0G Foundation: Reward contract attacked, 520,000 0G stolen

CoinNetwork · 2025-12-13T10:07:43+00:00

The 0G Foundation revealed in an announcement that on December 11, its reward contract was targeted in an attack. The attacker exploited the emergency withdrawal function to steal 520,010 $0G tokens and laundered the proceeds through Tornado Cash. The attack resulted from a private key leak on Alibaba Cloud and a Next.js vulnerability, leading to multiple instances being compromised. Losses included $0G tokens, ETH, and USDT, but the core chain infrastructure and user funds were unaffected.

CoinNetwork

2025-12-13 10:07:43

Abstract generation in progress

CryptoWorld News reports that the @0G Foundation posted on the X platform stating that on December 11, a targeted attack compromised its reward contract. The attacker exploited the emergency withdrawal function of the @0G reward contract used for distributing alliance rewards, stealing 520,010 $0G tokens, which were subsequently bridged and dispersed through Tornado Cash. The attacker obtained the private key leaked from an Alibaba Cloud instance responsible for managing NFT status and reward updates, with the private key stored locally. Due to a serious vulnerability in Next.js (CVE-2025-66478) exploited on December 5, multiple Alibaba Cloud instances were compromised. The attacker moved laterally via internal IP addresses, affecting calibration services, validator nodes, Gravity NFT services, node sales services, computing, Aiverse, Perpdex, Ascend, and others. The confirmed total losses amount to 520,010 $0G, 9.93 ETH, and 4200 USD USDT. Apart from the reward distribution contract, core blockchain infrastructure or user funds were not affected.

0G-3,05%

ETH-0,84%

View Original

This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.