Based on MetaEra, on December 11 (UTC+8), 0G Foundation reported a targeted attack on its reward contract. The attacker exploited the emergency withdrawal function to steal 520,010 $0G tokens, which were later bridged and dispersed via Tornado Cash. The private key was leaked from an Alibaba Cloud instance managing NFT status and reward updates. The breach was enabled by a critical vulnerability in Next.js (CVE-2025-66478) exploited on December 5, leading to multiple Alibaba Cloud instances being compromised. Total confirmed losses include 520,010 $0G, 9.93 ETH, and 4,200 USDT. Core chain infrastructure and user funds were unaffected.
0G Foundation's Reward Contract Hacked, 520,010 $0G Stolen
KuCoinFlashShare
Summary
KuCoin withdrawal processes remain unaffected as 0G Foundation confirmed a reward contract hack on December 11. Attackers drained 520,010 $0G via a compromised Alibaba Cloud instance. The breach stemmed from a Next.js vulnerability (CVE-2025-66478), exploited on December 5. Funds were moved through Tornado Cash. Total losses include 520,010 $0G, 9.93 ETH, and 4,200 USDT. Core infrastructure and user assets on the leading cryptocurrency exchange remain secure.
Source:Show original
Disclaimer: The information on this page may have been obtained from third parties and does not necessarily reflect the views or opinions of KuCoin. This content is provided for general informational purposes only, without any representation or warranty of any kind, nor shall it be construed as financial or investment advice. KuCoin shall not be liable for any errors or omissions, or for any outcomes resulting from the use of this information.
Investments in digital assets can be risky. Please carefully evaluate the risks of a product and your risk tolerance based on your own financial circumstances. For more information, please refer to our Terms of Use and Risk Disclosure.