News list for "ops"
Security firm Wiz has discovered that a hacker group codenamed JINX-0132 is using a DevOps tool configuration vulnerability on a large scale to conduct cryptocurrency mining attacks. The attack mainly targets tools such as HashiCorp Nomad/Consul, Docker API and Gitea, and about 25% of cloud environments are at risk. The attack methods include: deploying XMRig mining software with Nomad default configuration, executing malicious scripts through Consul's unauthorized API, and controlling the expos...
安全公司 Wiz 发现代号 JINX-0132 的黑客组织正大规模利用 DevOps 工具配置漏洞进行加密货币挖矿攻击。该攻击主要针对 HashiCorp Nomad/Consul、Docker API 和 Gitea 等工具,约 25%的云环境存在风险。攻击手法包括:利用 Nomad 默认配置部署 XMRig 挖矿软件、通过 Consul 未授权 API 执行恶意脚本、控制暴露的 Docker API 创建挖矿容器。
Loopscale发布黑客攻击事后报告,披露黑客利用协议的定价逻辑漏洞导致USDC和SOL Genesis金库未经授权流出5,726,724.97枚USDC和1,211.4枚SOL,目前所有资金已收回。 Loopscale补充表示,将分阶段推出完整协议功能的重新启用,再融资功能即将重启,宽限期将延长3天,为借款人提供偿还或平仓的机会,建议借款人监控头寸,以防利率发生变化或流动性收紧。此外,4月26日至6月7日期间Vault或...
Loopscale released an update on the X platform, which revealed that the withdrawal logic and vulnerability patches have been audited by security firm Sec3 and an independent auditor. The Vault withdrawal function will be reopened to all users at 10:00 am EST tomorrow, and the incident analysis report will also be released. In order to maintain the stability of the agreement, a temporary 24-hour limit on the withdrawal limit per user is expected to be implemented.
Loopscale在X平台发布黑客攻击事件更新,其中披露提现逻辑和漏洞补丁已由安全公司Sec3和一个独立审计员完成审计,Vault提款功能将于美东时间明日上午10:00重新向所有用户开放,同时事件分析报告也将发布。为了维护协议稳定性,预计将对每位用户的提现限额实行临时的24小时限制。
Loopscale released an update on the hack incident on the X platform, in which it disclosed that the work to re-enable Vault withdrawals is nearly complete, and withdrawals are expected to be ready in the next few days. Loopscale has previously disclosed that the final balance of recovered funds is 5,697,102.5 USDC and 1,215 SOL. All Loopscale vaults, including Genesis Vaults (SOL, USDC, and USDG) and others (jitoSOL and fragSOL), will be subject to a 24-hour withdrawal limit per user, per vault,...
Loopscale在X平台发布黑客攻击事件更新,其中披露重新启用 Vault 提款的工作已接近完成,预计提款将在未来几天内准备就绪,Loopscale此前已披露最终收回的资金余额为5,697,102.5枚USDC和1,215枚SOL,所有Loopscale金库,包括创世金库(SOL、USDC和USDG)和其他(jitoSOL和fragSOL),都将受到每个用户、每个金库的24小时提款限额的约束,旨在减轻流动性冲击,防止借款利率急剧飙升。
Loopscale released an update on the X platform, which revealed that the final recovered fund balance was 5,697,102.5 USDC and 1,215 SOL. Since the attacker converted USDC to SOL at a non-optimal exchange rate, there was a difference of approximately $29,000. The Loopscale team will fully compensate for this difference, ensuring that all users are compensated. In addition, to ensure the security and stability of the protocol, all Loopscale vaults, including the Genesis Vault (SO...
Loopscale在X平台发布黑客攻击事件更新,其中披露最终收回的资金余额为5,697,102.5枚USDC和1,215枚SOL,由于攻击者以非最佳汇率将USDC转换为SOL,因此存在约29,000美元的差额,Loopscale团队将全额补偿这笔差额,确保所有用户都得到补偿。 此外,为确保协议的安全性和稳定性,所有Loopscale金库,包括创世金库(SO...
此前受到黑客攻击的Loopscale在X平台发布提醒称,目前收到针对Loopscale用户的网络钓鱼攻击报告,提醒社区Loopscale团队绝不会直接向用户发送私信或电子邮件,请勿点击任何声称来自Loopscale的链接,提款流程的官方更新将从Loopscale的官方X帐户发布。
Loopscale 发文表示,在与黑客成功协商后,Loopscale 协议于 4 月 26 日被取走的所有资金(包括 5,726,725 枚 USDC 和 1,211 枚 SOL)现已全部追回。本次事件中,用户的存款将不会遭受任何损失。更多细节(包括金库提现相关信息)将随后公布。
