GetChain News
中简 中繁 EN
GetChain News
Toggle sidebar
BlockSec

BlockSec

Active

Blockchain Security & Compliance Solutions Company

blocksec.com X LinkedIn Telegram Github Gitbook Medium

News Heat Trend

Project Overview

BlockSec delivers a full-suite Web3 security and compliance solution, spanning smart contract auditing, a real-time monitoring and threat-blocking platform, as well as crypto AML and forensic investigation platforms. Through Phalcon Compliance, customers can screen wallets and transactions for compliance risks, monitor suspicious activities in real time, and automate risk controls to meet regulatory and internal policy requirements. MetaSleuth enables fund-flow analysis to trace illicit proceeds and support investigations. Our 500+ customers include crypto exchanges, wallets, OTC desks, and financial institutions, along with regulators and law enforcement across 50+ jurisdictions.

Security Solutions Compliance Solutions On-Chain Compliance Solutions Security Audit

Event-related news

View more View more

Hyperbridge Contract Hit by MMR Proof Replay Vulnerability, Suffering ~$242,000 in Losses

According to BlockSec Phalcon, the HandlerV1 contract managed by Hyperbridge on the Ethereum network was found to contain a Merkle Mountain Range (MMR) proof replay vulnerability, resulting in approximately $242,000 in losses. The vulnerability stems from the lack of binding between proofs and requests, enabling attackers to replay historical valid proofs alongside newly forged requests to perform malicious actions—such as altering administrator privileges. In the specific incident, the attacker changed the Polkadot (DOT) token administrator and then exploited those privileges to mint additional DOT tokens for profit. Observed attack transactions include: changing the DOT token administrator and minting new tokens (losses of ~$237,400), changing the ARGN token administrator and minting new tokens (losses of ~$3,800), and host withdrawal operations. The vulnerability was discovered by PhalconSecurity and analyzed via PhalconExplorer. Previously, the Hyperbridge gateway contract was attacked, leading to the unauthorized minting and subsequent dumping of 1 billion DOT tokens on Ethereum.

Hyperbridge Contract Hit by MMR Proof Replay Vulnerability, Suffering ~$242,000 in Losses

According to BlockSec Phalcon, the HandlerV1 contract managed by Hyperbridge on the Ethereum network was found to contain a Merkle Mountain Range (MMR) proof replay vulnerability, resulting in approximately $242,000 in losses. The vulnerability stems from the lack of binding between proofs and requests, enabling attackers to replay historical valid proofs alongside newly forged requests to perform malicious actions—such as altering administrator privileges. In the specific incident, the attacker changed the Polkadot (DOT) token administrator and then exploited those privileges to mint additional DOT tokens for profit. Observed attack transactions include: changing the DOT token administrator and minting new tokens (losses of ~$237,400), changing the ARGN token administrator and minting new tokens (losses of ~$3,800), and host withdrawal operations. The vulnerability was discovered by PhalconSecurity and analyzed via PhalconExplorer. Previously, the Hyperbridge gateway contract was attacked, leading to the unauthorized minting and subsequent dumping of 1 billion DOT tokens on Ethereum.

Related news

Hyperbridge Contract Hit by MMR Proof Replay Vulnerability, Suffering ~$242,000 in Losses

According to BlockSec Phalcon, the HandlerV1 contract managed by Hyperbridge on the Ethereum network was found to contain a Merkle Mountain Range (MMR) proof replay vulnerability, resulting in approximately $242,000 in losses. The vulnerability stems from the lack of binding between proofs and requests, enabling attackers to replay historical valid proofs alongside newly forged requests to perform malicious actions—such as altering administrator privileges. In the specific incident, the attacker changed the Polkadot (DOT) token administrator and then exploited those privileges to mint additional DOT tokens for profit. Observed attack transactions include: changing the DOT token administrator and minting new tokens (losses of ~$237,400), changing the ARGN token administrator and minting new tokens (losses of ~$3,800), and host withdrawal operations. The vulnerability was discovered by PhalconSecurity and analyzed via PhalconExplorer. Previously, the Hyperbridge gateway contract was attacked, leading to the unauthorized minting and subsequent dumping of 1 billion DOT tokens on Ethereum.