Rewards Hub Fusion's USDC optimizer Vault on Arbitrum was attacked on January 6, leading to a $336,000 USDC loss. The breach exploited a missing validation vulnerability in the older version's "fuse" logic, allowing the attacker to manipulate administrator privileges via the EIP-7702 mechanism. The attacker injected malicious logic and withdrew funds, transferring them to Tornado.Cash. This issue affected only the older Vault deployed 490 days ago, leaving other vaults secure.
IPOR has assured users of full compensation for their losses through the DAO's finances. The company is working with security teams, including SEAL, Hexagate, and Blockaid, to recover the funds. A detailed technical report has been released, confirming the attack was due to a logical error and EIP-7702 privilege abuse.
Fusion's USDC Vault Attack Results in $336,000 Loss, Users to Be Compensated
Disclaimer: The content provided on Phemex News is for informational purposes only. We do not guarantee the quality, accuracy, or completeness of the information sourced from third-party articles. The content on this page does not constitute financial or investment advice. We strongly encourage you to conduct you own research and consult with a qualified financial advisor before making any investment decisions.