Security Alert in the 0G Ecosystem
The 0G Foundation has confirmed a targeted attack on its rewards contract, where an attacker exploited the emergency withdrawal function and diverted over 520 thousand $0G tokens. The incident originated from a critical vulnerability in Next.js, which allowed the leakage of a private key hosted on Alibaba Cloud.
The attacker was able to move laterally through the internal infrastructure, affecting multiple services, including NFTs, validators, and computing systems. Despite the losses that include 520,010 $0G, 9.93 ETH, and US$ 4,200 in USDT, the foundation reinforced that the main blockchain and user funds were not compromised, with the impact restricted to the rewards contract.
⚠️ Another reminder that security in the cloud and management of private keys remain critical points in the crypto sector.
