Futures
Access hundreds of perpetual contracts
TradFi
Gold
One platform for global traditional assets
Options
Hot
Trade European-style vanilla options
Unified Account
Maximize your capital efficiency
Demo Trading
Introduction to Futures Trading
Learn the basics of futures trading
Futures Events
Join events to earn rewards
Demo Trading
Use virtual funds to practice risk-free trading
Launch
CandyDrop
Collect candies to earn airdrops
Launchpool
Quick staking, earn potential new tokens
HODLer Airdrop
Hold GT and get massive airdrops for free
Pre-IPOs
Unlock full access to global stock IPOs
Alpha Points
Trade on-chain assets and earn airdrops
Futures Points
Earn futures points and claim airdrop rewards
More
Hyperbridge contract encounters MMR proof replay vulnerability, resulting in approximately $242k in losses
Deep Tide TechFlow News, April 13, according to BlockSec Phalcon disclosure, the HandlerV1 contract managed by Hyperbridge saw a Merkle Mountain Range (MMR) proof replay vulnerability on the Ethereum network, resulting in losses of about $242k. The vulnerability arose because the proof was not bound to the request, allowing attackers to replay historical valid proofs and, together with newly forged requests, carry out actions such as changing administrator permissions. In a specific case, the attacker changed the Polkadot (DOT) Token administrator, then used the permissions to mint additional DOT and profited. Related attack transactions that have been observed include changing the DOT Token administrator and minting (loss of about $237.4k), changing the ARGN Token administrator and minting (loss of about $3,800), and host withdrawals. The vulnerability was discovered by PhalconSecurity and analyzed via PhalconExplorer.
Earlier reports indicate that the Hyperbridge gateway contract was attacked, with 1 billion DOT tokens minted on Ethereum and sold off.