Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
The Aave fork project on the Pulse chain suffered a governance attack. The hacker first purchased a large number of Aave tokens to obtain the governance authority of the Aave fork project, and then created multiple contracts. The hacker seemed to want to use the governance authority to modify the implementation of the proxy contract Address, using the user's authorization to the contract that has not been canceled, to transfer the user's funds away. Such as WBTC, YFI, BAL, AAVE, UNI and other tokens. Finally, the hacker converted the stolen funds into ETH through the cross-chain bridge protocol, and sent it to the 0xA30190b96FaEe0080144aA0B7645081Fcbf49E6F address of Ethereum. The attacker made a profit of 483 ETH (approximately $930,000). Attack method (per SlowMist): Governance Attack. Reported loss: $ 930,000.
- chain
- ethereum
- protocol
- Aave fork
- bug_class
- governance
- date_occurred
- 2023-07-02
- loss_usd
- $930,000
- source_id
- sm:aave-fork::2023-07-02