加密貨幣：GMX賞金在4200萬美元的排水量後提供

GMX遭受了一個主要的利用，損失了4200萬美元。向黑客提供了賞金以返回資金。這對Defi安全意味著什麼？

Crypto Hack: GMX Bounty Offered After $42M Drain

加密貨幣：GMX賞金在4200萬美元的排水量後提供

Decentralized exchange GMX just got smacked with a serious security breach, resulting in a $42 million drain from its liquidity pool. Now, they're offering a bounty to the hacker in hopes of getting the funds back. It's a wild situation that highlights the ongoing risks in the DeFi space.

分散的交易所GMX剛剛被嚴重的安全漏洞擊中，導致其流動性池耗資4200萬美元。現在，他們為黑客提供了賞金，希望將資金恢復到。這是一種瘋狂的情況，突出了Defi空間中持續的風險。

The GMX Exploit: What Happened?

GMX Exploit：發生了什麼事？

On Wednesday morning, GMX's GLP liquidity pool on Arbitrum V1 got hit. An attacker made off with over $40 million in tokens, transferring them to an unknown wallet. To stop the bleeding, GMX halted all V1 trading and GLP minting and redemption on both Arbitrum and Avalanche. The GMX team has moved swiftly, freezing leveraged trading functions on V1 and taking steps to protect remaining assets.

在星期三早上，GMX仲裁V1上的GLP流動性池受到打擊。一名攻擊者以超過4000萬美元的代幣方式轉移到了一個未知的錢包中。為了停止出血，GMX停止了仲裁和雪崩的所有V1交易以及GLP鑄造和贖回。 GMX團隊已迅速移動，凍結了V1上的槓桿交易功能，並採取了措施保護其餘資產。

Blockchain analytics firms like PeckShieldAlert and Arkham Intel tracked the stolen funds as they moved through various channels. The hacker swapped USDC for ETH, then to DAI, and transferred millions in FRAX, wrapped bitcoin, and wrapped ETH. They even used Tornado Cash to try and hide their tracks, bridging about $9.6 million to Ethereum before swapping it into DAI. Currently, the hacker’s wallet holds close to $44 million in digital assets.

PeckShieldalert和Arkham Intel等區塊鏈分析公司在各種渠道中移動時追踪了被盜的資金。黑客將USDC換成ETH，然後換成Dai，並以Frax的數百萬轉移，包裹了比特幣，並包裹了ETH。他們甚至使用Tornado Cash嘗試隱藏自己的曲目，在將其交換成Dai之前，向以太坊橋樑橋樑約960萬美元。目前，黑客錢包的數字資產接近4,400萬美元。

A White-Hat Bounty: Appealing to Conscience (and Self-Interest)

白帽賞金：吸引良心（和自身利益）

GMX responded by offering the hacker a 10% white-hat bounty for the return of the stolen funds. They even stated that they wouldn't pursue law enforcement action if the funds were returned within 48 hours. It's a last-ditch effort, appealing to the hacker's (potential) conscience or, more likely, their self-interest.

GMX的回應是為黑客提供了10％的白帽賞金，以返回被盜資金。他們甚至說，如果在48小時內退還資金，他們將不會採取執法行動。這是最後的努力，吸引了黑客（潛在的）良心或更有可能的自身利益。

The Fallout: Token Price Drop and DeFi Audit Concerns

後果：代幣的價格下跌和Defi審計問題

Unsurprisingly, the GMX token price took a hit, dropping approximately 18% after the exploit. This incident also raises serious questions about the effectiveness of DeFi audits. Despite undergoing audits from Quantstamp and ABDK Consulting, the GMX V1 contracts failed to withstand this targeted exploit. The audits missed the vulnerability that allowed the attacker to manipulate the protocol’s leveraged position calculations. It's a stark reminder that audits aren't foolproof and can miss protocol-specific risks.

毫不奇怪，GMX代幣價格受到了打擊，在漏洞利用後下降了約18％。該事件還引發了有關DEFI審核有效性的嚴重問題。儘管接受了QuantStamp和ABDK Consulting的審核，但GMX V1合同仍未承受此目標利用。審核錯過了攻擊者可以操縱協議的槓杆位置計算的漏洞。這是一個明顯的提醒，審核不是萬無一失的，可能會錯過特定於協議的風險。

The Bigger Picture: A Rough Year for Crypto Security

大局：加密安全的艱難一年

This GMX hack is just the latest in a string of crypto exploits. Investors have already lost billions to hacks and scams this year. The GMX exploit comes after Abracadabra.Finance lost $13 million in March due to a vulnerability in its GMX-linked lending pools. It’s a tough year out there for DeFi security.

該GMX Hack只是一系列加密貨幣漏洞中的最新信息。今年，投資者已經損失了數十億美元的黑客和騙局。 GMX漏洞利用是在Abracadabra之後出現的。金額在3月損失了1300萬美元，這是由於其與GMX連接的貸款池的脆弱性。對於Defi安全，這是艱難的一年。

So, What's the Takeaway?

那麼，收穫是什麼？

DeFi is still the Wild West, and even projects that have undergone audits aren't immune to attacks. It's a risky space, and users need to be aware of the potential downsides. GMX's offer of a bounty shows how seriously they are taking the issue. The GMX team's swift response is crucial, but it’s also a wake-up call to everyone in the crypto space about the ongoing need for better security measures and more thorough audits.

Defi仍然是狂野的西部，甚至進行了審計的項目也無法免疫進攻。這是一個冒險的空間，用戶需要意識到潛在的缺點。 GMX提出的賞金提議表明了他們對這個問題的重視程度。 GMX團隊的迅速反應至關重要，但這也是對加密貨幣空間中每個人的警鐘，內容涉及對更好的安全措施和更徹底的審核的持續需求。

Hopefully, GMX can recover the funds and learn from this experience. In the meantime, stay safe out there, crypto cowboys and cowgirls! It's a jungle out there!

希望GMX可以收回資金並從這種經驗中學習。同時，請保持安全，加密牛仔和女牛仔！這是一個叢林！