NovaBox 奖励池遭遇攻击，黑客利用分配机制漏洞窃取 56.73 ETH

链捕手

Jun 11

ChainCatcher 消息，据 Bits.media 报道，NovaBox 平台的奖励池于 6 月 9 日在以太坊上遭到黑客攻击，损失约 56.73 枚 ETH，超过 130 名存款用户受影响。攻击者仅通过一笔交易就将池中资金从 65.11 ETH 耗尽至 0.09 ETH，占比约 99.86%。

安全公司 F12 表示，此次事件并非源于智能合约漏洞，而是奖励分配机制中的缺陷。攻击者通过 Aave V3 闪电贷借入 427.5 WETH，利用 NovaBox 在用户存取款时先发放股息后更新余额的机制漏洞。黑客先存入少量 NOVA 代币触发股息计算，再存入大量 ETH 使实际份额大幅增加，但由于系统未及时更新余额，仍按之前的小额份额计算股息，却按新的大额份额进行支付，产生了约 145.82 ETH 的“幻影股息”，从而耗尽奖励池。

Disclaimer: Investing carries risk. This is not financial advice. The above content should not be regarded as an offer, recommendation, or solicitation on acquiring or disposing of any financial products, any associated discussions, comments, or posts by author or other users should not be considered as such either. It is solely for general information purpose only, which does not consider your own investment objectives, financial situations or needs. TTM assumes no responsibility or warranty for the accuracy and completeness of the information, investors should do their own research and may seek professional advice before investing.

