The Asterix token contract suffered a significant attack on June 8th, resulting in the theft of approximately 30 ETH through 242 transactions. According to Yu Xian, founder of SlowMist, the attack shares similarities with recent exploits on Flooring Protocol and BMP, involving overflow and reuse of high-order NFT ID shift operations. The attackers exploited a vulnerability in an early version of the DN404 protocol, which lacked proper checks on token ID restrictions.
The attackers repeatedly sold tokens in Asterix's Uniswap v4 liquidity pool to obtain ETH, using forged IDs to withdraw the same tokens, and continued this cycle until the funds were depleted. The smart contract remains immutable and unpatched, prompting the Asterix team to advise users to stop interacting with the current pool and tokens. Plans are underway to migrate and deploy a more secure token. The team suspects the attackers utilized a jailbroken AI tool for fuzz testing to uncover these vulnerabilities.
Asterix Attack Mirrors Flooring Protocol and BMP Exploits, 30 ETH Stolen
Disclaimer: The content provided on Phemex News is for informational purposes only. We do not guarantee the quality, accuracy, or completeness of the information sourced from third-party articles. The content on this page does not constitute financial or investment advice. We strongly encourage you to conduct you own research and consult with a qualified financial advisor before making any investment decisions.