2026-01-07 19:22:22

IPOR Labs disclosed a $336,000 security incident affecting its USDC Fusion vault on Arbitrum. The breach exploited insufficient validation in the fuse mechanism combined with EIP-7702 delegation features, allowing attackers to compromise fund security. Stolen assets were subsequently bridged to Ethereum and processed through privacy protocols, complicating recovery efforts. The development team responded swiftly by initiating a full treasury-backed refund for affected depositors. Importantly, security audits confirm that other vault systems within the protocol remain uncompromised and secure. This incident highlights the critical importance of comprehensive input validation and delegation safeguards in DeFi smart contract architecture—a lesson resonating across the broader ecosystem as protocols scale cross-chain operations.

USDC-0,05%

ETH7,16%

This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.

15 Likes

Reward
15
8
Repost
Share

Comment

0/400

HashBard

· 01-09 21:37

ngl, the EIP-7702 delegation thing hitting them like that... feels like watching the same movie on repeat. validation gaps + privacy bridges = rip recovery. at least they didn't pull a full collapse & actually refunded people. that's the plot twist nobody expects anymore tbh

Reply0

HackerWhoCares

· 01-08 02:49

Another validation pitfall, this time it's EIP-7702... The vault was exploited for 336,000, just like that? Quick refunds are quite professional though.

View OriginalReply0

BearMarketMonk

· 01-07 19:52

$330,000, sounds like a lot, but this is the daily life of DeFi—learning lessons every time, only to fall into the same trap next time. The new feature EIP-7702 has directly become a tool for scams, which is quite ironic. Fortunately, they fixed it, but think about how many projects simply can't afford to lose. Surviving this cycle is already a win. Basic mechanisms like verification should really be re-educated from scratch across the entire ecosystem. History is always repeating itself. Honestly, I laughed when I saw the phrase "other vault systems are secure"... until the next vulnerability is discovered. The cost of cross-chain expansion—every time, it’s about risking real money to test and learn. That’s probably the cost of innovation. Wait, did they really compensate in full? That’s incredible wealth... Only in such moments can you see who is truly serious about their work. Once again proving that clever hackers are always one step ahead of clever developers—that’s market efficiency.

View OriginalReply0

NFTFreezer

· 01-07 19:51

Another vault has been exploited. EIP-7702 seems to carry quite a bit of risk right now.

View OriginalReply0

DegenWhisperer

· 01-07 19:48

It's another case of insufficient verification messing things up... Did I learn this time?

View OriginalReply0

MetaverseMortgage

· 01-07 19:44

Another validation issue, you really need to be careful with EIP-7702.

View OriginalReply0

ContractTester

· 01-07 19:42

It's EIP-7702 again causing trouble; validation really needs to be taken seriously. --- $336,000 just gone like that; no one can find anyone after setting up the privacy protocol. --- But scoring IPOR at least shows no passing the buck, full compensation directly—this attitude is commendable. --- Cross-chain operations are truly a Pandora's box; every time, new tricks come out. --- Other vaults are fine, but this is the key—otherwise, the entire ecosystem might be sacrificed. --- EIP-7702 + delegation combo; DeFi architects should reflect on this. --- Privacy protocol money laundering all-in-one; forget about recovery...

View OriginalReply0

CoconutWaterBoy

· 01-07 19:30

Another EIP-7702 pitfall. Why not just ban this thing?

View OriginalReply0