Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
According to Cointelegraph, a vulnerability in the Ethereum Alarm Clock service (Ethereum Alarm Clock) has been exploited, and the hacker has so far made about $260,000 in profit. According to the analysis, hackers managed to exploit a loophole in the scheduled transaction process to profit from the refund of gas fees for canceled transactions. According to Etherscan transaction history, the hackers have obtained 204 ETH, worth about $259,800. It is reported that the Ethereum alarm clock service is to allow users to schedule future transactions by pre-determining the recipient address, sending amount and transaction time. Attack method (per SlowMist): Contract Vulnerability. Reported loss: $ 260,000.
- chain
- ethereum
- protocol
- Ethereum Alarm Clock
- bug_class
- logic
- date_occurred
- 2022-10-20
- loss_usd
- $260,000
- source_id
- sm:ethereum-alarm-clock::2022-10-20