Cos(余弦)😶🌫️|11月 20, 2025 14:36
"Checked out the @GANA_PayFi hack involving 3.1M USDT.
The cause was the leak of the owner private key for the GANA Payment Stake contract. The subsequent attack used some clever techniques, like exploiting the 7702 delegate, which conveniently bypassed the onlyEOA check for unstaking. By modifying the relevant rate and fee, the attacker managed to stake a few hundred USDT and then unstake tens of thousands of USDT. Here's an example of one operation combo:
Stake: https://((bscscan.com))/tx/0xac935e62f3f6f375d856775f8fe2628e92b1944b15a251090bef213dc5f5f9e2
Unstake: https://((bscscan.com))/tx/0x0a1fabbb536cf776335e2ded5ebf70f4c9601376e7265a127afe55305eff69ad
After each operation combo, the owner would be set to a new address, and the new address would continue initiating the same attack.
In total, 8 such attack combos were carried out, draining 3.1M USDT. The 8 owner addresses used by the attacker were:
0x5d4041abd7094aa12496Ce919E88ee3E480c3e29
0x0b8fa3F694Adb6BBEBe83628ee4c
Share To
Timeline
HotFlash
APP
X
Telegram
CopyLink