KiloEx公布黑客事件分析：因合约未重写关键函数，用户资产已100%归还

Blockbeats

Apr 21, 2025

BlockBeats 消息，4 月 21 日，KiloEx 于 4 月 21 日发布黑客事件根本原因分析报告。报告指出，事件起因是其智能合约中的 TrustedForwarder 合约继承了 OpenZeppelin 的 MinimalForwarderUpgradeable 却未重写 execute 方法，导致该函数可被任意调用。攻击发生于 4 月 14 日 18:52 至 19:40（UTC），攻击者在 opBNB、Base、BSC、Taiko、B2 和 Manta 等链部署恶意合约发起攻击。

KiloEx 与攻击者协商后，对方同意保留 10% 作为赏金，其余资产（涵盖 USDT、USDC、ETH、BNB、WBTC 和 DAI）已全部退还至项目方多签钱包。平台已完成漏洞修复并恢复运营（用户资产已100%归还）。

Disclaimer: Investing carries risk. This is not financial advice. The above content should not be regarded as an offer, recommendation, or solicitation on acquiring or disposing of any financial products, any associated discussions, comments, or posts by author or other users should not be considered as such either. It is solely for general information purpose only, which does not consider your own investment objectives, financial situations or needs. TTM assumes no responsibility or warranty for the accuracy and completeness of the information, investors should do their own research and may seek professional advice before investing.

