FEG代币2022年第三次被黑，用户损失99%资金

Feed Every Gorilla (FEG) 代币的“SmartBridge”疑似被利用，黑客在周日抛售收益后，持有人损失了 99%

A suspected exploit of the Feed Every Gorilla (FEG) token’s “SmartBridge” left holders down 99% on Sunday, after the hacker sold off the proceeds into existing liquidity.

周日，Feed Every Gorilla (FEG) 代币的“SmartBridge”被怀疑被利用，黑客将收益出售给现有流动性后，持有人损失了 99%。

In what must feel like a depressingly familiar series of events, this attack is the third to hit the project following two separate incidents in 2022.

这一系列事件肯定让人感到令人沮丧地熟悉，这是继 2022 年发生的两起独立事件之后，该项目第三次遭受攻击。

Looks like @FEGtoken has been hacked. Price has dropped by 99%. As I can see, exploiter's profit is at least:712 $BNB on BSC73 $ETH on Base96 $ETH on EthereumFunds have been transfered to #TornadoCash. Total profit is over 1,070,000$. Protocol paused by team ? pic.twitter.com/gGEHBurtif

看起来@FEGtoken 已被黑客攻击。价格下降了99%。正如我所看到的，剥削者的利润至少是：712 $BNB on BSC73 $ETH on Base96 $ETH on Ethereum资金已转移到#TornadoCash。总利润超过 1,070,000 美元。协议被团队暂停? pic.twitter.com/gGEHBurtif

Read more: Are North Korean hackers liquidated on HyperLiquid planning something?

了解更多：朝鲜黑客是否正在计划对 HyperLiquid 进行清算？

The project’s response to the “Irregular Transactions” acknowledged its users’ frustration, which were shared by the team. It initially suspected “a vulnerability in the wormhole bridge, which had previously undergone an audit” by Peckshield (which claims to have identified the root cause, but is yet to comment officially).

该项目对“不规则交易”的回应承认用户的沮丧，团队也有同样的感受。它最初怀疑“虫洞桥存在漏洞，该漏洞此前曾接受过 Peckshield 的审计”（Peckshield 声称已经找到了根本原因，但尚未正式发表评论）。

In the meantime, crypto security and auditing firm BlockSec conducted its own analysis of the hack, finding that “only the relayer can register withdrawal in the SmartBridge. However, when receiving a wormhole bridge message, the relayer doesn’t check if the source address is allowed to trigger the withdrawal registration.”

与此同时，加密安全和审计公司 BlockSec 对此次黑客攻击进行了自己的分析，发现“只有中继者可以在 SmartBridge 中注册提款。然而，当中继器收到虫洞桥消息时，不会检查源地址是否允许触发提现注册。”

The hacker was then able to craft a malicious bridge message on one chain, fraudulently withdraw large amounts of FEG on the destination chain, and swap it for the existing liquidity. The same three steps were followed on each chain.

然后，黑客能够在一条链上制作恶意桥接消息，在目标链上欺诈性地提取大量 FEG，并将其交换为现有的流动性。每条链上都遵循相同的三个步骤。

The FEG token ties together the project’s “SmartDeFi” token launchpads on ETH, Base and BNB Chain. According to Cyvers, the attacker made over $1 million dumping the tokens: 96 ETH, 73 ETH and 712 BNB profit on each chain, respectively.

FEG 代币将项目在 ETH、Base 和 BNB 链上的“SmartDeFi”代币启动板联系在一起。据 Cyvers 称，攻击者通过抛售代币赚取了超过 100 万美元：每条链上分别获利 96 ETH、73 ETH 和 712 BNB。

Many voiced their frustrations and disbelief via X despite replies to the team’s statement being disabled. Users remarked on the loss of credibility, a lack of surprise, feeling “trapped,” and even suggesting the events may have been inside jobs.

尽管对该团队声明的回复已被禁用，但许多人通过 X 表达了他们的沮丧和怀疑。用户表示，他们失去了可信度，缺乏惊喜，感觉“被困”，甚至暗示这些事件可能发生在工作内部。

Some did show support, however, pointing to the team’s “proactive approach” and taking comfort in FEG’s “real-world utility,” while dismissing security concerns as “woke.”

然而，一些人确实表示了支持，指出该团队的“积极主动的方法”，并对 FEG 的“现实世界实用性”感到安慰，同时将安全担忧视为“觉醒”。

This isn’t FEG’s first rodeo

这不是 FEG 的第一场牛仔竞技表演

May 2022 saw the project lose $1.3 million to a flash loan attack which also exploited a data validation issue to drain FEG tokens. Despite “respectfully request[ing]” the return of stolen funds, they were laundered via Tornado Cash a few days later.

2022 年 5 月，该项目因闪贷攻击损失了 130 万美元，该攻击还利用数据验证问题耗尽 FEG 代币。尽管“恭敬地请求”归还被盗资金，但几天后这些资金还是通过龙卷风现金进行了洗钱。

The FEG team would like to keep the community updated on what had transpired on May 15, 2022 at approximately 8:20 PM (UTC). There was an exploit in the Swap-to-Swap (S2S) functionality within the FEGtoken swap contracts on BSC and ETH.(1/7)

FEG 团队希望向社区通报 2022 年 5 月 15 日晚上 8:20 左右（世界标准时间）发生的最新情况。 BSC 和 ETH 上的 FEGtoken 互换合约中的互换到互换 (S2S) 功能存在漏洞。(1/7)

Read more: DeFi project Delta Prime hacked again — months after private key leak

了解更多： DeFi 项目 Delta Prime 在私钥泄露几个月后再次遭到黑客攻击

After such a blow, FEG opted to use a third-party solution, locking its token’s liquidity with Team Finance to inspire confidence that users’ money would remain safe.

遭受这样的打击后，FEG 选择使用第三方解决方案，将其代币的流动性锁定在 Team Finance 上，以激发用户资金安全的信心。

But in October of that same year, the token suffered a loss of almost $2 million when four of these “bulletproof” liquidity locks were exploited due to a fault in the migration system to move liquidity from Uniswap v2 and v3. The incident saw a total of over $15 million lost between the affected teams, though most funds were later returned.

但同年 10 月，由于从 Uniswap v2 和 v3 转移流动性的迁移系统出现故障，其中四个“防弹”流动性锁被利用，该代币遭受了近 200 万美元的损失。此次事件导致受影响团队之间总共损失超过 1500 万美元，不过大部分资金后来都被退回。