Summary
- ZeroG said 520,010 tokens were stolen in a reward contract attack.
- The foundation said the cause of the theft was a private key leaked from an AliCloud instance.
- The hack did not affect user funds, and the foundation said it immediately implemented enhanced security measures.
ZeroG (0G) disclosed that it was hacked.
On the 13th (Korean time), the ZeroG Foundation said on X (formerly Twitter) that "one of the reward contracts was compromised in a targeted attack on the 11th," and added, "the hacker exploited the emergency withdrawal function of ZeroG's reward contract to steal 520,010 tokens. The stolen tokens were subsequently distributed through Tornado Cash."
The 0G Foundation pointed to a private key leaked from an AliCloud instance as the cause of the attack. The ZeroG Foundation said, "that instance manages non-fungible token (NFT) status and reward updates. The private key was stored locally, and it was attacked, causing a security issue."
However, it was reported that no user funds were lost in this hack. The foundation explained, "although there was theft, it did not affect core chain infrastructure or user funds," and said, "we have immediately strengthened security solutions and will use this incident as a lesson to further strengthen security processes going forward."
Uk Jin
wook9629@bloomingbit.ioH3LLO, World! I am Uk Jin.
