Home
News
Details

Aurellion hacked for $455,003 USDC due to smart contract vulnerability

iconKuCoinFlash
Share
Share IconShare IconShare IconShare IconShare IconShare IconCopy
This is the logo of the coin.
USDC
$1.00080%
AI summary iconSummary

expand icon
Aurellion suffered a $455,003 USDC theft due to a smart contract vulnerability in the initialize(address) function of the SafeOwnable Facet. Attackers reinitialized the contract, gained control, and injected a malicious Facet to steal funds. The incident underscores the importance of smart contract audits to prevent ownership override exploits.

Odaily Planet Daily reports that SlowMist has issued a security alert stating that Aurellion was attacked, resulting in a loss of approximately 455,003 USDC (about $455,000).

Analysis reveals that the vulnerability stems from the lack of proper protection in the initialize(address) function of the SafeOwnable Facet. Since the Diamond contract does not use the initialize path when setting the owner, the _initialized storage slot is not properly updated, allowing an attacker to reinitialize the contract and overwrite the owner permissions.

Subsequently, the attacker called diamondCut to inject a malicious Facet and transferred the authorized users' USDC assets through the malicious pullERC20 function, ultimately completing the theft of funds.

The related addresses are as follows:

Compromised contract: 0x0adc63e71b035d5c7fdb1b4593999fa1f296f1b2

Vulnerability Facet: 0x3ca79c1cf29b8d19f7c643bb6e6bc9c49762e70f

Attacker address: 0x9f49591a3bf95b49cd8d9477b4481ce9da68d5ca

Currently, attackers have taken ownership of the Diamond contract and have transferred USDC from multiple authorized addresses, including 0x2e933518..., 0xa90714a1..., and 0xeced2d37...

Source:Show original
Disclaimer: The information on this page may have been obtained from third parties and does not necessarily reflect the views or opinions of KuCoin. This content is provided for general informational purposes only, without any representation or warranty of any kind, nor shall it be construed as financial or investment advice. KuCoin shall not be liable for any errors or omissions, or for any outcomes resulting from the use of this information. Investments in digital assets can be risky. Please carefully evaluate the risks of a product and your risk tolerance based on your own financial circumstances. For more information, please refer to our Terms of Use and Risk Disclosure.