According to the autopsy report released by the team on the project's official website Discord server on Feb. 17, the multi-chain trading center aggregation website Dexble was attacked, damaging the use of digital currency valued at $2 million.

As of 06:35 UTC on February 17, every time the user navigation bar reaches the front of the Dexble, they will indicate a pop-up warning from the relevant network hackers.

At 06:17 UTC, the team reported seeing a "potential hack into the Dexble v2 contract" and were working on the issue. About nine hours later, it issued a second statement, saying it now knew that "$2047635.17 was used from the detailed addresses of 17 traders." Four are on the medium-sized machine, and 13 are in the litigation machine.

Global Harmony released an autopsy report at 4 p.m., in the form of PDF document information, and without harmony, the working group showed that they were actively working on a rescue plan.

In a statement, the team said they noticed something wrong when one of its founders migrated a login password worth $50,000 out of their wallet because of uncertainty at the time. After investigation, the team found that an attacker used the program's selfSwp function to steal more than $2 million worth of login passwords from users previously authorized to move tokens from the app.

The SelfSwitp function allows the user to give the router address information rather than associated call data information for the exchange of one token with another. However, there is no pre-approved wireless router directory in the code. As a result, the attacker applies this feature to buy and sell tokens from the Dexble router to various token contracts, moving the user's token from his wallet to the attacker's own smart contract. So these intentional transactions come from Dexble, and the user has already been authorized to use his token by Dexble, so the token contract does not block the sale.

Related to:NFT influencers become victims of hacker attacks, damaging more than $300000 of CryptoPunks

After receiving the token into their own smart contract, the attacker obtains the coin into an uncertain BNB (BNB) wallet according to Tornado Cash.

Dexble has already stopped the contract and urged users to revoke the token authorization to the contract.

The most common practice of many authorized tokens can sometimes cause damage to login password users due to errors or thorough deliberate contracts, leading some authoritative experts to warn users to withdraw approval on time. Most Web3 applications do not directly allow users to write the total number of approved tokens, so if the application is proved to have a network security problem, the user will usually lose all account balances for the token. MetaMak and other wallets try to solve this problem by allowing users to write token approvals in the wallet determination process, but many data encryption users are still unaware of the risk of not being able to use this feature.