TechFlow news, according to SlowMist security team intelligence, the Numbers Protocol (NUM) token project on the ETH chain was attacked, with the attacker profiting approximately $13,836. The SlowMist security team shared the following details via a brief report:
1. The attacker created a malicious anyToken token—namely, the attack contract (0xa68cce)—whose underlying token points to the NUM token address;
2. Then, the attacker called the anySwapOutUnderlyingWithPermit function of the Multichain cross-chain bridge's Router contract. This function is designed to accept an anyToken and invoke the underlying token’s permit function to approve a signature, then swap out the authorized user's underlying tokens to a specified address. However, since the NUM token lacks a permit function but has a callback feature, even fake signatures provided by the attacker can return normally without causing transaction failure. This allows the victim's NUM tokens to ultimately be transferred to the designated attack contract;
3. Subsequently, the attacker swapped the stolen NUM tokens into USDC via Uniswap, then converted them into ETH for profit;
The root cause of this attack lies in the NUM token lacking a permit function while possessing a callback capability, allowing attackers to pass fake signatures to deceive the cross-chain bridge, resulting in users' assets being unexpectedly drained.
Reference attack transaction: https://etherscan.io/tx/0x8a8145ab28b5d2a2e61d74c02c12350731f479b3175893de2014124f998bff32
Add to Favorites
Share to Social Media




