โ ๏ธ 0G Foundation Suffers Targeted Exploit ๐ก๏ธ
According to ChainCatcher, the 0G Foundation reported a targeted attack on its reward contract via X, where the attacker exploited the emergency withdrawal function, stealing 520,010 $0G tokens, later bridged through Tornado Cash ๐. The breach stemmed from a leaked private key on an Alibaba Cloud instance managing NFT rewards and status, compounded by a critical Next.js vulnerability (CVE-2025-66478) exploited on Dec 5 โ ๏ธ. The attacker moved laterally across internal systems, impacting multiple services including validators, NFT platforms, and computing infrastructure ๐ฅ๏ธ. Confirmed losses: 520,010 $0G, 9.93 ETH, $4,200 USDT, while the core chain and user funds remain secure โ .
