CETUS協議在針對其定價機制的利用中損失了2.23億美元

區塊鏈分析公司Lookonchain透露，攻擊者從該協議中耗盡了超過2.6億美元的資金。

Cetus Protocol, a decentralized exchange (DEX) operating on the Sui Network, has suspended its smart contract operations after a serious security breach, according to a report by Bitcoin.com.

根據Bitcoin.com的一份報告，CETUS協議是在SUI網絡上運行的分散交易所（DEX），在嚴重的安全漏洞後暫停了其智能合同操作。

The platform confirmed the exploit on May 22 through its official X account, noting that the shutdown was necessary to prevent further fund loss, stating,

該平台通過其官方X帳戶在5月22日確認了該漏洞，並指出關閉是為了防止進一步的基金損失，指出，指出，指出，指出，指出，指出，指出，指出，指出，說明

🚨Alert Announcement 🚨

Alert公告🚨

There was an incident detected on our protocol and our smart contract has been paused temporarily for safety. The team is investigating the incident at the moment. A further investigation statement will be made soon. We are grateful for your patience.

在我們的協議上發現了一個事件，我們的智能合約已暫時暫停為了安全。該團隊目前正在調查事件。將很快發表進一步的調查聲明。我們感謝您的耐心。

— Cetus (@CetusProtocol) May 22, 2023

- Cetus（@cetusprotocol）2023年5月22日

The exploit, which has been widely discussed on social media, saw an attacker steal over $260 million from the protocol, according to blockchain analytics firm Lookonchain.

根據區塊鏈分析公司LookOnchain的說法，該攻擊者從協議中竊取了超過2.6億美元的攻擊者。

The stolen assets are reportedly being swapped into USDC and bridged to Ethereum, where they are exchanged for ETH.

據報導，被盜資產被交換為USDC並橋接到以太坊，在那裡它們被交換為ETH。

At the time of reporting, approximately $60 million in USDC had already been transferred across chains, Lookonchain reported.

據Lookonchain報導，在報告時，大約有6000萬美元的USDC已經轉移了鏈條。

The hacker stole about $260M from Cetus and is now swapping it to USDC and bridging it to Ethereum to exchange for ETH.

這位黑客從CETUS偷走了約2.6億美元，現在將其交換給USDC，並將其橋接給以太坊以換取ETH。

The hacker has already bridged about $60M USDC to Ethereum.https://t.gov/uR7GV8jM8z

黑客已經將大約6000萬美元的貨幣橋接到Ethereum.https：//t.gov/ur7gv8jm8z

— Lookonchain (@Lookonchain) May 22, 2023

- lookonchain（@lookonchain）2023年5月22日

Data from DeFiLlama supports this, showing a steep drop in the platform’s total value locked (TVL), which fell by more than $200 million to around $75 million.

Defillama的數據支持了這一點，顯示該平台的總價值鎖定（TVL）急劇下降，該價值下降了超過2億美元，至7500萬美元左右。

Meanwhile, Cetus Protocol’s native token, CETUS, plunged over 24% to $0.15 as of press time, according to CryptoSlate’s data.

同時，根據隱板板岩的數據，CETUS協議的本地令牌CETUS CETUS截至發稿時間跌至24％至0.15美元。

The exploit also triggered a broader selloff in the Sui ecosystem, with seven out of 11 Sui-based tokens tracked by CryptoSlate registering losses of around 5% or more.

該漏洞還引發了SUI生態系統中的更廣泛的拋售，在11個基於SUI的令牌中，有7個由加密皮套的註冊損失約為5％或更多。

Rosco Kalis, the founder of Revoke Cash, pointed out:

Revoke Cash的創始人Rosco Kalis指出：

The stolen funds mostly belonged to the LPs of the DEX. But this also caused a lot of Sui token prices to crash, affected normal users as well. The SUI token itself seems to be holding up relatively fine so far though, only down slightly for the day. https://t.gov/b289BmM73j

被盜的資金主要屬於DEX的LP。但這也導致了許多SUI代幣價格崩潰，也影響了普通用戶。到目前為止，SUI代幣本身似乎在相對較好的情況下，只有一天的時間略有下降。 https://t.gov/b289bmm73j

— Rosco Kalis (@RoscoKalis) May 22, 2023

- 羅斯科·卡利斯（Rosco Kalis）（@roscococalis）2023年5月22日

How Cetus was exploited

Cetus是如何利用的

Early analysis suggests the exploit may be linked to a flaw in the protocol’s pricing mechanism.

