According to PANews, Aftermath Finance, a perpetual futures platform on the Sui blockchain, lost over $1.14 million in an attack on April 29. GoPlus analysis revealed that attackers exploited a symbol mismatch vulnerability in the calculate_taker_fees function by stealing ADMIN privileges through the add_integrator_config function to repeatedly extract tokens.
Afthermath Finance confirmed the total loss and stated that all users will receive full compensation with support from Mysten Labs and the Sui Foundation. The team emphasized this is not a Move contract language security issue.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Aftermath Finance suffers an attack loss of 1.14 million, Mysten Labs supports full compensation for users
According to GoPlus’ technical analysis of the attack incident released on April 30 and an official statement from Aftermath Finance, the Sui-chain perpetual contract platform Aftermath Finance was attacked on April 29, suffering losses of more than $1.14 million. With support from Mysten Labs and the Sui Foundation, the project announced that all users will receive full compensation.
MarketWhisper41m ago
SWEAT agreement was stolen 13.71 billion tokens; after pausing the contracts, users’ funds were fully restored
According to the post-incident briefing released after the SWEAT protocol attack, the user funds that were stolen in the vulnerability incident that occurred on Wednesday have been fully restored, and the protocol operations have returned to normal. Crypto security company Blockaid estimates that the attacker stole approximately 13.71 billion SWEAT tokens; the SWEAT team quickly paused the token contract, and coordinated with exchanges and the liquidity provider Rhea Finance, ultimately restoring all users’ account balances.
MarketWhisper2h ago
Polymarket Denies Data Breach Claim After Hacker Alleges 300K+ Records Compromised
According to Polymarket's official statement, the prediction market platform has denied recent allegations that it suffered a data breach, saying the information being circulated involves public API endpoints and on-chain blockchain data. A hacker using the pseudonym "xorcat" claimed to have
GateNews10h ago
HKMA Warns of Fraudulent Tokens Impersonating Licensed Stablecoin Issuers on April 28
The Hong Kong Monetary Authority (HKMA) issued a public warning on April 28 regarding fraudulent digital tokens circulating under the names of two newly licensed stablecoin issuers. Tokens carrying the tickers "HKDAP" and "HSBC" have appeared in the market without authorization from Anchorpoint
GateNews13h ago
