Blockaid 在 X 平台发布预警,Alephium 生态的以太坊跨链桥 TokenBridge 遭到恶意攻击。攻击者攻陷4个守护者密钥中的3个,伪造验证授权消息(VAA),整场攻击仅用时7分钟,累计盗走价值约81.5万美元的加密资产。 攻击期间,黑客违规铸造1376万枚封装ALPH(Wrapped ALPH),数量已超出该币种原有流通总量。同时,攻击者还从资产托管池中盗取USDT、USDC、WBTC、WETH等主流代币。 截至目前,被盗约81.5万美元资产与1376万枚无底层资产背书的封装ALPH,仍留存于攻击者地址,本次事件中数额最大的异常操作即为违规超发封装ALPH。
Blockaid issued an alert on X, stating that TokenBridge, the Ethereum cross-chain bridge within the Alephium ecosystem, had been the target of a malicious attack. The attacker compromised three out of four guardian keys and forged Validation Authorisation Messages (VAMs). The entire attack took just seven minutes, resulting in the theft of approximately $815,000 worth of cryptocurrency. During the attack, the hacker illegally minted 13.76 million Wrapped ALPH (Wrapped ALPH), a quantity exceeding the token’s original total circulating supply. Additionally, the attacker stole major tokens such as USDT, USDC, WBTC and WETH from the asset custody pool. To date, the stolen assets—amounting to approximately US$815,000—and 13.76 million Wrapped ALPH tokens, which are not backed by any underlying assets, remain in the attacker’s address. The largest irregular transaction in this incident was the unauthorised over-issuance of Wrapped ALPH.
风险提示
根据中国人民银行等八部门最新发布的银发〔2026〕42号文件,本平台内容仅用于区块链行业技术与信息分享,不构成任何投资建议,不推广、不背书任何经营与投资行为。请读者严格遵守所在地区法律法规,谨防投资风险与诈骗。
