- Topic
37k Popularity
24k Popularity
25k Popularity
12k Popularity
77k Popularity
- Pin
- 🎉 The #CandyDrop Futures Challenge# is live — join now to share a 6 BTC prize pool!
📢 Post your futures trading experience on Gate Square with the event hashtag — $25 × 20 rewards are waiting!
🎁 $500 in futures trial vouchers up for grabs — 20 standout posts will win!
📅 Event Period: August 1, 2025, 15:00 – August 15, 2025, 19:00 (UTC+8)
👉 Event Link: https://www.gate.com/candy-drop/detail/BTC-98
Dare to trade. Dare to win. - 📢 Gate Square Exclusive: #WXTM Creative Contest# Is Now Live!
Celebrate CandyDrop Round 59 featuring MinoTari (WXTM) — compete for a 70,000 WXTM prize pool!
🎯 About MinoTari (WXTM)
Tari is a Rust-based blockchain protocol centered around digital assets.
It empowers creators to build new types of digital experiences and narratives.
With Tari, digitally scarce assets—like collectibles or in-game items—unlock new business opportunities for creators.
🎨 Event Period:
Aug 7, 2025, 09:00 – Aug 12, 2025, 16:00 (UTC)
📌 How to Participate:
Post original content on Gate Square related to WXTM or its - 🎉 Attention Alpha fans! Alpha’s latest TAG airdrop goes live today at 10 AM—first come, first served!
💰 Don’t forget to share your airdrop or points screenshot on Gate Square with the hashtag #ShowMyAlphaPoints# for a chance to win a share of the $200 token mystery box!
🥇 Top points winner: $100
✨ 5 outstanding posts: $20 each
📸 Pro tips:
Add a caption like “I earned ____ with Alpha. So worth it”
Share your points-earning tips or redemption experience for a better chance to win!
📅 Activity deadline: August 10, 18:00 UTC
Let’s go! See you tonight: https://www.gate.com/announcements/article - 🎉 The #CandyDrop Futures Challenge is live — join now to share a 6 BTC prize pool!
📢 Post your futures trading experience on Gate Square with the event hashtag — $25 × 20 rewards are waiting!
🎁 $500 in futures trial vouchers up for grabs — 20 standout posts will win!
📅 Event Period: August 1, 2025, 15:00 – August 15, 2025, 19:00 (UTC+8)
👉 Event Link: https://www.gate.com/candy-drop/detail/BTC-98
Dare to trade. Dare to win.
The APE airdrop vulnerability has been exploited for arbitrage of 60564 APE coins through flash loan attacks.
On March 17, 2022, a suspicious transaction involving APE Coin attracted widespread attention. According to reports from social media users, some arbitrage Bots obtained over 60,000 APE Coins through Flash Loans, each valued at around $8.
After analysis, this incident is related to a vulnerability in the airdrop mechanism of APE Coin. The eligibility for the APE Coin airdrop depends on whether the user holds a BYAC NFT at a specific moment. However, this instantaneous state can be manipulated. Attackers use Flash Loans to borrow BYAC Tokens, then exchange them to obtain BYAC NFTs, using these NFTs to claim the APE airdrop, and finally mint the BYAC NFTs back into BYAC Tokens to repay the Flash Loans. This attack pattern is very similar to price manipulation attacks based on Flash Loans, both exploiting the characteristic that the instantaneous state of assets can be manipulated.
The following is an analysis of a specific attack transaction process:
Step 1: Attack Preparation
The attacker purchased a BYAC NFT with the number 1060 from the open market for 106 ETH and transferred it to the attack contract.
Step 2: Borrow Flash Loans and exchange for BYAC NFT
The attacker borrowed a large amount of BYAC Token through Flash Loans and exchanged it for 5 BYAC NFTs (with serial numbers 7594, 8214, 9915, 8167, and 4755).
Step 3: Use BYAC NFT to claim airdrop rewards
The attacker used 6 NFTs (including the purchased No. 1060 and 5 exchanged) to claim the airdrop, receiving a total of 60,564 APE tokens as a reward.
Step 4: Mint BYAC NFT to obtain BYAC Token
To repay the Flash Loans, the attacker will mint the acquired BYAC NFT back into BYAC Token. At the same time, he will also mint his own NFT number 1060 to obtain additional BYAC Tokens to pay the fees for the Flash Loans. Finally, the remaining BYAC Tokens will be sold for approximately 14 ETH.
Profit Situation
The attacker ultimately obtained 60,564 APE tokens, worth approximately $500,000. The attack cost was the price of NFT number 106 (106 ETH) minus the 14 ETH obtained from selling BYAC Tokens.
lesson
This incident exposed the vulnerability of relying solely on instantaneous states for airdrops. When the cost of manipulating the state is lower than the airdrop rewards, attack opportunities arise. This reminds us that when designing airdrop mechanisms, we need to consider more factors, not just the asset holding status at a particular moment.
This type of attack that utilizes Flash Loans and instantaneous states poses new challenges to the security design of blockchain projects. Future projects need to be more cautious when designing similar mechanisms, considering various possible attack scenarios to ensure the security and fairness of the system.