Most Discussed

{"basename":"","ssrTDKData":{"titleTemplate":"%s - Tiger Brokers","title":"Tiger Brokers | Global Stocks, Options & Futures Trading App","description":"Tiger Brokers, one-stop investment in US stocks, SGX stocks, HK stocks, A-shares & other global assets. One of the best stock trading platforms in Singapore.","keywords":"tiger brokers,tiger trade,tiger brokers singapore,broker online,stock trading in singapore,share trading singapore,brokerage firm singapore,trading app,stock broker singapore,stock trading platforms,trading account","social":{"ogDescription":"Tiger Brokers, one-stop investment in US stocks, SGX stocks, HK stocks, A-shares & other global assets. One of the best stock trading platforms in Singapore.","ogImage":"https://c1.itigergrowtha.com/portal5/static/media/og-logo.be62fbe1.png","ogUrl":"https://www.itiger.com/news/2642477217"},"companyName":"Tiger Brokers"},"pageData":{"isMobile":false,"isTiger":false,"isTTM":true,"region":"SGP","license":"TBSG","edition":"fundamental"},"isCrawlerRequest":true,"__swrFallback__":{"@#url:\"https://stock-news.skytigris.cn/v3/news\",params:#id:\"2642477217\",edition:\"fundamental\",auth_exemption:1,,,undefined,":{"share":"https://ttm.financial/m/news/2642477217?lang=en_US&edition=fundamental","thumbnail":"","is_english":false,"pubTime":"2026-06-11 09:08","share_image_url":"https://static.laohu8.com/e9f99090a1c2ed51c021029395664489","id":"2642477217","market":"other","top_or_hot":-1,"title":"NovaBox 奖励池遭遇攻击，黑客利用分配机制漏洞窃取 56.73 ETH","media":"链捕手","content":"<html><body><p>ChainCatcher 消息，据 Bits.media 报道，NovaBox 平台的奖励池于 6 月 9 日在以太坊上遭到黑客攻击，损失约 56.73 枚 ETH，超过 130 名存款用户受影响。攻击者仅通过一笔交易就将池中资金从 65.11 ETH 耗尽至 0.09 ETH，占比约 99.86%。</p><p>安全公司 F12 表示，此次事件并非源于智能合约漏洞，而是奖励分配机制中的缺陷。攻击者通过 Aave V3 闪电贷借入 427.5 WETH，利用 NovaBox 在用户存取款时先发放股息后更新余额的机制漏洞。黑客先存入少量 NOVA 代币触发股息计算，再存入大量 ETH 使实际份额大幅增加，但由于系统未及时更新余额，仍按之前的小额份额计算股息，却按新的大额份额进行支付，产生了约 145.82 ETH 的“幻影股息”，从而耗尽奖励池。</p></body></html>","source":null,"html":"<!DOCTYPE html>\n<html>\n<head>\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\" />\n<meta name=\"viewport\" content=\"width=device-width,initial-scale=1.0,minimum-scale=1.0,maximum-scale=1.0,user-scalable=no\"/>\n<meta name=\"format-detection\" content=\"telephone=no,email=no,address=no\" />\n<title>NovaBox 奖励池遭遇攻击，黑客利用分配机制漏洞窃取 56.73 ETH</title>\n<style type=\"text/css\">\na,abbr,acronym,address,applet,article,aside,audio,b,big,blockquote,body,canvas,caption,center,cite,code,dd,del,details,dfn,div,dl,dt,\nem,embed,fieldset,figcaption,figure,footer,form,h1,h2,h3,h4,h5,h6,header,hgroup,html,i,iframe,img,ins,kbd,label,legend,li,mark,menu,nav,\nobject,ol,output,p,pre,q,ruby,s,samp,section,small,span,strike,strong,sub,summary,sup,table,tbody,td,tfoot,th,thead,time,tr,tt,u,ul,var,video{ font:inherit;margin:0;padding:0;vertical-align:baseline;border:0 }\nbody{ font-size:16px; line-height:1.5; color:#999; background:transparent; }\n.wrapper{ overflow:hidden;word-break:break-all;padding:10px; }\nh1,h2{ font-weight:normal; line-height:1.35; margin-bottom:.6em; }\nh3,h4,h5,h6{ line-height:1.35; margin-bottom:1em; }\nh1{ font-size:24px; }\nh2{ font-size:20px; }\nh3{ font-size:18px; }\nh4{ font-size:16px; }\nh5{ font-size:14px; }\nh6{ font-size:12px; }\np,ul,ol,blockquote,dl,table{ margin:1.2em 0; }\nul,ol{ margin-left:2em; }\nul{ list-style:disc; }\nol{ list-style:decimal; }\nli,li p{ margin:10px 0;}\nimg{ max-width:100%;display:block;margin:0 auto 1em; }\nblockquote{ color:#B5B2B1; border-left:3px solid #aaa; padding:1em; }\nstrong,b{font-weight:bold;}\nem,i{font-style:italic;}\ntable{ width:100%;border-collapse:collapse;border-spacing:1px;margin:1em 0;font-size:.9em; }\nth,td{ padding:5px;text-align:left;border:1px solid #aaa; }\nth{ font-weight:bold;background:#5d5d5d; }\n.symbol-link{font-weight:bold;}\n/* header{ border-bottom:1px solid #494756; } */\n.title{ margin:0 0 8px;line-height:1.3;color:#ddd; }\n.meta {color:#5e5c6d;font-size:13px;margin:0 0 .5em; }\na{text-decoration:none; color:#2a4b87;}\n.meta .head { display: inline-block; overflow: hidden}\n.head .h-thumb { width: 30px; height: 30px; margin: 0; padding: 0; border-radius: 50%; float: left;}\n.head .h-content { margin: 0; padding: 0 0 0 9px; float: left;}\n.head .h-name {font-size: 13px; color: #eee; margin: 0;}\n.head .h-time {font-size: 11px; color: #7E829C; margin: 0;line-height: 