{"id":24810,"date":"2022-09-08T07:45:31","date_gmt":"2022-09-08T07:45:31","guid":{"rendered":"https:\/\/bitcoinwisdom.com\/?p=24810"},"modified":"2022-09-08T07:45:37","modified_gmt":"2022-09-08T07:45:37","slug":"nereus-finance-suffers-flash-loan-attack","status":"publish","type":"post","link":"https:\/\/bitcoinwisdom.com\/sv\/nereus-finance-suffers-flash-loan-attack\/","title":{"rendered":"Avalanche-baserade Nereus Finance drabbas av snabbl\u00e5nsattack: post mortem"},"content":{"rendered":"<ul class=\"wp-block-list\"><li><strong>Nereus Finance har nyligen bevittnat en attack som resulterade i en f\u00f6rlust av $371 000 v\u00e4rde av anv\u00e4ndarmedel i form av USD Coin (USDC) med en smart kontraktsexploatering.<\/strong><\/li><li><strong>CertiK uppt\u00e4ckte f\u00f6rst hacket och dess inverkan p\u00e5 likviditetspooler p\u00e5 Nereus i samband med den automatiserade marknadsskaparen Curve Finance och decentraliserade b\u00f6rsen Trader Joe.<\/strong><\/li><\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\" \/>\n\n\n\n<p>Avalanche-baserad utl\u00e5ningsplattform Nereus Finance har nyligen bevittnat en attack som resulterade i en f\u00f6rlust av $371 000 v\u00e4rde av anv\u00e4ndarmedel i form av USD Coin (USDC) med hj\u00e4lp av en smart kontraktsexploatering.&nbsp;<\/p>\n\n\n\n<p>Den 6 september uppt\u00e4ckte det v\u00e4lrenommerade blockchain-cybers\u00e4kerhetsf\u00f6retaget CertiK f\u00f6rst hacket och dess inverkan p\u00e5 likviditetspooler p\u00e5 Nereus i samband med den automatiserade market maker Curve Finance och decentraliserade b\u00f6rsen Trader Joe.<\/p>\n\n\n\n<p>CertiK tror ocks\u00e5 att de underliggande protokollen ocks\u00e5 p\u00e5verkas av den listiga attacken. Men enligt Curve Finance \u00e4r det bara Nereus som p\u00e5verkas. <\/p>\n\n\n\n<p>Det stod p\u00e5 Twitter den 7 september:<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p>&quot;Du kanske menade &#039;p\u00e5verkade tillg\u00e5ngar&#039;, inte &#039;p\u00e5verkade protokoll&#039;. Endast [Nereus Finance] och dess tillg\u00e5ngar verkar p\u00e5verkas.&quot;<\/p><\/blockquote>\n\n\n\n<p>S\u00e4rskilt Nereus Finance nyligen <a href=\"https:\/\/medium.com\/nereus-protocol\/post-mortem-flash-loan-exploit-in-single-nxusd-market-343fa32f0c6\" rel=\"nofollow noopener\" target=\"_blank\">sl\u00e4ppte<\/a> en detaljerad obduktion av attacken, som tydligt f\u00f6rklarar att hackaren anv\u00e4nde ett anpassat smart kontrakt som anv\u00e4nde ett $51 miljoner flashl\u00e5n fr\u00e5n Aave f\u00f6r att avsiktligt manipulera AVAX\/USDC Trader Joe LP (JLP) poolpriset.<\/p>\n\n\n\n<p>Senare p\u00e5 natten den 6 september anv\u00e4nde Nereus samh\u00e4llets oenighet f\u00f6r att varna samh\u00e4llet om ett \u00f6vergrepp. Den s\u00f6kte r\u00e5d fr\u00e5n s\u00e4kerhetsspecialister, skapade en begr\u00e4nsningsplan och larmade polisen f\u00f6r att st\u00f6dja insatserna under timmarna som f\u00f6ljde. Enligt rapporten har utl\u00e5ningsplattformen minimerat attacken genom att likvidera och pausa den exploaterade JLP-marknaden.<\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-rich is-provider-twitter wp-block-embed-twitter\"><div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\"><p lang=\"en\" dir=\"ltr\">Vi&#039;har publicerat en obduktion av NXUSD-incidenten fr\u00e5n ig\u00e5r. <a href=\"https:\/\/t.co\/ADhu6PagP2\" rel=\"nofollow\">https:\/\/t.co\/ADhu6PagP2<\/a> <br>Tack <a href=\"https:\/\/twitter.com\/peckshield?ref_src=twsrc%5Etfw\" rel=\"nofollow noopener\" target=\"_blank\">@peckshield<\/a> <a href=\"https:\/\/twitter.com\/CertiK?ref_src=twsrc%5Etfw\" rel=\"nofollow noopener\" target=\"_blank\">@CertiK<\/a><\/p>\u2014 Nereus Finance (@nereusfinance) <a href=\"https:\/\/twitter.com\/nereusfinance\/status\/1567574661311102976?ref_src=twsrc%5Etfw\" rel=\"nofollow noopener\" target=\"_blank\">7 september 2022<\/a><\/blockquote><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script>\n<\/div><\/figure>\n\n\n\n<p>Nereus Finance bekr\u00e4ftade vidare att angriparen pr\u00e4glade $998 000 av Nereus inhemska verktygstoken NXUSD mot $508 000 i s\u00e4kerhet. De fortsatte med att byta denna fond till olika kryptovalutor via flera likviditetspooler, och n\u00e4r flashl\u00e5net v\u00e4l \u00e5terl\u00e4mnades lyckades de springa iv\u00e4g med en nettost\u00f6ld p\u00e5 $371,000. Attacken skapade $500 000 i NXUSD &quot;d\u00e5lig skuld&quot; i NXUSD-protokollet, som enligt uppgift betalades av lagets finansavdelning.