Trending News: Web3 Entrepreneurship New Logic under the New Global Trade OrderRussia’s Ministry of Finance and Central Bank intends to launch national cryptocurrency exchangesEthereum Pectra Upgrade GuideTrump: My $300 million TRUMP has just been unlocked. Don’t run and come and play the rankingsRethinking Bitcoin’s Lightning Network Design through Thunderbolt’s PerspectiveCrypto market may usher in a trend reversal to capture investment opportunities from short-term capital10K Quarterly Report: How to Find Definition in the Uncertainty Crypto IndustryLeaping Ethereum AsylumHow is the “outdated” superstar protocol of Web3 now?Coingecko: Can artificial intelligence agents invest better?Hayes: In-depth analysis of tariff wars and treasury bonds and why BTC will break new highsMeme Coin did not destroy this cycle, but accelerated the maturity of the industryBankless: Vitalik’s virtual machine proposalBankless: What are the decentralized content creation platforms worth paying attention to?Can Ethereum regain its strength?Three key problemsTrump tariffs: a unilateral blackmailWikiLeaks, Google and Bitcoin: What challenges does BTC face in 2011?The dollar credit was cut in the middle, and gold soaredChuan Diudu Can you fire Boss Bao?VIRTUAL’s investment valueOn the “Pattern” of Digital City-StateAfter the tariff war: How global capital rebalancing will affect BitcoinEthereum’s crossroads: a strategic breakthrough in reconstructing the L2 ecosystemEthereum is brewing a deep technological change led by ZK technologyBTC 2025 Q3 Outlook: When will the crypto market top again?Is Base “stealing” Ethereum’s GDP?Vitalik’s new proposal: RISC-V as the virtual machine language for EVM smart contractsCoinbase: What events are affecting the current crypto market?Historic Trend: Bitcoin is Being a Safe-Habiting AssetWhat makes cryptocurrency rug pull events happen frequently?Wintermute Ventures: Why do we invest in Euler?Can Trump fire Powell?What economic risks will it bring?Glassnode: Are we experiencing a bull-bear transition?The Post Web Accelerator’s first batch of 8 selected projectsWhich one is more “just” between Nubit, Babylon and Bitlayer?Golden Encyclopedia | How did the trade war affect stocks and crypto markets?Golden Encyclopedia | Is BTC a safe haven during the trade war?Why Americans Want to Leave the United States: Economic, Political and Global ChangesData: BTC mining is highly centralized, and six major mining pools mine more than 95% of the blocksWhat is the core of the game between China and the United States caused by Trump’s tariff war?How to go to the marketWhy does blockchain die?What challenges does blockchain adoption face?Report: DeFi lending has increased by 959% since 2022 to $19.1 billionBitwise: Bitcoin’s extraordinary resilienceBankless: Can Bitcoin flourish on the chain?Coingecko: How wide is the adoption of encryption AI in 2025?Coingecko: How trust is people in AI agent KOLsHow much impact does Trump’s overturning IRS rules have on the crypto field?What is a bear market attack?How whales use them to make money in crypto tradingDeepSeek accelerates web3 transformation and changes corporate value and risk management modelsThis is the truth Trump is being stabbed by Japanese institutionsInterpretation of SEAL: Sui’s decentralized key management solutionWho made Trump change his mindTrump’s 180-degree turn What happened in the 18 hours of changing the global marketReciprocal tariffs are suspended, crypto markets are surging, and only China is in troubleQuick view of Binance HODLer Phase 14 Airdrop Project Babylon (BABY)US Senator: What status should Bitcoin have in the United States?Coingecko: Which listed companies are major BTC holders?Sei Lianchuang: Expanding EVM requires L1 instead of L2The full text of the latest speech by Trump’s think tank: The essence of the United States’ “reciprocal tariffs”Vitalik’s latest speech: Why speed up L2 confirmation?How to speed upEthereum Pectra Upgrade: Is it a milestone or another gimmick?CZ Fireside Dialogue: HODL Strategy Challenges, Survival Rules under Market VolatilityStablecoin earnings guideMusk openly criticizes the tariff faction and calls for Europe and the United States to establish a free trade zone with zero tariffsEmily Parker: 2025 Web3 trends int and US and AsiaEmily Parker: How to bridge the Web3 assets and traditional capitalGMGN Co-founder Haze’s speechXiao Feng Hong Kong’s latest speech: Why is it said that public chains are a new generation of financial infrastructureSolana Lily’s