Aurellion has suffered a significant security breach, losing approximately $455,003 USDC due to a smart contract vulnerability. The attack was identified by SlowMist, which highlighted a flaw in the SafeOwnable Facet's initialize(address) function. This vulnerability allowed the attacker to reinitialize the contract and overwrite owner permissions, exploiting the Diamond contract's lack of proper initialization protection.
The attacker utilized the diamondCut function to inject a malicious Facet, enabling the unauthorized transfer of USDC assets through a compromised pullERC20 function. The compromised contract address is 0x0adc63e71b035d5c7fdb1b4593999fa1f296f1b2, with the vulnerability facet at 0x3ca79c1cf29b8d19f7c643bb6e6bc9c49762e70f. The attacker, operating from address 0x9f49591a3bf95b49cd8d9477b4481ce9da68d5ca, has taken control of the Diamond contract and transferred USDC from multiple authorized addresses.
Aurellion Loses $455,003 USDC in Smart Contract Exploit
Disclaimer: The content provided on Phemex News is for informational purposes only. We do not guarantee the quality, accuracy, or completeness of the information sourced from third-party articles. The content on this page does not constitute financial or investment advice. We strongly encourage you to conduct you own research and consult with a qualified financial advisor before making any investment decisions.