TechFlow, December 13 — The 0G Foundation announced on X that a targeted attack on December 11 compromised its reward contract. The attacker exploited the emergency withdrawal function of the 0G reward contract—used to distribute alliance rewards—to steal 520,010 0G tokens, 9.93 ETH, and $4,200 worth of USDT, which were subsequently bridged and laundered through Tornado Cash. The breach originated from exploitation of a critical Next.js vulnerability (CVE-2025-66478) on December 5, enabling the attacker to move laterally via internal IP addresses. Affected systems included calibration services, validator nodes, Gravity NFT service, node sales service, Compute, Aiverse, Perpdex, and Ascend. However, the core chain infrastructure and user funds remained unaffected.
Risk Disclosure: This website's content is not investment advice and offers no trading guidance or related services. Per regulations from the PBOC and other authorities, users must be aware of virtual currency risks. Contact us / support@techflowpost.com ICP License: 琼ICP备2022009338号
