Một sự cố bảo mật nghiêm trọng đã xảy ra trên giao thức cho vay DeFi Moonwell sau khi mã hợp đồng thông minh được cho là có sự tham gia viết bởi mô hình AI Claude Opus 4.6. Theo kiểm toán viên hợp đồng thông minh Pashov, đoạn mã do Claude Opus 4.6 tạo ra chứa lỗ hổng nghiêm trọng, dẫn đến vụ khai thác gây thiệt hại khoảng 1,78 triệu USD.
Cụ thể, giá của cbETH đã bị thiết lập sai ở mức 1,12 USD thay vì khoảng 2.200 USD, tạo điều kiện cho kẻ tấn công thao túng hệ thống. Các bản pull request (PR) của dự án cho thấy một số commit được đồng tác giả bởi Claude, làm dấy lên khả năng đây là vụ hack đầu tiên liên quan đến mã Solidity theo phong cách “vibe-coding” do AI hỗ trợ.
Nhà sáng lập SlowMist, Cos, cho biết nguyên nhân bắt nguồn từ một lỗi cấp thấp trong công thức oracle price feed.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Gerelateerde artikelen
KelpDAO Advances on Recovery Plan, Prioritizes User Protection
Gate News message, April 23 — KelpDAO announced it is actively advancing a recovery solution following a recent security incident, with discussions progressing in a positive direction over the past few days. The project emphasized its core principle of "user first," stating that all subsequent
GateNews21m geleden
Aave Sees $15.1B Deposit Outflow in 3.5 Days After KelpDAO Exploit, Stani Kulechov Outlines Recovery Efforts
Gate News message, April 23 — Aave founder Stani Kulechov outlined coordinated recovery efforts on April 22 following the KelpDAO incident, stating that the platform's priority remains protecting users and achieving orderly market conditions. He noted that teams have been working continuously with m
GateNews1u geleden
Peter Schiff 稱 Strategy STRC 為龐氏騙局,批評 SEC 監管不力
比特幣批評者、黃金支持者 Peter Schiff 於 4 月 23 日在 X 平台發文,稱微策略(Strategy)推出的 STRC 永久優先股為「迄今為止最明顯的龐氏騙局」,並批評美國證券交易委員會(SEC)未能有效阻止 Michael Saylor 對 STRC 的推廣。
MarketWhisper1u geleden
China Investment Guarantee Issues Statement Denying Unauthorized Use of Name in Fake Financial Products
Gate News message, April 23 — China Investment Guarantee (CITIC Guarantee) issued a statement on April 23 clarifying that unauthorized individuals have falsely claimed the company is partnering with Nippon Life India Asset Management (Singapore) Pte. Ltd., commonly known as NAMS, and is
GateNews2u geleden
Vercel CEO Reports Broader Malware Distribution Following Security Investigation, API Keys Targeted
Gate News message, April 23 — Vercel CEO Guillermo Rauch announced that the company has completed an in-depth security investigation spanning nearly 1 petabyte of complete Vercel network and API logs, extending well beyond the initial Context.ai account breach.
The investigation revealed that
GateNews4u geleden
Crypto Hacks Fuel Wall Street Tokenization Debate
High-profile crypto exploits test DeFi risk yet unlikely derail tokenization; institutions favor permissioned chains, while broader tokenization must interoperate with DeFi; stablecoins face scrutiny and possible regulatory backlash.
CryptoFrontier13u geleden
