Recently, the crypto assets market witnessed another complex cross-chain attack incident. A newly created Ethereum address received ETH from Tornado Cash in just 13 hours, and then exchanged it for BNB through the Symbiosis protocol.

The key to this operation lies in the fact that the attacker discovered a minting vulnerability in a certain token. They minted 5 billion coins at 07:04 and started to sell off just 22 minutes later. The continuous selling for 55 minutes brought the attacker an improper benefit of approximately $3.01 million.

What is more concerning is that the attackers acted quickly to disperse the profits across multiple blockchain networks through the deBridge protocol, attempting to obscure the transaction trail. There are signs that some of the funds have already flowed into mixing services such as Tornado Cash, which may complicate the recovery of the funds.

It is worth noting that this attack pattern is quite similar to the previous Yala incident, both involving unauthorized initialization and malicious exploitation of LayerZero Peer. Experts analyze that this is likely not a self-directed performance by the project team, but rather a real security vulnerability being maliciously exploited.

This event again highlights the importance of cross-chain protocols and smart contract security. With the continuous development of the DeFi ecosystem, similar attacks may become more complex and frequent. Therefore, project teams need to design and audit their smart contracts more carefully, while users should remain vigilant and cautiously participate in emerging DeFi projects.