BTC $63,221.96 +1.78%
ETH $1,748.83 +0.76%
BNB $570.70 +0.76%
XRP $1.09 +0.72%
SOL $78.19 +1.26%
TRX $0.3315 +0.52%
DOGE $0.0731 +0.87%
ADA $0.1661 -0.24%
BCH $238.31 +1.74%
LINK $7.79 +2.12%
HYPE $67.06 -0.24%
AAVE $90.91 +3.03%
SUI $0.7203 +1.21%
XLM $0.1873 +3.37%
ZEC $488.93 +4.75%
BTC $63,221.96 +1.78%
ETH $1,748.83 +0.76%
BNB $570.70 +0.76%
XRP $1.09 +0.72%
SOL $78.19 +1.26%
TRX $0.3315 +0.52%
DOGE $0.0731 +0.87%
ADA $0.1661 -0.24%
BCH $238.31 +1.74%
LINK $7.79 +2.12%
HYPE $67.06 -0.24%
AAVE $90.91 +3.03%
SUI $0.7203 +1.21%
XLM $0.1873 +3.37%
ZEC $488.93 +4.75%

rac

All
Article
Flash

Detailed explanation of the security item change event released by Gate: Confirm that the applicant has a good grasp of highly matching external information and is advancing on-chain analysis and asset tracking procedures

Gate recently released a detailed verification statement regarding the security item changes and fund loss incident reported by customer 9****6. After an internal review, the platform confirmed that the applicant submitted materials highly matching the customer's account, including Email, phone number, real-name information, transaction records, and Alipay screen recordings. The platform pointed out that the Alipay screen recording required access to the customer's Alipay account and successfully passed multiple identity verifications, indicating that the applicant not only possessed account information but also obtained the customer's external real-name information, Alipay account, and device permissions in advance.The platform emphasized that its security unbinding review implements a four-fold verification process of "multi-channel advance notification + system risk control preliminary screening + manual multi-layer review + time protection." After notifying the customer through dual channels, the application was processed only after waiting two days without objections, and a 24-hour withdrawal prohibition protection was imposed after modification. Upon investigation, there were no information leakage logs within the platform, and some sensitive identity information provided by the applicant was external information previously unknown to the platform.Regarding fund recovery, the platform has sorted out the flow of funds and collaborated with multiple departments to conduct on-chain analysis and asset tracking, currently coordinating with third parties like Tether to advance the freezing process, and will cooperate with judicial investigations in the future. The platform advises customers to conduct comprehensive security reinforcement on their devices and expresses regret that the customer did not contact the platform within the three-day notification period.

Summer.fi Lazy Summer attack is not a contract vulnerability, but rather an exploitation of the NAV mechanism

Summer.fi released an analysis report on the Lazy Summer Protocol USDC treasury attack incident. The attacker manipulated the prices of two USDC treasury shares in a single atomic transaction, extracting approximately $6.04 million of depositor funds. The core of the attack lies in the calculation method of the treasury's net asset value (NAV).The attacker donated tokens that still retained the old valuation to a Silo Ark that had been suspended after the incident in November 2025 but had not yet been completely removed, resulting in an inflated total asset value of approximately 9.5%, raising the share price, which was then redeemed at an inflated price and withdrawn from the treasury's actual liquidity. The report emphasizes that this attack was not due to a contract code vulnerability, but rather a missing link in the treasury's offline process—the deposit limit for that Ark had been set to zero, yet it was still counted in the NAV of active assets.The attacker premeditatedly accumulated the required tokens three months in advance through multiple wallets and transferred part of the profits via Tornado Cash. After the incident, Guardian Multisig has suspended all on-chain treasuries and set the deposit limit to zero. The Lazy Summer DAO will discuss compensation plans for affected users and the treasury restart plan in the coming days.
app_icon
ChainCatcher Building the Web3 world with innovations.