11px;}\n.small {font-size: 12.5px; display: inline-block; transform: scale(0.9); -webkit-transform: scale(0.9); transform-origin: left; -webkit-transform-origin: left;}\n.smaller {font-size: 12.5px; display: inline-block; transform: scale(0.8); -webkit-transform: scale(0.8); transform-origin: left; -webkit-transform-origin: left;}\n.bt-text {font-size: 12px;margin: 1.5em 0 0 0}\n.bt-text p {margin: 0}\n</style>\n</head>\n<body>\n<div class=\"wrapper\">\n<header>\n<h2 class=\"title\">\nNovaBox 奖励池遭遇攻击，黑客利用分配机制漏洞窃取 56.73 ETH\n</h2>\n\n<h4 class=\"meta\">\n\n\n<a class=\"head\" href=\"https://laohu8.com/wemedia/1041503808\">\n\n\n<div class=\"h-thumb\" style=\"background-image:url(https://community-static.tradeup.com/news/64f0784cc29a0d0070f6e968ef6ec7f5);background-size:cover;\"></div>\n\n<div class=\"h-content\">\n<p class=\"h-name\">链捕手 </p>\n<p class=\"h-time\">2026-06-11 09:08</p>\n</div>\n\n</a>\n\n\n</h4>\n\n</header>\n<article>\n<html><body><p>ChainCatcher 消息，据 Bits.media 报道，NovaBox 平台的奖励池于 6 月 9 日在以太坊上遭到黑客攻击，损失约 56.73 枚 ETH，超过 130 名存款用户受影响。攻击者仅通过一笔交易就将池中资金从 65.11 ETH 耗尽至 0.09 ETH，占比约 99.86%。</p><p>安全公司 F12 表示，此次事件并非源于智能合约漏洞，而是奖励分配机制中的缺陷。攻击者通过 Aave V3 闪电贷借入 427.5 WETH，利用 NovaBox 在用户存取款时先发放股息后更新余额的机制漏洞。黑客先存入少量 NOVA 代币触发股息计算，再存入大量 ETH 使实际份额大幅增加，但由于系统未及时更新余额，仍按之前的小额份额计算股息，却按新的大额份额进行支付，产生了约 145.82 ETH 的“幻影股息”，从而耗尽奖励池。</p></body></html>\n\n</article>\n</div>\n</body>\n</html>\n","isBrief":false,"type":0,"news_type":1,"symbol":"ETH","symbol_name":"低成本以太坊ETF-Grayscale","start_time":0,"source_url":"https://www.chaincatcher.com/article/2270658","article_id":"2642477217","we_media_id":"1041503808","thumbnails":[],"rights":null,"url":"https://stock-news.laohu8.com/highlight/detail?id=2642477217","pubTimestamp":1781140133,"columns":[],"sourceInfo":null,"weMediaInfo":{"media_name":"链捕手","introduction":"链捕手ChainCatcher 成立于 2018 年，是一家领先的中文 Web3 媒体及数据服务商。","home_visible":1,"id":"1041503808","head_image":"https://community-static.tradeup.com/news/64f0784cc29a0d0070f6e968ef6ec7f5"},"summary":" ChainCatcher 消息，据 Bits.media 报道，NovaBox 平台的奖励池于 6 月 9 日在以太坊上遭到黑客攻击，损失约 56.73 枚 ETH，超过 130 名存款用户受影响。攻击者仅通过一笔交易就将池中资金从 65.11 ETH 耗尽至 0.09 ETH，占比约 99.86%。安全公司 F12 表示，此次事件并非源于智能合约漏洞，而是奖励分配机制中的缺陷。攻击者通过 Aave V3 闪电贷借入 427.5 WETH，利用 NovaBox 在用户存取款时先发放股息后更新余额的机制漏洞。黑客先存入少量 NOVA 代币触发股息计算，再存入大量 ETH 使实际份额大幅增加，但由于系统未及时更新余额，仍按之前的小额份额计算股息，却按新的大额份额进行支付，产生了约 145.82 ETH 的“幻影股息”，从而耗尽奖励池。 ","collect":0,"end_time":0,"defaultTopTitle":"","property":[],"viewcount":null,"language":"zh","relate_stocks":{"ETH":"低成本以太坊ETF-Grayscale","EETH":"以太币期货ETF-ProShares","SETH":"1倍做空以太币期货ETF-Proshares","BTF":"比特币&以太币期货ETF-CoinShares","ETHA":"以太坊ETF-iShares","FETH":"以太币ETF-Fidelity","ETHD":"ProShares UltraShort Ether ETF","ETHE":"最大以太坊ETF-Grayscale","TETH":"21Shares Ethereum ETF","QETH":"以太坊ETF-Invesco Galaxy","ETHI":"Defiance Leveraged Long Income Ethereum ETF","EZET":"以太坊ETF-Franklin","ETQ":"T-Rex 2X Inverse Ether Daily Target ETF","YETH":"Roundhill Ether Covered Call Strategy ETF","ETCO":"Grayscale Ethereum Covered Call ETF","ETHT":"ProShares Ultra Ether ETF","ETU":"T-Rex 2X Long Ether Daily Target ETF","ESK":"REX-Osprey ETH + Staking ETF","ETHU":"2倍以太币期货ETF-Volatility Shares","ETHV":"以太坊ETF-VanEck","ETHW":"以太坊ETF-Bitwise"},"translate_title":"NovaBox Rewards Pool Hits Attack, Hackers Leverage Allocation Mechanism Vulnerability to Steal 56.73 ETH","themeId":null,"isJumpTheme":false,"ttsUrl":null,"symbols_score_info":{"EZET":0.6,"TETH":0.6,"ETHU":0.6,"YETH":0.6,"ETHI":0.6,"ETHE":0.6,"BTF":0.6,"ETHV":0.6,"ETH":0.6,"EETH":0.6,"ETCO":0.6,"QETH":0.6,"ETHT":0.6,"ETHD":0.6,"ETQ":0.6,"ETHA":0.6,"FETH":0.6,"SETH":0.6,"ESK":0.6,"ETHW":0.6,"ETU":0.6},"content_text":"ChainCatcher 消息，据 Bits.media 报道，NovaBox 平台的奖励池于 6 月 9 日在以太坊上遭到黑客攻击，损失约 56.73 枚 ETH，超过 130 名存款用户受影响。攻击者仅通过一笔交易就将池中资金从 65.11 ETH 耗尽至 0.09 ETH，占比约 99.86%。安全公司 F12 表示，此次事件并非源于智能合约漏洞，而是奖励分配机制中的缺陷。攻击者通过 Aave V3 闪电贷借入 427.5 WETH，利用 NovaBox 在用户存取款时先发放股息后更新余额的机制漏洞。黑客先存入少量 NOVA 代币触发股息计算，再存入大量 ETH 使实际份额大幅增加，但由于系统未及时更新余额，仍按之前的小额份额计算股息，却按新的大额份额进行支付，产生了约 145.82 ETH 的“幻影股息”，从而耗尽奖励池。","kind":"highlight","is_publish_news":true,"is_publish_highlight":false,"is_publish_live":false,"is_publish_wemedia":null,"editions":null,"column":"","sentiment":"-1","news_tag":"","news_rank":0,"isVideo":false,"video":null,"symbols":[],"gpt_button":0,"need_auth":false,"need_login_tip":false,"code":"91000000","status":"200"}}}