BTC $63,813.29 -1.25%
ETH $1,859.10 -3.09%
BNB $572.63 -1.18%
XRP $1.09 -1.58%
SOL $75.48 -1.73%
TRX $0.3227 -0.44%
DOGE $0.0725 -1.81%
ADA $0.1608 -2.08%
BCH $223.11 +0.40%
LINK $8.32 -1.76%
HYPE $61.22 -7.66%
AAVE $91.30 -4.87%
SUI $0.7423 -0.98%
XLM $0.1844 -1.62%
ZEC $534.09 -5.36%
BTC $63,813.29 -1.25%
ETH $1,859.10 -3.09%
BNB $572.63 -1.18%
XRP $1.09 -1.58%
SOL $75.48 -1.73%
TRX $0.3227 -0.44%
DOGE $0.0725 -1.81%
ADA $0.1608 -2.08%
BCH $223.11 +0.40%
LINK $8.32 -1.76%
HYPE $61.22 -7.66%
AAVE $91.30 -4.87%
SUI $0.7423 -0.98%
XLM $0.1844 -1.62%
ZEC $534.09 -5.36%

Hyperbridge:本次攻击事件漏洞源于 Merkle 证明验证逻辑缺陷

2026-04-13 21:31:02
收藏

ChainCatcher 消息,区块链互操作协议 Hyperbridge 披露此前 DOT 攻击事件详情,损失约 23.7 万美元。漏洞根源在于 HandlerV1 合约 VerifyProof() 函数缺少输入验证,未对 leaf_index leafCount 进行校验,导致攻击者可伪造 Merkle 证明。

攻击者借此获得以太坊上桥接 DOT 代币合约的管理员权限,随即增发 10 亿枚桥接 DOT(为合法流通量约 35.6 万枚的 2800 余倍),并在去中心化交易所套现。Hyperbridge 表示,目前正与安全合作方追踪资金,跨链功能将持续暂停至调查完成。

app_icon
ChainCatcher 与创新者共建Web3世界