Most Discussed

{"basename":"","ssrTDKData":{"titleTemplate":"%s - Tiger Brokers","title":"Tiger Brokers | Global Stocks, Options & Futures Trading App","description":"Tiger Brokers, one-stop investment in US stocks, SGX stocks, HK stocks, A-shares & other global assets. One of the best stock trading platforms in Singapore.","keywords":"tiger brokers,tiger trade,tiger brokers singapore,broker online,stock trading in singapore,share trading singapore,brokerage firm singapore,trading app,stock broker singapore,stock trading platforms,trading account","social":{"ogDescription":"Tiger Brokers, one-stop investment in US stocks, SGX stocks, HK stocks, A-shares & other global assets. One of the best stock trading platforms in Singapore.","ogImage":"https://c1.itigergrowtha.com/portal5/static/media/og-logo.be62fbe1.png","ogUrl":"https://www.itiger.com/news/2529779688"},"companyName":"Tiger Brokers"},"pageData":{"isMobile":false,"isTiger":false,"isTTM":true,"region":"SGP","license":"TBSG","edition":"fundamental"},"isCrawlerRequest":true,"__swrFallback__":{"@#url:\"https://stock-news.skytigris.cn/v3/news\",params:#id:\"2529779688\",edition:\"fundamental\",auth_exemption:1,,,undefined,":{"share":"https://ttm.financial/m/news/2529779688?lang=en_US&edition=fundamental","thumbnail":"","is_english":false,"pubTime":"2025-04-21 19:02","share_image_url":"https://static.laohu8.com/e9f99090a1c2ed51c021029395664489","id":"2529779688","market":"us","top_or_hot":-1,"title":"KiloEx公布黑客事件分析：因合约未重写关键函数，用户资产已100%归还","media":"Blockbeats","content":"<html><body><div><p>BlockBeats 消息，4 月 21 日，KiloEx 于 4 月 21 日发布黑客事件根本原因分析报告。报告指出，事件起因是其智能合约中的 TrustedForwarder 合约继承了 OpenZeppelin 的 MinimalForwarderUpgradeable 却未重写 execute 方法，导致该函数可被任意调用。攻击发生于 4 月 14 日 18:52 至 19:40（UTC），攻击者在 opBNB、Base、BSC、Taiko、B2 和 Manta 等链部署恶意合约发起攻击。</p><p>KiloEx 与攻击者协商后，对方同意保留 10% 作为赏金，其余资产（涵盖 USDT、USDC、ETH、BNB、WBTC 和 DAI）已全部退还至项目方多签钱包。平台已完成漏洞修复并恢复运营（用户资产已100%归还）。</p></div></body></html>","source":"theblockbeats_zh_live","html":"<!DOCTYPE html>\n<html>\n<head>\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\" />\n<meta name=\"viewport\" content=\"width=device-width,initial-scale=1.0,minimum-scale=1.0,maximum-scale=1.0,user-scalable=no\"/>\n<meta name=\"format-detection\" content=\"telephone=no,email=no,address=no\" />\n<title>KiloEx公布黑客事件分析：因合约未重写关键函数，用户资产已100%归还</title>\n<style type=\"text/css\">\na,abbr,acronym,address,applet,article,aside,audio,b,big,blockquote,body,canvas,caption,center,cite,code,dd,del,details,dfn,div,dl,dt,\nem,embed,fieldset,figcaption,figure,footer,form,h1,h2,h3,h4,h5,h6,header,hgroup,html,i,iframe,img,ins,kbd,label,legend,li,mark,menu,nav,\nobject,ol,output,p,pre,q,ruby,s,samp,section,small,span,strike,strong,sub,summary,sup,table,tbody,td,tfoot,th,thead,time,tr,tt,u,ul,var,video{ font:inherit;margin:0;padding:0;vertical-align:baseline;border:0 }\nbody{ font-size:16px; line-height:1.5; color:#999; background:transparent; }\n.wrapper{ overflow:hidden;word-break:break-all;padding:10px; }\nh1,h2{ font-weight:normal; line-height:1.35; margin-bottom:.6em; }\nh3,h4,h5,h6{ line-height:1.35; margin-bottom:1em; }\nh1{ font-size:24px; }\nh2{ font-size:20px; }\nh3{ font-size:18px; }\nh4{ font-size:16px; }\nh5{ font-size:14px; }\nh6{ font-size:12px; }\np,ul,ol,blockquote,dl,table{ margin:1.2em 0; }\nul,ol{ margin-left:2em; }\nul{ list-style:disc; }\nol{ list-style:decimal; }\nli,li p{ margin:10px 0;}\nimg{ max-width:100%;display:block;margin:0 auto 1em; }\nblockquote{ color:#B5B2B1; border-left:3px solid #aaa; padding:1em; }\nstrong,b{font-weight:bold;}\nem,i{font-style:italic;}\ntable{ width:100%;border-collapse:collapse;border-spacing:1px;margin:1em 0;font-size:.9em; }\nth,td{ padding:5px;text-align:left;border:1px solid #aaa; }\nth{ font-weight:bold;background:#5d5d5d; }\n.symbol-link{font-weight:bold;}\n/* header{ border-bottom:1px solid #494756; } */\n.title{ margin:0 0 8px;line-height:1.3;color:#ddd; }\n.meta {color:#5e5c6d;font-size:13px;margin:0 0 .5em; }\na{text-decoration:none; color:#2a4b87;}\n.meta .head { display: inline-block; overflow: hidden}\n.head .h-thumb { width: 30px; height: 30px; margin: 0; padding: 0; border-radius: 50%; float: left;}\n.head .h-content { margin: 0; padding: 0 0 0 9px; float: left;}\n.head .h-name {font-size: 13px; color: #eee; margin: 0;}\n.head .h-time {font-size: 11px; color: #7E829C; margin: 0;line-height: 11px;}\n.small {font-size: 12.5px; display: inline-block; transform: scale(0.9); -webkit-transform: scale(0.9); transform-origin: left; -webkit-transform-origin: left;}\n.smaller {font-size: 12.5px; display: inline-block; transform: scale(0.8); -webkit-transform: scale(0.8); transform-origin: left; -webkit-transform-origin: left;}\n.bt-text {font-size: 12px;margin: 1.5em 0 0 0}\n.bt-text p {margin: 0}\n</style>\n</head>\n<body>\n<div class=\"wrapper\">\n<header>\n<h2 class=\"title\">\nKiloEx公布黑客事件分析：因合约未重写关键函数，用户资产已100%归还\n</h2>\n\n<h4 class=\"meta\">\n\n\n2025-04-21 19:02 北京时间&nbsp;&nbsp;&nbsp;<a href=https://www.theblockbeats.info//flash/290564><strong>Blockbeats</strong></a>\n\n\n</h4>\n\n</header>\n<article>\n<div>\n<p>BlockBeats 消息，4 月 21 日，KiloEx 于 4 月 21 日发布黑客事件根本原因分析报告。报告指出，事件起因是其智能合约中的 TrustedForwarder 合约继承了 OpenZeppelin 的 MinimalForwarderUpgradeable 却未重写 execute 方法，导致该函数可被任意调用。攻击发生于 4 月 14 日 18:52 至 19:40（UTC）...</p>\n\n<a href=\"https://www.theblockbeats.info//flash/290564\">Source Link</a>\n\n</div>\n\n\n</article>\n</div>\n</body>\n</html>\n","isBrief":false,"type":0,"news_type":1,"symbol":"BTC","symbol_name":"Grayscale Bitcoin Mini Trust","start_time":0,"source_url":"https://www.theblockbeats.info//flash/290564","article_id":"2529779688","we_media_id":null,"thumbnails":[],"rights":null,"url":"https://stock-news.laohu8.com/highlight/detail?id=2529779688","pubTimestamp":1745233320,"columns":[],"sourceInfo":{"source_id":"theblockbeats_zh_live","name":"blockbeat"},"weMediaInfo":null,"summary":"BlockBeats 消息，4 月 21 日，KiloEx 于 4 月 21 日发布黑客事件根本原因分析报告。报告指出，事件起因是其智能合约中的 TrustedForwarder 合约继承了 Open","collect":0,"end_time":0,"defaultTopTitle":"theblockbeats.info","property":[],"viewcount":null,"language":"zh","relate_stocks":{"BTC":"Grayscale Bitcoin Mini Trust","USDC":"USDATA Corp.","BK4601":"加密货币现货ETF","ETH":"低成本以太坊ETF-Grayscale"},"translate_title":"KiloEx announces analysis of hacking incidents: 100% of user assets have been returned because key functions have not been rewritten in the contract","themeId":null,"isJumpTheme":false,"ttsUrl":null,"symbols_score_info":{"BTC":1,"XBTmain":1,"ETH":1,"BTCmain":1,"USDC":1},"content_text":"BlockBeats 消息，4 月 21 日，KiloEx 于 4 月 21 日发布黑客事件根本原因分析报告。报告指出，事件起因是其智能合约中的 TrustedForwarder 合约继承了 OpenZeppelin 的 MinimalForwarderUpgradeable 却未重写 execute 方法，导致该函数可被任意调用。攻击发生于 4 月 14 日 18:52 至 19:40（UTC），攻击者在 opBNB、Base、BSC、Taiko、B2 和 Manta 等链部署恶意合约发起攻击。KiloEx 与攻击者协商后，对方同意保留 10% 作为赏金，其余资产（涵盖 USDT、USDC、ETH、BNB、WBTC 和 DAI）已全部退还至项目方多签钱包。平台已完成漏洞修复并恢复运营（用户资产已100%归还）。","kind":"live","is_publish_news":false,"is_publish_highlight":false,"is_publish_live":true,"is_publish_wemedia":null,"editions":null,"column":"","sentiment":"0","news_tag":"","news_rank":0,"symbols":[],"gpt_button":0,"need_auth":false,"code":"91000000","status":"200"}}}