Fusion Ecosystem DeFi Project Under Attack: Smart Contract Vulnerability Leads to Fund Theft

GasFeeLady · 2026-01-07T04:08:10+00:00

Recently, a smart contract vulnerability was discovered within the Fusion ecosystem. Attackers exploited the flaw to deploy malicious contracts and steal funds from the vault. This incident reminds us that emerging account abstraction solutions require repeated audits, as subtle vulnerabilities can lead to fund loss.

GasFeeLady

2026-01-07 04:08:10

Abstract generation in progress

【BitPush】Another incident of an smart contract vulnerability. The security team detected suspicious activity within the Fusion ecosystem—the issue is related to the basic contract, and the project’s EOA account controlled through EIP-7702 technology has a defense loophole. What does this mean? It means this vulnerability opens the door to arbitrary external calls, giving attackers an opportunity. They took advantage of this to deploy malicious circuit breaker contracts for PlasmaVault, directly draining funds from the treasury. This type of DeFi security incident reminds us that even emerging account abstraction schemes require repeated audits, as small detail vulnerabilities can quickly become gaps leading to fund loss.

View Original

This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.

8 Likes

Reward
8
7
Repost
Share

Comment

0/400

FomoAnxiety

· 01-08 03:53

Here it comes again, always the same script... EIP-7702 can't stop these guys --- The account abstraction stuff feels like it's not ready yet but being rushed, sooner or later you'll suffer --- PlasmaVault is directly a loss this time; the treasury was drained, which is really not good --- Where is the promised repeated audits? It still failed at the basic contract, this is awkward --- DeFi is always high yield and high risk, looks like I need to be more cautious --- That circuit breaker contract trick is also incredible; technology is indeed a double-edged sword --- It's always like this, new technology comes out and is exposed to have vulnerabilities within days, when will it finally settle down --- Whose responsibility is it this time? The project team or the security team didn't do their best

View OriginalReply0

Token_Sherpa

· 01-07 04:37

eip-7702 hype without the audits... classic move. account abstraction is just tradfi complexity dressed up in crypto clothing tbh

Reply0

TestnetNomad

· 01-07 04:35

Coming again? EIP-7702 can still be messed up like this, truly incredible --- Account abstraction solutions sound advanced, but it turns out the basic contracts are still not well implemented, hilarious --- PlasmaVault was directly drained, which is why I never touch new projects that haven't undergone multiple audits --- Feels like there are new vulnerabilities every week now, can this ecosystem still be played? --- Vulnerabilities in the defense line leading to arbitrary calls, it's outrageous that such basic errors can occur --- I knew it, funds on the chain are never that safe, in the end, it still depends on whether the code audit is reliable or not --- The circuit breaker contract was drained immediately after deployment, this operation is a textbook-level attack path

View OriginalReply0

DustCollector