This attack is mainly because the keeper of the EthCrossChainData contract can be modified by the EthCrossChainManager contract, and the verifyHeaderAndExecuteTx function of the EthCrossChainManager contract can execute the data passed in by the user through ...
the _executeCrossChainTx function. Therefore, the attacker uses this function to pass in carefully constructed data to modify the keeper of the EthCrossChainData contract. It is not the case that this event occurred due to the leakage of the keeper's private key.
• • •
Missing some Tweet in this thread? You can try to
force a refresh
1)The cross-chain interoperability protocol @PolyNetwork2 was attacked, and a total of more than 610 million US dollars were transferred to 3 addresses. The impact caused the transfer of large assets of the O3 Swap cross-chain pool.
2)The SlowMist security team has grasped the attacker's mailbox, IP, and device fingerprints through on-chain and off-chain tracking, and is tracking possible identity clues related to the Poly Network attacker.
3)With the technical support of SlowMist’s partner Hoo and multiple exchanges, we found that the hacker’s initial source of funds was Monero (XMR), which was then exchanged to BNB / ETH / MATIC on the exchanges.
1/ Speculations for IOTA user Trinity wallet coin stolen attack
Due to the recent coin theft of many users' Trinity wallets, IOTA has suspended the mainnet coordinator for ceasing the attack, investigating, and repairing specific problems. @evilcos@iotatoken
2/ This is a classic attack that is underestimated. The official claims did not disclose specific details of the attack, but through our analysis, we can make some important speculations. First of all, a few points can be made clear:
3/ 1st, It's not a problem of the IOTA blockchain protocol; it's a problem of IOTA's Trinity desktop wallet (from official claims, believe it first).