VERDICT —OUT OF SCOPE
Root cause is infrastructure (DNS / cloud / database / third-party API) compromise, not on-chain contract logic. Pre-deployment source review would not surface this; coverage lives in cloud-security + supply-chain audit, separate discipline.
▰ METHOD
INFRASTRUCTURE
INFRASTRUCTURE
Root cause
Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Forensic narrative
Ribbon Finance said in a tweet that the homepage of the URL suffered a DNS attack, causing 2 users to approve a malicious contract for vault deposits. At present, the team has solved the problem, and the funds in all contracts are in a safe state. After analyzing the data on the chain, SlowMist believes that it is the same attacker as Convex. At the same time, it is found that a user of Ribbon Finance lost 16.5 WBTC in the attack. Attack method (per SlowMist): DNS Attack. Reported loss: 16.5 BTC.
Primary source
https://m.jinse.com/writings/1754332.html ↗Sourced from
slowmist
Technical record
- chain
- —
- protocol
- Ribbon Finance
- bug_class
- infrastructure
- date_occurred
- 2022-06-24
- loss_usd
- —
- source_id
- sm:ribbon-finance::2022-06-24
Related — same bug class· infrastructure