Futures
Access hundreds of perpetual contracts
TradFi
Gold
One platform for global traditional assets
Options
Hot
Trade European-style vanilla options
Unified Account
Maximize your capital efficiency
Demo Trading
Introduction to Futures Trading
Learn the basics of futures trading
Futures Events
Join events to earn rewards
Demo Trading
Use virtual funds to practice risk-free trading
Launch
CandyDrop
Collect candies to earn airdrops
Launchpool
Quick staking, earn potential new tokens
HODLer Airdrop
Hold GT and get massive airdrops for free
Launchpad
Be early to the next big token project
Alpha Points
Trade on-chain assets and earn airdrops
Futures Points
Earn futures points and claim airdrop rewards
More
Security incident strikes again. Someone exploited a vulnerability in an uninitialized EIP-7702 delegate contract, gaining full ownership rights and draining all funds. The amount? 95 ETH, which was subsequently transferred to Tornado Cash.
The key point of this incident lies here: the attacker exploited an initialization flaw present in the relatively new feature EIP-7702. In simple terms, the contract was not properly initialized, rendering permission verification ineffective. Once the attacker obtained the owner role, withdrawing funds became a matter of minutes.
It is worth noting that the funds were then sent to a mixer. This indicates that the attacker is attempting to cut off the money trail and increase tracking difficulty. For contract developers, this serves as a reminder — even small initialization logic cannot be overlooked, especially in parts involving permission management.
---
It's Tornado Cash again, these guys are really good at playing tricks, they are familiar with the money laundering process
---
EIP-7702 hasn't even been fully implemented yet, and people are starting to find fault, new features are really high-risk zones
---
Permission management can't have any luck-based thinking, small details can ruin the whole system
---
Just take the owner permissions? That's just giving it away for free, is it really that hard to check the init?
---
You can tell the intention just by looking at the mixer, avoiding traceability, old tricks
---
Contract auditing needs more funding, too many vulnerabilities are due to initialization issues
---
95 ETH flashed away, developers need to learn their lesson
---
If the initialization logic isn't careful, you'll get exploited like this
---
Tornado Cash is active again, blockchain anti-money laundering still has a long way to go
EIP-7702 is so new and already causing trouble, hilarious.
95 ETH in Tornado just disappeared, this is the daily life of Web3.
Contract permissions really can't be lazy; a single slip and everything gets wiped out.
Tornado Cash is laundering money again, always the same routine.
Every time I see these kinds of incidents, I think that testing before launching new features should be more rigorous.
Permission verification being practically useless is truly incredible; how did it pass the review?
95 ETH just gone like that, I wonder how the project team is feeling right now.
Behind every vulnerability is a developer saying, "I'll check one more time before launching."
---
95 ETH just went into Tornado, making tracking difficulty skyrocket.
---
EIP-7702 was just released and got called out, are new features always like this?
---
Permission verification is practically useless, and they still dare to deploy? How confident are they?
---
As soon as I see a mixer, I know this guy came prepared—professional in committing crimes.
---
Again with the initialization issue... Contract audits are really not worth much anymore.
---
95 ETH disappeared just like that, whose project is this so unlucky?
---
Before EIP-7702 even gained popularity, security incidents started happening—it's really hard to keep up.
---
Cutting off the funding chain and entering a mixer... Hackers are now so meticulous in their work.
---
Every time they say they've learned their lesson, but next time it's the same trap. It's a bit exhausting.
EIP-7702 has issues again; developers need to be more careful.
95 ETH sent to Tornado, can't even chase it back.
New features come with many pitfalls; thorough auditing is essential.
Permission management cannot be taken lightly; the cost is too high.
---
Is it really just about 95 ETH into Tornado? Tracking this matter still relies on on-chain detectives
---
EIP-7702 is truly a Pandora's box, daring to deploy without fully understanding the new features? Seriously
---
Permission management can also go wrong, I just want to know who audited this contract
---
Another classic example of "initialization logic is minor and can be ignored," the tuition fee is really expensive
---
One-stop mixing service, this guy's early work is quite professional...
---
Developers should be more cautious, it seems that the pitfalls of EIP-7702 are more numerous than expected
---
95 ETH was quickly moved into Tornado Cash, leaving so fast
---
EIP-7702 was just launched and was immediately exploited? That's really intense
---
Permission management is truly a battleground, no room for carelessness
---
Before the contract could even warm up, someone exploited it for profit, really embarrassing
---
It's always the same pattern: initialize → gain permissions → run away with the funds
---
If this happened with 95 ETH in the past, it would have caused a huge public outcry
---
I'm telling you, the pitfalls of new features are the deepest, now you regret it, right?
---
Really, how careful must one be to prevent these vulnerabilities?
---
Tornado Cash has appeared again, how to track it this time?
---
The new feature of EIP-7702 was immediately exploited after release; contract developers really should pay attention to this.
---
95 ETH into Tornado, and it's done; now on-chain evidence collection is extremely difficult.
---
Is permission verification just a formality? Isn't this just my stable loss strategy in reverse operation?
---
Can't even handle initialization properly, and still dare to write DeFi contracts. I advise everyone to conduct self-audits quickly.
---
Another story of a new feature and a new vulnerability, EIP-7702 is quite aggressive.
---
Once you enter a mixer, you'll never get out; the attacker’s transaction fee is well spent.
---
Honestly, anyone can fall into the trap of initialization; I've lost twice just on this part.
---
Owner permissions can all be seized; this contract is really imaginative.