2026-01-09 04:32:43

On Thursday, a serious security incident occurred involving a validation and computation protocol based on the Ethereum ecosystem. This was not a sudden 0day vulnerability, but a time bomb that had been buried for five years.

According to on-chain data analysis, approximately 8,535 ETH were stolen in this incident, equivalent to about $26.6 million. After the event, the protocol issued a statement on X platform, confirming the discovery of a security vulnerability involving malicious actors, and stated that law enforcement had been contacted.

What’s most ironic? The attack originated from a flaw in the minting function of an old smart contract — the developers from back then left a significant loophole in the token pricing mechanism, allowing clever attackers to acquire the protocol’s native tokens at a cost far below market price.

The situation escalated. On-chain records show that at least two attackers were involved, with the main attacker profiting about $26 million, and another "small profit" of approximately $250,000. After the vulnerability was exploited, the token price plummeted instantly — from $0.16 straight down to $0.00007721, a drop of 99.9%. Investors were hit hard and stunned.

This incident serves as a wake-up call for the entire ecosystem: those long-standing smart contracts are gradually becoming "prey" in the eyes of hackers. It seems that regular security audits and contract upgrades are no longer optional.

ETH-0.78%

View Original

This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.

12 Likes

Reward
12
7
Repost
Share

Comment

0/400

StablecoinEnjoyer

· 01-09 05:02

It's a five-year ticking time bomb, this developer was really reckless back then. --- It's always the old contracts' fault. When will they learn? --- $26 million just disappeared like that, and I'm still doing grid trading. --- A 99.9% decline, how many people got liquidated? Just thinking about it hurts. --- Law enforcement? Haha, can they really catch anyone? --- So do we still trust those old projects? Never mind, I'll just buy stablecoins and be at ease. --- Hackers are really professionals; they haven't found any vulnerabilities in five years. The auditing must be really weak. --- A bug in the minting function—if it were me, I’d curse out the coder from back then. --- The most impressive part is that two people split the work, and the guy only made 250,000. The difference in treatment is huge. --- No wonder I've been increasing my stablecoin holdings recently; this ecosystem really isn't looking good.

View OriginalReply0

PanicSeller69

· 01-09 04:54

Is a 5-year time bomb? The old contract code is indeed a hidden danger. --- Old contracts and new vulnerabilities, the development skills are truly impressive. --- $26 million just disappeared like that, I’ve even taken off my pants. --- A 99.9% drop? Oh my, it’s basically zero now. --- Why do some people write code as if they’re burying landmines? --- On-chain records are clear and transparent, now that’s real transparency haha. --- Regular audits should really become mandatory, or else you’ll lose everything. --- It seems holding tokens is like gambling on when the time bomb will explode. --- Two attackers, one making big profits and the other small, is the gap really that big? --- Smart contracts definitely need a thorough review.

View OriginalReply0

AlphaLeaker

· 01-09 04:51

A five-year ticking time bomb, how careless must one be to bury it for so long. Developers are truly incredible. Hackers are just waiting for this kind of "pie" to fall from the sky. Did they really make $26 million like that? What about the audit? This coin dropped from 0.16 to 0.00007. I ask, is there still anyone buying the dip? Haha. The old contract is the biggest risk. We need to quickly check the protocols we interact with. Now, it's going to be another investor crying event. Who's to blame? It's all because the contract wasn't written properly.

View OriginalReply0

NeonCollector

· 01-09 04:46

A five-year ticking time bomb just exploded. If I had known it would turn out this way, I should have been more thorough with the audit from the beginning.

View OriginalReply0

LostBetweenChains

· 01-09 04:44

The pit buried five years ago is only blowing up now? The developer's move is incredible, it's just outrageous.

View OriginalReply0

FOMOSapien

· 01-09 04:39

A five-year ticking time bomb? Damn, that's outrageous. How can it be left for so long? It should have been audited earlier. No wonder others are complaining. It's the old contract causing trouble again. When will Web3 grow up? $26 million. This guy made a huge profit. Another one must be laughing to death. Still dare to talk about decentralization. Laughing to death. Investors are directly DED. Another wave of rug pulls.

View OriginalReply0

CryptoCrazyGF