speechBitcoin will benefit from the ebb of the US dollar reserve system and the global de-dollarization trendFrom traditional replication to innovation Can Backpack seize the future?Saylor’s $200 trillion BTC strategy: U.S. BTC domination and immortalityEthereum’s two major upgrades to Pectra and Fusaka are explained in detail. What will be brought to ETH?Coingecko: How do investors view the potential of crypto AI technology?Galaxy: Research on the current situation of Futarchy governance system and on-chain forecast marketThe latest updates from ETH and Solana: What are the things to pay attention to?Golden Encyclopedia | What is address poisoning attack? How to avoid it?Quick view of Binance HODLer’s latest airdrop project Particle NetworkWill Celestia pose a threat to Ethereum?Ethereum supply tightening: a prelude to a price rebound or a temporary fog?BSC Meme’s popularity remains unabated for a week. Can it really work this time?Galaxy: The Twilight Road to Web3 GamesEthereum declines, PVP prevails, misses the summer of 2020Why invest in AR?How Bitcoin Takes Over Wall StreetThe lively thrill of CZ and MEME BNB Chain is in progressPoW mining does not constitute securities issuance. No registration is required. See what the US SEC said.PumpFun fills up the Swap puzzle, the first encrypted dApp outline appearsTrump: The United States will dominate cryptocurrencies and next-generation financial technologyWhy are North Korean hackers so good at stealing cryptocurrencies?Why can BSC successfully replicate the Solana Ecological Meme miracle?Hacker storm resurfaces: OKX suspends DEX, Binance winsAnalysis of the crypto market in 2025: MEME boom and cold thinking in the Trump eraAnalysis of the crypto market in 2025: MEME boom and cold thinking in the Trump eraEthereum price falls into a “cursed” downward trend and may continue throughout the yearStrategic Reserves and Game of Thrones II: The Encrypted Order in the Trump AgeRAY rose by more than 22% in 24 hours: Raydium LaunchLab In-depth Research ReportPectra upgrade countdown Vitalik explains the “Wallet Security” strategy in detailIt turns out that this is how BSC gets rich by beating dogsThe Middle East is coming, and the Golden Dogs are constantly on the BSC chain
Fri. Apr 25th, 2025
Trending News: Web3 Entrepreneurship New Logic under the New Global Trade OrderRussia’s Ministry of Finance and Central Bank intends to launch national cryptocurrency exchangesEthereum Pectra Upgrade GuideTrump: My $300 million TRUMP has just been unlocked. Don’t run and come and play the rankingsRethinking Bitcoin’s Lightning Network Design through Thunderbolt’s PerspectiveCrypto market may usher in a trend reversal to capture investment opportunities from short-term capital10K Quarterly Report: How to Find Definition in the Uncertainty Crypto IndustryLeaping Ethereum AsylumHow is the “outdated” superstar protocol of Web3 now?Coingecko: Can artificial intelligence agents invest better?Hayes: In-depth analysis of tariff wars and treasury bonds and why BTC will break new highsMeme Coin did not destroy this cycle, but accelerated the maturity of the industryBankless: Vitalik’s virtual machine proposalBankless: What are the decentralized content creation platforms worth paying attention to?Can Ethereum regain its strength?Three key problemsTrump tariffs: a unilateral blackmailWikiLeaks, Google and Bitcoin: What challenges does BTC face in 2011?The dollar credit was cut in the middle, and gold soaredChuan Diudu Can you fire Boss Bao?VIRTUAL’s investment valueOn the “Pattern” of Digital City-StateAfter the tariff war: How global capital rebalancing will affect BitcoinEthereum’s crossroads: a strategic breakthrough in reconstructing the L2 ecosystemEthereum is brewing a deep technological change led by ZK technologyBTC 2025 Q3 Outlook: When will the crypto market top again?Is Base “stealing” Ethereum’s GDP?Vitalik’s new proposal: RISC-V as the virtual machine language for EVM smart contractsCoinbase: What events are affecting the current crypto market?Historic Trend: Bitcoin is Being a Safe-Habiting AssetWhat makes cryptocurrency rug pull events happen frequently?Wintermute Ventures: Why do we invest in Euler?Can Trump fire Powell?What economic risks will it bring?Glassnode: Are we experiencing a bull-bear transition?The Post Web Accelerator’s first batch of 8 selected projectsWhich one is more “just” between Nubit, Babylon and Bitlayer?Golden Encyclopedia | How did the trade war affect stocks and crypto markets?Golden Encyclopedia | Is