Express
0G Foundation: Contract Attacked, Resulting in Theft of 520,000 0G Tokens
Summary: According to reports, 0G Foundation announced on X platform that on December 11, a targeted attack destroyed its reward contract. The attacker exploited the emergency withdrawal function of the 0G reward contract used for distributing alliance rewards, stealing 520,010 $0G tokens, which were then bridged and dispersed through Tornado Cash. The attacker obtained the leaked ...
According to reports, 0G Foundation announced on X platform that on December 11, a targeted attack destroyed its reward contract. The attacker exploited the emergency withdrawal function of the 0G reward contract used for distributing alliance rewards, stealing 520,010 $0G tokens, which were then bridged and dispersed through Tornado Cash. The attacker obtained the leaked private key in an Alibaba Cloud instance responsible for managing NFT status and reward updates, storing the private key locally. Due to a severe vulnerability in Next.js (CVE-2025-66478) exploited on December 5, multiple Alibaba Cloud instances were compromised. The attacker moved laterally through internal IP addresses, affecting services such as calibration, validator nodes, Gravity NFT services, node sales services, computing, Aiverse, Perpdex, Ascend, and more. The total confirmed losses amount to 520,010 $0G tokens, 9.93 ETH, and $4,200 USDT. Apart from the reward distribution contract, core chain infrastructure or user funds were not affected.
Tags:
Link: 0G Foundation: Contract Attacked, Resulting in Theft of 520,000 0G Tokens [Copy]
