بنسبة 20٪ لاستعادة الوصول إلى الأموال.
إحدى خزائن السيولة في Clober، وهي منصة DEX على السلسلة الأساسية، تعرضت مؤخرًا لاستغلال. تمكن المتسلل من سحب 133 عملة ETH ملفوفة في معاملة واحدة.
🚨 عاجل: تنبيه لخرق أمني 🚨
نأسف لإبلاغ مجتمعنا بأن Clober Liquidity Vault قد تم اختراقه في خرق أمني.
نريد أن نطمئن مستخدمينا بأن بروتوكول Clober نفسه لم يتأثر، وأن جميع الوظائف الأساسية تستمر في العمل...
— كلوبر | CLOB DEX متصل بالكامل بالسلسلة (@CloberDEX) 10 ديسمبر 2024
After the exploit, the funds were bridged back to the Ethereum main chain, which has a lot of paths for mixing or trading.
The protocol claimed no other features of the protocol were unaffected, and did not make any call for users to take any further extra steps.
Base is one of the relatively safer chains with few reported exploits. However, the growth of its DeFi sector has increased the frequency of attempts to steal valuable funds. As with other exploits, scammers may try to post phishing links attempting to drain wallets.
In addition to Base, Clober has built an Arbitrum version, which remains unaffected by the hack. Clober Core and the Mitosis testnet are also safe and will not be frozen or stopped.
The vault in question has been drained, and no other funds are at risk. The Clober V2 vault is still operational and is currently building up its value locked, based on Messari data. That vault contains a little over $17K.
Despite the call for a white hat fee, the hacker retained the funds. The team contacted the hacker directly through the Ethereum chain with a message to resolve the issue.
The project is working with Match Systems for a potential white hat solution, where the hacker receives a fee but returns most of the liquidity.
Hacker used burn function flaw to steal funds
To complete the exploit, the Clober hacker deposited just 2.87 ETH from Binance. After withdrawing the funds, they moved through the Across protocol bridge, ending up on two Ethereum addresses.
The two addresses (1 &2) were created specifically for the bridge transaction to take the funds out of Base and onto the Ethereum mainnet.
According to PeckShield, the hack was possible due to issues with the burn function, which allowed the withdrawal call.
Clober offered fully on-chain order books
Clober is still an early-stage protocol with relatively low liquidity. Its liquidity vault is now practically empty. The protocol also onboarded the liquidity as late as December 9, based on DeFi Llama data. The hack happened a day later, suggesting the hacker may have been closely following the protocol.
The past few days saw similar exploits for relatively small sums. The recent events have exploited logic flaws in smart contracts, leading to relatively easy attempts to drain funds.
The recent exploit happened just days after Clober completed an audit of its smart contracts. It hired Kupia Security for the audit, a firm known for multiple bug bounties for high-profile projects.
Just days before that, Clober also advertised its liquidity vault approach, which aimed to smooth out DEX activity and swaps. At the time, it boasted that its $500K liquidity could generate volumes of $1.2M in 24 hours, serving to complete trades more efficiently. It was precisely this available liquidity that the exploiter carted away.
The Clober liquidity vault was first launched on Base just over a week ago, with the goal of replacing the usual Automated Market Makers (AMM) for DEX trades. Clober was also highly active with its promotion, specifically drawing attention to its targeted liquidity approach and the potential for high volumes.
Clober launched just after Base had achieved a new record in value locked, with its DeFi sector now carrying $3.86B in TVL. Clober aims to offer a model similar to Aerodrome, where targeted liquidity achieves much higher volumes, by targeting the most common price range for traders.
Land a High-Paying Web3 Job in 90 Days: The Ultimate Roadmap