{"id":29271,"date":"2026-05-25T19:17:22","date_gmt":"2026-05-25T19:17:22","guid":{"rendered":"https:\/\/cp.snarskis.lt\/index.php\/2026\/05\/25\/gnosis-safe-modulio-spraga-per-2-valandas-pavogta-29-mln-euru-squid-atsiriboja\/"},"modified":"2026-05-25T19:17:22","modified_gmt":"2026-05-25T19:17:22","slug":"gnosis-safe-modulio-spraga-per-2-valandas-pavogta-29-mln-euru-squid-atsiriboja","status":"publish","type":"post","link":"https:\/\/cp.snarskis.lt\/index.php\/2026\/05\/25\/gnosis-safe-modulio-spraga-per-2-valandas-pavogta-29-mln-euru-squid-atsiriboja\/","title":{"rendered":"\u201eGnosis Safe\u201c modulio spraga: per 2 valandas pavogta 2,9 mln. eur\u0173, \u201eSquid\u201c atsiriboja"},"content":{"rendered":"<p>Per i\u0161puol\u012f, nukreipt\u0105 \u012f tre\u010diosios \u0161alies \u201eGnosis Safe\u201c modul\u012f, per ma\u017edaug dvi valandas i\u0161 86 \u201eSafes\u201c buvo i\u0161tu\u0161tinta apie 2,9 mln. eur\u0173 vert\u0117s kriptoturto. Apie incident\u0105 prane\u0161\u0117 saugumo bendrov\u0117s \u201eBlockaid\u201c ir \u201ePeckShield\u201c, analizavusios atakos eig\u0105 ir l\u0117\u0161\u0173 jud\u0117jim\u0105.<\/p>\n<p>Pa\u017eeid\u017eiamas kontraktas, vie\u0161ai patvirtintas \u201eBase\u201c tinklo nar\u0161ykl\u0117je \u201eBasescan\u201c kaip \u201eSquidRouterModule\u201c, suk\u0117l\u0117 painiav\u0105 d\u0117l pavadinimo sutapimo. Kry\u017emini\u0173 pervedim\u0173 protokolas \u201eSquid\u201c pabr\u0117\u017e\u0117, kad \u0161io modulio nek\u016br\u0117, ne\u012fdieg\u0117 ir nevald\u0117, o jo pagrindinis mar\u0161rutizatorius architekt\u016bri\u0161kai atskirtas ir nebuvo paliestas.<\/p>\n<p>\u201eKontraktas, pavadintas SquidRouterModule, n\u0117ra susij\u0119s su Squid. Kol kas ne\u017einome, kas j\u012f para\u0161\u0117 ar \u012fdieg\u0117\u201c, \u2013 sak\u0117 pseudonimu prisistatantis \u201eSquid\u201c bendra\u012fk\u016br\u0117jas Fig.<\/p>\n<p>Technin\u0117 atakos esm\u0117 siejama su tuo, kad modulis kaip tariam\u0105 saugaus prane\u0161imo \u012frodym\u0105 priimdavo skambintojo perduodam\u0105 pastovi\u0105 teksto eilut\u0119. Toks dizainas sudar\u0117 s\u0105lygas u\u017epuolikui vykdyti savavali\u0161kus veiksmus ir i\u0161leisti auk\u0173 \u201eSafe\u201c laikomus \u017eetonus be \u012fprast\u0173 para\u0161\u0173, teigia \u201eSquid\u201c ir incident\u0105 analizav\u0119 tyr\u0117jai.<\/p>\n<p>\u201eBlockaid\u201c nurod\u0117, kad u\u017epuolikas naudojo \u201eFoundry\u201c pagrindu sukurtus i\u0161naudojimo kontraktus ir i\u0161kviet\u0117 modulio \u201eDelegateBundler\u201c keli\u0105, apsimesdamas autorizuotais delegatais kiekviename \u201eSafe\u201c. Tuomet buvo inicijuoti savavali\u0161ki keitimai per \u201eUniswap V3\u201c likvidumo telkinius, o dalis turto nukreipta per u\u017epuoliko suformuot\u0105 schem\u0105.