KiloEx 发布黑客事件总结：智能合约中的TrustedForwarder 合约存在漏洞

金色财经

Apr 21, 2025

【KiloEx 发布黑客事件总结：智能合约中的TrustedForwarder 合约存在漏洞】4月21日消息，KiloEx 发布黑客事件根本原因分析和事后总结，事件起因是其智能合约中的 TrustedForwarder 合约继承了 OpenZeppelin 的 MinimalForwarderUpgradeable 但未重写 execute 方法，导致该函数可被任意调用。攻击发生于 4 月 14 日 18:52 至 19:40（UTC），黑客通过在 opBNB、Base、BSC、Taiko、B2 和 Manta 等多个链上部署攻击合约实施攻击。经过协商，黑客同意保留 10% 赏金，并已将所有被盗资产（包括 USDT、USDC、ETH、BNB、WBTC 和 DAI）退还至 KiloEx 指定的多重签名钱包。

Disclaimer: Investing carries risk. This is not financial advice. The above content should not be regarded as an offer, recommendation, or solicitation on acquiring or disposing of any financial products, any associated discussions, comments, or posts by author or other users should not be considered as such either. It is solely for general information purpose only, which does not consider your own investment objectives, financial situations or needs. TTM assumes no responsibility or warranty for the accuracy and completeness of the information, investors should do their own research and may seek professional advice before investing.