早期分析表明，利用可能與協議定價機制中的缺陷有關。

Alex Horlan, CTO of web3 security firm HackenProof, explained that the attacker likely used a near-zero liquidity injection to manipulate the pools’ internal state. This allowed them to extract valuable SUI and USDC tokens without contributing real assets.

Web3安全公司Hackenproof的首席技術官Alex Horlan解釋說，攻擊者可能使用接近零的流動性注入來操縱池的內部狀態。這使他們能夠在不貢獻實際資產的情況下提取有價值的SUI和USDC代幣。

He added that the team needs to:

他補充說，團隊需要：

Check the math behind addLiquidity, removeLiquidity, and swap functions — especially where they Compute token ratios, Round small values, and Handle tokens with decimals = 0.

檢查附加流體，去除液體和交換功能背後的數學 - 尤其是在計算令牌比，圓形值和以小數為單位= 0的令牌的情況下。

Earlier today, a member of the Cetus team posted to Discord that the platform was “not hacked, we’ve detected a bug in the oracle.” The general consensus among Crypto Twitter now appears to support oracle manipulation as the cause of the exploit.

今天早些時候，CETUS團隊的一名成員發佈到Discord上，該平台“沒有被黑客入侵，我們在Oracle中發現了一個錯誤”。現在，加密推特之間的一般共識似乎支持Oracle操縱作為剝削的原因。

Cetus Protocol employs a dual approach to oracles within its ecosystem:

CETUS協議在其生態系統中採用雙重方法：

* Internal oracle via concentrated liquidity pools: Cetus’s concentrated liquidity pools serve as an on-chain oracle by providing real-time liquidity data and historical price information. This mechanism allows external developers and platforms to access accurate market data derived directly from actual trading activities, reducing reliance on off-chain data sources, and is supposed to minimize risks associated with oracle manipulation.

*內部甲骨文通過集中流動性池：CETUS的集中流動性池通過提供實時流動性數據和歷史價格信息來充當鏈甲骨文。這種機制使外部開發人員和平台可以訪問直接從實際交易活動中得出的準確市場數據，從而減少對鍊鍊數據源的依賴，並應最大程度地減少與Oracle操縱相關的風險。

* Integration with Pyth Network: Cetus contributes its decentralized exchange (DEX) price data to the Pyth Network, a decentralized oracle solution.

*與Pyth網絡集成：CETUS將其分散交換（DEX）價格數據貢獻給Pyth Network，這是一種分散的Oracle解決方案。

As of press time, Pyth Network has not commented on the incident, so it is unclear whether the pricing issue originated from the on-chain oracles or Pyth.

截至發稿時，Pyth網絡尚未對該事件發表評論，因此尚不清楚定價問題是否起源於鏈甲骨文或Pyth。

Despite the unsavoury incident, the project has received support from the broader crypto community. Binance founder and former CEO Changpeng Zhao noted that his team has reached out to help Cetus resolve the situation.

儘管發生了不愉快的事件，但該項目還是得到了更廣泛的加密社區的支持。 Binance創始人兼前首席執行官Changpeng Zhao指出，他的團隊已伸出援手幫助Cetus解決了這種情況。

The post Cetus Protocol suspends smart contract operations after $223 million exploit appeared first on Chain Brief.

CETUS POSTOALS POSTS PROTICT在2.23億美元的利用後暫停了智能合同操作，首先出現在連鎖摘要中。

Continue reading on Chain Brief

繼續閱讀鏈條簡介