\u00a0<\/p>\n\n\n\n<p>Nereus-teamet arbetar f\u00f6r n\u00e4rvarande med att hitta angriparen och medel och har beslutat att erbjuda en 20% White Hat-bel\u00f6ning f\u00f6r \u00e5terl\u00e4mnandet av tillg\u00e5ngarna.<\/p>\n\n\n\n<p>Dessutom, eftersom Nereus p\u00e5st\u00e5r sig \u00e4ndra sin &quot;revisions- och s\u00e4kerhetspolicy f\u00f6r att s\u00e4kerst\u00e4lla att dessa typer av h\u00e4ndelser inte intr\u00e4ffar i framtiden&quot;, \u00e4r det ocks\u00e5 s\u00e4kert att samma utnyttjande inte kommer att intr\u00e4ffa igen. <\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p>&quot;Fram\u00f6ver kommer TWAP-ber\u00e4kningar att implementeras tillsammans med andra uppgraderingar av priss\u00e4ttningsfl\u00f6den f\u00f6r s\u00e4kerhetstillg\u00e5ngar som inte har Chainlink-orakel,&quot;<\/p><cite>utl\u00e5ningsprotokollet s\u00e4ger.<\/cite><\/blockquote>","protected":false},"excerpt":{"rendered":"<p>Nereus Finance har nyligen bevittnat en attack som resulterade i en f\u00f6rlust av $371 000 v\u00e4rde av anv\u00e4ndarmedel i form av USD Coin (USDC) med en smart kontraktsexploatering. CertiK uppt\u00e4ckte f\u00f6rst hacket och dess inverkan p\u00e5 likviditetspooler p\u00e5 Nereus i samband med den automatiserade marknadsskaparen Curve Finance och decentraliserade b\u00f6rshandlaren [\u2026]<\/p>","protected":false},"author":21,"featured_media":24815,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_editorskit_title_hidden":false,"_editorskit_reading_time":1,"_editorskit_is_block_options_detached":false,"_editorskit_block_options_position":"{}","_uag_custom_page_level_css":"","footnotes":""},"categories":[188,12],"tags":[718,1645],"class_list":["post-24810","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-defi-news","category-news","tag-avalanche","tag-nereus-finance"],"acf":[],"uagb_featured_image_src":{"full":["https:\/\/bitcoinwisdom.com\/wp-content\/uploads\/2022\/09\/Nereus-Finance.jpg",1200,675,false],"thumbnail":["https:\/\/bitcoinwisdom.com\/wp-content\/uploads\/2022\/09\/Nereus-Finance-500x330.jpg",500,330,true],"medium":["https:\/\/bitcoinwisdom.com\/wp-content\/uploads\/2022\/09\/Nereus-Finance-300x169.jpg",300,169,true],"medium_large":["https:\/\/bitcoinwisdom.com\/wp-content\/uploads\/2022\/09\/Nereus-Finance-768x432.jpg",640,360,true],"large":["https:\/\/bitcoinwisdom.com\/wp-content\/uploads\/2022\/09\/Nereus-Finance-1024x576.jpg",640,360,true],"1536x1536":["https:\/\/bitcoinwisdom.com\/wp-content\/uploads\/2022\/09\/Nereus-Finance.jpg",1200,675,false],"2048x2048":["https:\/\/bitcoinwisdom.com\/wp-content\/uploads\/2022\/09\/Nereus-Finance.jpg",1200,675,false],"trp-custom-language-flag":["https:\/\/bitcoinwisdom.com\/wp-content\/uploads\/2022\/09\/Nereus-Finance-18x10.jpg",18,10,true]},"uagb_author_info":{"display_name":"Parth Dubey","author_link":"https:\/\/bitcoinwisdom.com\/sv\/author\/parth\/"},"uagb_comment_info":0,"uagb_excerpt":"Nereus Finance has recently witnessed an attack that resulted in a loss of $371,000 worth of user funds in the form of USD Coin (USDC) using a smart contract exploit. CertiK first detected the hack and its impact on liquidity pools on Nereus in connection with automated market maker Curve Finance and decentralized exchange Trader&hellip;","_links":{"self":[{"href":"https:\/\/bitcoinwisdom.com\/sv\/wp-json\/wp\/v2\/posts\/24810","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/bitcoinwisdom.com\/sv\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/bitcoinwisdom.com\/sv\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/bitcoinwisdom.com\/sv\/wp-json\/wp\/v2\/users\/21"}],"replies":[{"embeddable":true,"href":"https:\/\/bitcoinwisdom.com\/sv\/wp-json\/wp\/v2\/comments?post=24810"}],"version-history":[{"count":0,"href":"https:\/\/bitcoinwisdom.com\/sv\/wp-json\/wp\/v2\/posts\/24810\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/bitcoinwisdom.com\/sv\/wp-json\/wp\/v2\/media\/24815"}],"wp:attachment":[{"href":"https:\/\/bitcoinwisdom.com\/sv\/wp-json\/wp\/v2\/media?parent=24810"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/bitcoinwisdom.com\/sv\/wp-json\/wp\/v2\/categories?post=24810"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/bitcoinwisdom.com\/sv\/wp-json\/wp\/v2\/tags?post=24810"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}