Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
The 0G Foundation posted on X that a targeted attack on December 11 resulted in a breach of their reward contract. The attacker exploited the emergency withdrawal function of the 0G reward contract, which is used for distributing alliance rewards, stealing 520,010 $0G tokens, 9.93 ETH, and $4,200 worth of USDT. These tokens were subsequently bridged and dispersed through Tornado Cash. Due to a critical vulnerability in Next.js (CVE-2025-66478) exploited on December 5, the attacker moved laterally via internal IP addresses, affecting services including the Alignment service, Validator nodes, Gravity NFT service, Node Sales service, Compute, Aiverse, Perpdex, Ascend, and others. However, the core chain infrastructure and user funds remained unaffected. Attack method (per SlowMist): Private Key Leakage. Reported loss: $ 520,000.
- chain
- —
- protocol
- 0G Foundation
- bug_class
- private-key
- date_occurred
- 2025-12-11
- loss_usd
- $520,000
- source_id
- sm:0g-foundation::2025-12-11