Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Reproducible Foundry test fork from SunWeb3Sec/DeFiHackLabs. Clone the repo, run forge test against the file path above, and replay the exploit against a mainnet fork at the historical block. Use for reproduction only — not for live targets.
DeFi protocol Spectra suffered an attack, resulting in a loss of approximately $550,000. Spectra has disabled the application and terminated the router contract to contain the situation, while the core protocol contract remains unaffected. Security personnel Chaofan Shou indicated that the attack stemmed from an arbitrary call in the router contract, allowing the attacker to drain all tokens approved by the contract. On July 24th, Spectra released a security incident analysis report, stating that the attacker hijacked user transactions on Spectra, affecting a total of 4 wallets and causing a loss of approximately 168 ETH. The core protocol contract of Spectra remains unaffected, with the funds within the contract secure. The application was restored on the morning of July 24th. Attack method (per SlowMist): Contract Vulnerability. Reported loss: $ 550,000.
- chain
- —
- protocol
- Spectra
- bug_class
- external-call
- date_occurred
- 2024-07-23
- loss_usd
- $550,000
- source_id
- sm:spectra::2024-07-23