Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
The non-custodial exchange DeversiFi released a post-mortem analysis report for the previous gas transaction that included 7676.62 ETH, saying that the potential problems in the EthereumJS library are combined with the gas fee changes related to the EIP-1559 upgrade in some cases, and the Ledger hardware wallet may exist The display problem of, may lead to extremely high transaction fees. When this happens, only wallets with very large funds will be affected, and other users will display transaction failures during transactions. In addition, after Bitfinex negotiated with the miners, the miners had returned 7,626 ETH, and the remaining 50 ETH was provided to the miners as a refund fee. It was previously reported that a major wallet on the Bitfinex exchange made a $100,000 USDT transfer with a total of 7676.62 ETH (approximately US$23.54 million) in Gas fees. The final recipient was a non-custodial spin-off from Bitfinex in 2019. Exchange DeversiFi. Attack method (per SlowMist): Handle inventory defects with fixed precision and extended value range. Reported loss: 50.62 ETH.
- chain
- —
- protocol
- Bitfinex
- bug_class
- unknown
- date_occurred
- 2021-09-27
- loss_usd
- —
- source_id
- sm:bitfinex::2021-09-27