<\/p>\n<p>Pagal \u201ePeckShield\u201c informacij\u0105, pavogtas turtas buvo kei\u010diamas \u012f u\u017epuoliko sukurt\u0105 menkavert\u012f \u017eeton\u0105, o v\u0117liau, i\u0161\u0117mus likvidum\u0105, pajamos konsoliduotos \u012f ma\u017edaug 2,7 mln. eur\u0173 vert\u0117s DAI. Analitikai taip pat siejo pirmin\u012f u\u017epuoliko finansavim\u0105 su \u201eTornado Cash\u201c, kas da\u017enai apsunkina l\u0117\u0161\u0173 kilm\u0117s atsekamum\u0105.<\/p>\n<p>Incidentas dar kart\u0105 i\u0161ry\u0161kino rizikas, susijusias su papildiniais ir moduliais, kurie integruojami \u012f pla\u010diai naudojamas kriptoturto saugojimo ar valdymo sistemas. Net jei pagrindin\u0117 platforma yra audituota, tre\u010di\u0173j\u0173 \u0161ali\u0173 komponentai gali tapti silpniausia grandimi, ypa\u010d kai j\u0173 logikoje paliekami supaprastinti patikros mechanizmai.<\/p>\n<p>\u201eSquid\u201c atkreip\u0117 d\u0117mes\u012f, kad ankstyvi vie\u0161i prane\u0161imai, kuriuose min\u0117tas \u201eSquidRouter\u201c, buvo techni\u0161kai netiksl\u016bs. Pasak projekto, modulis tik pasirinko integracij\u0105 su \u201eSquid\u201c tarp kit\u0173 protokol\u0173 ir nebuvo derintas su komanda, tod\u0117l atsakomyb\u0117 u\u017e \u0161io konkretaus kontrakto k\u016brim\u0105 ir eksploatavim\u0105 jai nepriskirtina.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Per i\u0161puol\u012f prie\u0161 tre\u010diosios \u0161alies \u201eGnosis Safe\u201c modul\u012f per 2 valandas prarasta apie 2,9 mln. eur\u0173, o \u201eSquid\u201c teigia su kontraktu nesusij\u0119s.<\/p>\n","protected":false},"author":0,"featured_media":29272,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[94],"tags":[14594,115,21643,21642,114,21644,20462],"miestas":[],"class_list":["post-29271","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-finansai","tag-base-tinklas","tag-bitcoin","tag-blockaid","tag-gnosis-safe","tag-kriptovaliutos","tag-peckshield","tag-squid"],"acf":[],"_links":{"self":[{"href":"https:\/\/cp.snarskis.lt\/index.php\/wp-json\/wp\/v2\/posts\/29271","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cp.snarskis.lt\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cp.snarskis.lt\/index.php\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cp.snarskis.lt\/index.php\/wp-json\/wp\/v2\/comments?post=29271"}],"version-history":[{"count":0,"href":"https:\/\/cp.snarskis.lt\/index.php\/wp-json\/wp\/v2\/posts\/29271\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cp.snarskis.lt\/index.php\/wp-json\/wp\/v2\/media\/29272"}],"wp:attachment":[{"href":"https:\/\/cp.snarskis.lt\/index.php\/wp-json\/wp\/v2\/media?parent=29271"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cp.snarskis.lt\/index.php\/wp-json\/wp\/v2\/categories?post=29271"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cp.snarskis.lt\/index.php\/wp-json\/wp\/v2\/tags?post=29271"},{"taxonomy":"miestas","embeddable":true,"href":"https:\/\/cp.snarskis.lt\/index.php\/wp-json\/wp\/v2\/miestas?post=29271"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}