News

Nymex WTI crude oil futures main contract fell by 1.01% intraday, quoted at $90.38 per barrel.

According to ChainCatcher, MistTrack founder 余弦 stated in a post that the attack on Asterix is similar to the ones on Flooring Protocol and BMP yesterday (their underlying protocols being DN404 and BT404 respectively), involving high-value NFT ID position overflow and reuse operations. It appears the attacker is searching for common vulnerabilities. It is reported that Asterix disclosed an attack incident affecting the ASTX token contract yesterday, stating that its Uniswap v4 liquidity pool was attacked on June 8, with the attacker stealing around 30 ETH through 242 transactions. The vulnerability was due to the lack of restrictions on token ID approval operations in early versions of DN404. The attacker exploited outdated token approvals, repeatedly selling tokens in the pool to obtain ETH, then forging IDs to extract equivalent tokens, with this loop eventually depleting the funds. The smart contract is immutable and cannot be patched. The team recommends users stop interacting with the current pool and token, and they are planning to migrate and deploy a secure token. The team suspects the attacker used a jailbroken AI tool for fuzz testing to discover unconventional logic paths.

BlockBeats news, on June 9, according to Blockaid monitoring, the Humanity attacker has now taken over the proxy admin rights of the H token on the BSC chain, additionally issuing 100 million H (approximately 12.9 million US dollars) to a new wallet, thereby expanding the scope of the attack.