BTC a safe haven during the trade war?Why Americans Want to Leave the United States: Economic, Political and Global ChangesData: BTC mining is highly centralized, and six major mining pools mine more than 95% of the blocksWhat is the core of the game between China and the United States caused by Trump’s tariff war?How to go to the marketWhy does blockchain die?What challenges does blockchain adoption face?Report: DeFi lending has increased by 959% since 2022 to $19.1 billionBitwise: Bitcoin’s extraordinary resilienceBankless: Can Bitcoin flourish on the chain?Coingecko: How wide is the adoption of encryption AI in 2025?Coingecko: How trust is people in AI agent KOLsHow much impact does Trump’s overturning IRS rules have on the crypto field?What is a bear market attack?How whales use them to make money in crypto tradingDeepSeek accelerates web3 transformation and changes corporate value and risk management modelsThis is the truth Trump is being stabbed by Japanese institutionsInterpretation of SEAL: Sui’s decentralized key management solutionWho made Trump change his mindTrump’s 180-degree turn What happened in the 18 hours of changing the global marketReciprocal tariffs are suspended, crypto markets are surging, and only China is in troubleQuick view of Binance HODLer Phase 14 Airdrop Project Babylon (BABY)US Senator: What status should Bitcoin have in the United States?Coingecko: Which listed companies are major BTC holders?Sei Lianchuang: Expanding EVM requires L1 instead of L2The full text of the latest speech by Trump’s think tank: The essence of the United States’ “reciprocal tariffs”Vitalik’s latest speech: Why speed up L2 confirmation?How to speed upEthereum Pectra Upgrade: Is it a milestone or another gimmick?CZ Fireside Dialogue: HODL Strategy Challenges, Survival Rules under Market VolatilityStablecoin earnings guideMusk openly criticizes the tariff faction and calls for Europe and the United States to establish a free trade zone with zero tariffsEmily Parker: 2025 Web3 trends int and US and AsiaEmily Parker: How to bridge the Web3 assets and traditional capitalGMGN Co-founder Haze’s speechXiao Feng Hong Kong’s latest speech: Why is it said that public chains are a new generation of financial infrastructureSolana Lily’s speechBitcoin will benefit from the ebb of the US dollar reserve system and the global de-dollarization trendFrom traditional replication to innovation Can Backpack seize the future?Saylor’s $200 trillion BTC strategy: U.S. BTC domination and immortalityEthereum’s two major upgrades to Pectra and Fusaka are explained in detail. What will be brought to ETH?Coingecko: How do investors view the potential of crypto AI technology?Galaxy: Research on the current situation of Futarchy governance system and on-chain forecast marketThe latest updates from ETH and Solana: What are the things to pay attention to?Golden Encyclopedia | What is address poisoning attack? How to avoid it?Quick view of Binance HODLer’s latest airdrop project Particle NetworkWill Celestia pose a threat to Ethereum?Ethereum supply tightening: a prelude to a price rebound or a temporary fog?BSC Meme’s popularity remains unabated for a week. Can it really work this time?Galaxy: The Twilight Road to Web3 GamesEthereum declines, PVP prevails, misses the summer of 2020Why invest in AR?How Bitcoin Takes Over Wall StreetThe lively thrill of CZ and MEME BNB Chain is in progressPoW mining does not constitute securities issuance. No registration is required. See what the US SEC said.PumpFun fills up the Swap puzzle, the first encrypted dApp outline appearsTrump: The United States will dominate cryptocurrencies and next-generation financial technologyWhy are North Korean hackers so good at stealing cryptocurrencies?Why can BSC successfully replicate the Solana Ecological Meme miracle?Hacker storm resurfaces: OKX suspends DEX, Binance winsAnalysis of the crypto market in 2025: MEME boom and cold thinking in the Trump eraAnalysis of the crypto market in 2025: MEME boom and cold thinking in the Trump eraEthereum price falls into a “cursed” downward trend and may continue throughout the yearStrategic Reserves and Game of Thrones II: The Encrypted Order in the Trump AgeRAY rose by more than 22% in 24 hours: Raydium LaunchLab In-depth Research ReportPectra upgrade countdown Vitalik explains the “Wallet Security” strategy in detailIt turns out that this is how BSC gets rich by beating dogsThe Middle East is coming, and the Golden Dogs are constantly on the BSC chain
Fri. Apr 25th, 2025