Most Discussed

{"basename":"","ssrTDKData":{"titleTemplate":"%s - Tiger Brokers","title":"Tiger Brokers | Global Stocks, Options & Futures Trading App","description":"Tiger Brokers, one-stop investment in US stocks, SGX stocks, HK stocks, A-shares & other global assets. One of the best stock trading platforms in Singapore.","keywords":"tiger brokers,tiger trade,tiger brokers singapore,broker online,stock trading in singapore,share trading singapore,brokerage firm singapore,trading app,stock broker singapore,stock trading platforms,trading account","social":{"ogDescription":"Tiger Brokers, one-stop investment in US stocks, SGX stocks, HK stocks, A-shares & other global assets. One of the best stock trading platforms in Singapore.","ogImage":"https://c1.itigergrowtha.com/portal5/static/media/og-logo.be62fbe1.png","ogUrl":"https://www.itiger.com/news/2529874069"},"companyName":"Tiger Brokers"},"pageData":{"isMobile":false,"isTiger":false,"isTTM":true,"region":"SGP","license":"TBSG","edition":"fundamental"},"isCrawlerRequest":true,"__swrFallback__":{"@#url:\"https://stock-news.skytigris.cn/v3/news\",params:#id:\"2529874069\",edition:\"fundamental\",auth_exemption:1,,,undefined,":{"share":"https://ttm.financial/m/news/2529874069?lang=en_US&edition=fundamental","thumbnail":"","is_english":false,"pubTime":"2025-04-21 19:07","share_image_url":"https://static.laohu8.com/e9f99090a1c2ed51c021029395664489","id":"2529874069","market":null,"top_or_hot":-1,"title":"KiloEx 发布黑客事件总结：智能合约中的TrustedForwarder 合约存在漏洞","media":"金色财经","content":"<html><body><p>【KiloEx 发布黑客事件总结：智能合约中的TrustedForwarder 合约存在漏洞】4月21日消息，KiloEx 发布黑客事件根本原因分析和事后总结，事件起因是其智能合约中的 TrustedForwarder 合约继承了 OpenZeppelin 的 MinimalForwarderUpgradeable 但未重写 execute 方法，导致该函数可被任意调用。 \n攻击发生于 4 月 14 日 18:52 至 19:40（UTC），黑客通过在 opBNB、Base、BSC、Taiko、B2 和 Manta 等多个链上部署攻击合约实施攻击。经过协商，黑客同意保留 10% 赏金，并已将所有被盗资产（包括 USDT、USDC、ETH、BNB、WBTC 和 DAI）退还至 KiloEx 指定的多重签名钱包。</p></body></html>","source":"jinse_live","html":"<!DOCTYPE html>\n<html>\n<head>\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\" />\n<meta name=\"viewport\" content=\"width=device-width,initial-scale=1.0,minimum-scale=1.0,maximum-scale=1.0,user-scalable=no\"/>\n<meta name=\"format-detection\" content=\"telephone=no,email=no,address=no\" />\n<title>KiloEx 发布黑客事件总结：智能合约中的TrustedForwarder 合约存在漏洞</title>\n<style type=\"text/css\">\na,abbr,acronym,address,applet,article,aside,audio,b,big,blockquote,body,canvas,caption,center,cite,code,dd,del,details,dfn,div,dl,dt,\nem,embed,fieldset,figcaption,figure,footer,form,h1,h2,h3,h4,h5,h6,header,hgroup,html,i,iframe,img,ins,kbd,label,legend,li,mark,menu,nav,\nobject,ol,output,p,pre,q,ruby,s,samp,section,small,span,strike,strong,sub,summary,sup,table,tbody,td,tfoot,th,thead,time,tr,tt,u,ul,var,video{ font:inherit;margin:0;padding:0;vertical-align:baseline;border:0 }\nbody{ font-size:16px; line-height:1.5; color:#999; background:transparent; }\n.wrapper{ overflow:hidden;word-break:break-all;padding:10px; }\nh1,h2{ font-weight:normal; line-height:1.35; margin-bottom:.6em; }\nh3,h4,h5,h6{ line-height:1.35; margin-bottom:1em; }\nh1{ font-size:24px; }\nh2{ font-size:20px; }\nh3{ font-size:18px; }\nh4{ font-size:16px; }\nh5{ font-size:14px; }\nh6{ font-size:12px; }\np,ul,ol,blockquote,dl,table{ margin:1.2em 0; }\nul,ol{ margin-left:2em; }\nul{ list-style:disc; }\nol{ list-style:decimal; }\nli,li p{ margin:10px 0;}\nimg{ max-width:100%;display:block;margin:0 auto 1em; }\nblockquote{ color:#B5B2B1; border-left:3px solid #aaa; padding:1em; }\nstrong,b{font-weight:bold;}\nem,i{font-style:italic;}\ntable{ width:100%;border-collapse:collapse;border-spacing:1px;margin:1em 0;font-size:.9em; }\nth,td{ padding:5px;text-align:left;border:1px solid #aaa; }\nth{ font-weight:bold;background:#5d5d5d; }\n.symbol-link{font-weight:bold;}\n/* header{ border-bottom:1px solid #494756; } */\n.title{ margin:0 0 8px;line-height:1.3;color:#ddd; }\n.meta {color:#5e5c6d;font-size:13px;margin:0 0 .5em; }\na{text-decoration:none; color:#2a4b87;}\n.meta .head { display: inline-block; overflow: hidden}\n.head .h-thumb { width: 30px; height: 30px; margin: 0; padding: 0; border-radius: 50%; float: left;}\n.head .h-content { margin: 0; padding: 0 0 0 9px; float: left;}\n.head .h-name {font-size: 13px; color: #eee; margin: 0;}\n.head .h-time {font-size: 11px; color: #7E829C; margin: 0;line-height: 11px;}\n.small {font-size: 12.5px; display: inline-block; transform: scale(0.9); -webkit-transform: scale(0.9); transform-origin: left; -webkit-transform-origin: left;}\n.smaller {font-size: 12.5px; display: inline-block; transform: scale(0.8); -webkit-transform: scale(0.8); transform-origin: left; -webkit-transform-origin: left;}\n.bt-text {font-size: 12px;margin: 1.5em 0 0 0}\n.bt-text p {margin: 0}\n</style>\n</head>\n<body>\n<div class=\"wrapper\">\n<header>\n<h2 class=\"title\">\nKiloEx 发布黑客事件总结：智能合约中的TrustedForwarder 合约存在漏洞\n</h2>\n\n<h4 class=\"meta\">\n\n\n2025-04-21 19:07 北京时间&nbsp;&nbsp;&nbsp;<a href=https://medium.com/@KiloEx/kiloex-security-incident-root-cause-analysis-post-mortem-3d899caac08c><strong>金色财经</strong></a>\n\n\n</h4>\n\n</header>\n<article>\n<div>\n<p>【KiloEx 发布黑客事件总结：智能合约中的TrustedForwarder 合约存在漏洞】4月21日消息，KiloEx 发布黑客事件根本原因分析和事后总结，事件起因是其智能合约中的 TrustedForwarder 合约继承了 OpenZeppelin 的 MinimalForwarderUpgradeable 但未重写 execute 方法，导致该函数可被任意调用。 \n攻击发生于 4 月 ...</p>\n\n<a href=\"https://medium.com/@KiloEx/kiloex-security-incident-root-cause-analysis-post-mortem-3d899caac08c\">Source Link</a>\n\n</div>\n\n\n</article>\n</div>\n</body>\n</html>\n","isBrief":false,"type":0,"news_type":1,"symbol":"FT_SY_XBT","symbol_name":"CBOE比特币","start_time":0,"source_url":"https://medium.com/@KiloEx/kiloex-security-incident-root-cause-analysis-post-mortem-3d899caac08c","article_id":"2529874069","we_media_id":null,"thumbnails":[],"rights":null,"url":"https://stock-news.laohu8.com/highlight/detail?id=2529874069","pubTimestamp":1745233639,"columns":[],"sourceInfo":{"source_id":"jinse_live","name":"金色财经"},"weMediaInfo":null,"summary":"【KiloEx 发布黑客事件总结：智能合约中的TrustedForwarder 合约存在漏洞】4月21日消息，KiloEx 发布黑客事件根本原因分析和事后总结，事件起因是其智能合约中的 Trusted","collect":0,"end_time":0,"defaultTopTitle":"medium.com","property":[],"viewcount":null,"language":"zh","relate_stocks":{"BTC":"Grayscale Bitcoin Mini Trust","ETH":"低成本以太坊ETF-Grayscale","USDC":"USDATA Corp.","BK4601":"加密货币现货ETF"},"translate_title":"KiloEx releases summary of hacking incident: TrustedForwarder contract in smart contract has a vulnerability","themeId":null,"isJumpTheme":false,"ttsUrl":null,"symbols_score_info":{"BTC":1,"XBTmain":1,"USDC":1,"ETH":1,"BTCmain":1},"content_text":"【KiloEx 发布黑客事件总结：智能合约中的TrustedForwarder 合约存在漏洞】4月21日消息，KiloEx 发布黑客事件根本原因分析和事后总结，事件起因是其智能合约中的 TrustedForwarder 合约继承了 OpenZeppelin 的 MinimalForwarderUpgradeable 但未重写 execute 方法，导致该函数可被任意调用。 \n攻击发生于 4 月 14 日 18:52 至 19:40（UTC），黑客通过在 opBNB、Base、BSC、Taiko、B2 和 Manta 等多个链上部署攻击合约实施攻击。经过协商，黑客同意保留 10% 赏金，并已将所有被盗资产（包括 USDT、USDC、ETH、BNB、WBTC 和 DAI）退还至 KiloEx 指定的多重签名钱包。","kind":"live","is_publish_news":false,"is_publish_highlight":false,"is_publish_live":true,"is_publish_wemedia":null,"editions":null,"column":"","sentiment":"0","news_tag":"","news_rank":0,"symbols":[],"gpt_button":0,"need_auth":false,"code":"91000000","status":"200"}}}