thetanuts

🟠 Thetanuts Finance Vault Exploited for $2.1M in Legacy Code Attack

A $2.1 million DeFi heist went down, but the target was a ghost. Attackers hit a deprecated Thetanuts Finance vault, a relic from years ago that the protocol had long since abandoned. This wasn't a breach of their active systems, but a reminder that old code never truly dies on the blockchain 🔥.

Security firms traced the damage to an integer division flaw in the contract's mint function. This bug allowed attackers to mint tokens for free, essentially printing digital cash out of thin air 💰. The exploiter managed to swap $105,000 in USDC for about 60 ETH, leaving behind a trail of digital dust.

Here's the kicker: whitehat defenders swooped in and recovered nearly $2 million in option tokens. So, while the exploit happened, the damage was largely mitigated by good actors. Still, this incident fits a disturbing pattern of attackers targeting old, unmaintained smart contracts, proving that even abandoned code can become a lucrative target 👀.

📊 Minimal immediate impact expected on major crypto markets. This exploit targets a specific, deprecated DeFi protocol and does not signal systemic risk to active DeFi infrastructure or major coin price action.

#thetanuts #defi #exploit #smartcontracts #whitehat

🟠 Vault Thetanuts Finance Взломана на $2,1 млн из-за Атаки на Устаревший Код

Ограбление DeFi на $2,1 млн произошло, но цель была призрачной. Злоумышленники атаковали устаревшую vault Thetanuts Finance, реликт многолетней давности, от которого протокол давно отказался. Это не было взломом их активных систем, а напоминанием о том, что старый код никогда по-настоящему не умирает в блокчейне 🔥.

Фирмы по безопасности отследили ущерб до ошибки целочисленного деления в функции mint контракта. Эта ошибка позволила злоумышленникам бесплатно выпускать токены, по сути, печатая цифровые деньги из воздуха 💰. Эксплойтеру удалось обменять $105 000 в USDC примерно на 60 ETH, оставив за собой след цифровой пыли.

Вот в чем соль: защитники whitehat вмешались и вернули почти $2 млн в виде опционных токенов. Так что, хотя эксплойт и произошел, ущерб был в значительной степени смягчен хорошими акторами. Тем не менее, этот инцидент вписывается в тревожную тенденцию атак на старые, необслуживаемые смарт-контракты, доказывая, что даже заброшенный код может стать прибыльной целью 👀.

📊 Ожидается минимальное немедленное влияние на основные криптовалютные рынки. Данный эксплойт нацелен на конкретный, устаревший DeFi-протокол и не сигнализирует о системном риске для активной DeFi-инфраструктуры или ценового движения основных монет.

Когда они перестанут атаковать старый код? 👇

#thetanuts #defi #exploit #smartcontracts #whitehat

Alerta de evento de segurança: De acordo com a PeckShield, a Thetanuts Finance foi atacada, com perdas atuais em torno de 2,1 milhões de dólares. Vale destacar que cerca de 2 milhões de dólares em tokens de opções foram devolvidos por hackers éticos, reduzindo a exposição ao risco.

Os fluxos de capital na blockchain mostram que o atacante trocou 105 mil USDC por cerca de 60 ETH, ainda mantendo aproximadamente 34 mil dólares em USDC e alguns tokens de opções. Acompanhe de perto a revisão do projeto, o plano de compensação e se os contratos relacionados estão suspensos ou atualizados.

Usuários de DeFi devem reduzir a interação com contratos afetados recentemente, e é aconselhável revisar e revogar autorizações de forma oportuna. #DeFi安全 #链上安全 #Thetanuts

Thetanuts Finance was exploited on June 15 after an attacker targeted a legacy Ethereum vault and drained assets valued at about $2.1 million.
According to Blockaid, ExVul, and PeckShield, the attack exploited a low-supply accounting flaw in the vault's minting and redemption calculations. The attacker used flash-loaned capital to reduce token supply to an extremely low level, then reminted tokens at a discounted rate due to rounding behavior in the contract logic.
ExVul's analysis found that the vault's redemption formula became vulnerable when the total supply approached near-zero levels. This allowed the attacker to generate inflated redemption values and repeatedly execute mint-and-claim transactions that withdrew more assets than were deposited.
Initial estimates placed losses near $105,500 in USDC. A later analysis by PeckShield reported a total impact of $2.1 million.
PeckShield also stated that about $2 million worth of option tokens were secured by whitehat actors. The attacker converted about $105,000 in USDC into ETH and continued to hold additional assets linked to the exploit.
Thetanuts Finance said the affected vault was a deprecated product that had been migrated years ago and was not connected to any current contracts or active products. The team plans to release a full post-mortem after completing its investigation.
The incident serves as another reminder that legacy DeFi infrastructure can remain vulnerable even after protocols migrate users to newer systems.

#exploit #SecurityAlert #Thetanuts #CryptoNews #CryptocurrencyNews

Thetanuts Finance aparentemente sofreu um ataque, com perdas de cerca de 2,1 milhões de dólares

A entidade de segurança blockchain PeckShield Alert monitorou e indicou que a Thetanuts Finance pode ter sido alvo de um ataque, com perdas iniciais estimadas em cerca de 2,1 milhões de dólares. A técnica de ataque específica e os ativos afetados ainda estão sendo analisados.

Por que é importante: Incidentes de segurança em DeFi continuam a ocorrer, e este projeto, que havia reiniciado após um evento de segurança em abril, foi atacado novamente, refletindo os desafios de longo prazo na auditoria de segurança e correção de vulnerabilidades dos protocolos DeFi.

#DeFi #安全 #黑客 #Thetanuts #Web3