鏈上安全監控平台派盾(PeckShieldAlert)於 4 月 1 日確認,LML 代幣遭受針對性攻擊,損失約 95 萬美元,弊價在短時間內暴跌 99.6%,幾近歸零。攻擊者隨即將竊取的 950,000 USDT 兌換為 450.6 枚 ETH,存入隱私混幣協議 Tornado Cash 以切斷資金追蹤鏈條。
攻擊技術核心:TWAP 定價與現貨價格的可操縱缺口
(來源:Trading View)
這次攻擊利用了 DeFi 質押協議中一種典型的設計風險:獎勵計算邏輯使用滯後的 TWAP 或快照價格,而資金實際出售以即時現貨價格執行,兩者之間的價格差異創造了可操縱的套利窗口。
當攻擊者能夠在短時間內人為拉高代幣的現貨價格時,以 TWAP 計算出的獎勵量,在被操縱的高現貨價下出售,可獲取遠超正常情況的實際收益。更關鍵的是,獎勵領取與代幣出售可以在同一個交易序列中原子性完成,使傳統風控機制難以在套利閉合前介入。BlockSec 指出,這類 TWAP 定價設計缺陷並非 LML 獨有,已在多個 DeFi 協議中被發現,但許多協議至今未針對此類攻擊向量進行充分加固。
攻擊步驟還原:零地址路徑操控到混幣出逃
根據 BlockSec 的鏈上追蹤分析,攻擊者的操作分為以下關鍵步驟:
預存代幣建立持倉:事先向目標質押協議存入代幣,取得後續調用 claim 功能的資格
零地址路徑拉高現貨價:通過將接收者設為零地址的交易路徑,人為減少流通供應並推高 LML 現貨價格
在高價下調用 claim 獲取獎勵:在被操縱的現貨高位,基於 TWAP 或快照計算的獎勵邏輯計算出大量可領取代幣
高現貨價下立即出售獎勵:在現貨仍處於人為高位時立即出售,套現約 950,000 USDT
USDT 換 ETH 後存入混幣器:將 950,000 USDT 兌換為 450.6 枚 ETH,存入 Tornado Cash 切斷鏈上追蹤
整個攻擊流程在鏈上原子性完成,沒有留下傳統意義上的「失手窗口」。
Tornado Cash 混幣路徑與 DeFi 安全的系統性警示
攻擊者選擇 Tornado Cash 作為資金清洗工具,是 DeFi 攻擊事件中的慣常路徑。Tornado Cash 透過零知識證明打破鏈上資金的可追溯性,使執法機構和安全研究人員難以跟蹤最終去向,顯著提高了資產追回的難度。
此次 LML 攻擊揭示的問題具有廣泛的行業參考意義。依賴 TWAP 或快照定價的獎勵發放機制,在流動性較低的代幣上普遍存在被操縱的風險——低流動性意味著攻擊者推高現貨價所需的成本相對較低,而套利回報卻可能極高。DeFi 協議防範此類攻擊的核心措施,包括在獎勵領取與代幣出售之間引入時間延遲、限制單地址短時間可領取的獎勵上限,以及加入即時現貨價與 TWAP 的偏差閾值保護。
常見問題
LML 這次攻擊是如何利用 TWAP 定價機制的?
攻擊的核心是「獎勵計算基準」與「出售基準」之間的不一致性:協議以滯後的 TWAP 或快照價格計算可領取獎勵量,但代幣可在即時現貨價格下直接出售。攻擊者透過人為操縱現貨高點後立即領取並出售,使「按慢速價格計算、按操縱高價出售」的套利成為可能,單次損失高達 95 萬美元。
攻擊者為何使用零地址路徑推高 LML 現貨價格?
將接收者設為零地址的交易在技術上是一種「燒毀」操作——代幣轉至無人控制的地址,從流通中消失,導致市場可見的流通供應急劇減少,現貨價格人為拉高。攻擊者通常以閃電貸支撐這一操作成本,在不持有資產的前提下完成價格操縱,整個過程可在單一交易區塊內完成。
存入 Tornado Cash 後,攻擊者的資金是否完全無法追蹤?
Tornado Cash 大幅提高追蹤難度,但並不等同於完全無法追蹤。鏈上安全公司可透過入場時間、金額特徵及後續鏈上行為進行關聯分析;若攻擊者需將 ETH 轉入中心化交易所套現,KYC 流程仍可能暴露身份。派盾和 BlockSec 等機構正持續監控相關地址的後續動向。
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Gerelateerde artikelen
KelpDAO Exploiter Borrows $195M ETH from Aave, TVL Drops $6.28B as Whales Withdraw
Gate News message, the KelpDAO exploiter borrowed over 82,600 ETH ($195M) from Aave using RSETH as collateral, resulting in bad debt appearing on Aave. Following this incident, numerous whales withdrew funds from Aave, causing its TVL to decline from $26.396B to $20.114B, a decrease of $6.28B.
GateNews2u geleden
Monad Co-Founder Suggests Dynamic Caps on Collateral Deposits to Mitigate Hacking Risks
Keone Hon suggests that pooled lending protocols should implement gradual rate limits on collateral asset increases to mitigate risks during hacks. He argues this could have prevented significant losses, as seen with rsETH depositors.
GateNews5u geleden
Hong Kong Police Warn of 'AI Quantitative Trading' Crypto Scam, Woman Loses HK$7.7 Million
Hong Kong police revealed a cryptocurrency fraud where a woman lost HK$7.7 million to scammers posing as investment experts via Telegram, promising high returns through AI trading. The police warned the public of the risks associated with cryptocurrency investments.
GateNews6u geleden
Morpho Pauses MORPHO OFT Cross-Chain Bridge on Arbitrum Following Kelp DAO and LayerZero Events
Morpho Association has temporarily suspended the OFT cross-chain bridge for MORPHO tokens on Arbitrum due to recent issues with Kelp DAO and LayerZero Bridge, pending confirmation of the rsETH incident's cause.
GateNews6u geleden
Kamino Pauses LayerZero-Related Asset Interactions, Closes Deposit and Lending Functions
Kamino has temporarily suspended interactions with LayerZero-related tokens as a precaution, while allowing withdrawals and debt repayments. They emphasize that this measure is for risk management and that user funds are safe.
GateNews11u geleden
Kelp DAO 遭駭 2.92 億美元:LayerZero 跨鏈橋遭偽造訊息攻擊,成 2026 年最大 DeFi 事件
Kelp DAO於4月19日遭駭,攻擊者透過LayerZero跨鏈橋偽造訊息,釋放116,500顆rsETH,損失約2.92億美元,成為2026年最大的DeFi事件。此事件凸顯跨鏈橋的安全漏洞,導致市場劇烈反應,相關協議也緊急凍結資產,面臨進一步的清算風險。
ChainNewsAbmedia13u geleden