DualPools attack analysis

Source: Shenzhen Zero -time Technology

background

Monitor the chain attack event against DualPools:

https://bscscan.com/tx/0x90F374CA33FBD5AAA0d01f5FCF5Dee4C7AF49A98B47459D8B7AD52EF1E93

DualPools (https://dualPools.com) is based on Venusprotocol (https://venus.io/). It is a DEFI project that provides services such as SWAP, Lend, BORROW and other services.

The operation mode is as shown below:

DualPools is a decentralized lending platform. The user stores the corresponding DTOKEN through DEPOSTI to deposit UnderlyingasSETS (assets). On the contrary, when the UnderlyingAssets are removed through Redeem, the corresponding DTOKEN is destroyed.

Among them, the exchange ratio of UnderlyingAsSETS and DTOKEN is controlled by Exchange. In short, ExchangeTe is the value of DTOKEN.

exchangerate = (TotalCash + Totalborrows -TotalReserves) / TotalSupply

Attack analysis

Simply put, the attack is divided into two parts:

1. Hackers Insufficient liquidity (0) through DualPools’ new trading pool, which greatly raises the price of DLINK, and hollows out the target assets of other trading pools through BORROW (WBNB, BTCB, ETA, Ada, BUSD).

2. Utilize the problem of precision cutting to retrieve all the LINKs invested in the early stage.

Step 1 Detailed analysis

The attacker borrowed through the Dodo Private Pool and Pancakeswapv3 and obtained BNB and BUSD as the initial attack fund, as shown below:

Subsequently, BNB and BUSD were mortred via Venusprotocol and borrowed 11500 link to attack DualPools.

First of all, the attacker obtained the DLINK of 2 minimum units through the re-trading pool Dlink-Link Mint, and then transferred to the Link of the units of 11499999999999999999999999999 to the trading pool.

Since the trading pool is not initialized, there is no liquidity.And the calculation method of exchangerate is as follows:

exchangerate = (TotalCash + Totalborrows -TotalReserves) / TotalSupply

At this time, TotalCash was the balance of Link in the trading pool, 11499999999999999998+2 = 115000000000000000000, Totalborrows and TOTALRESERVES were 0, and TotalSupply was 2 (because the hacker obtained two minimum minimum singles via Mint DLINK).Therefore, at this time the Exchangeate was 57500000000000000000 (575 times the value of Dlink).Because the attacker owns the 2 DLINK, and the value is high enough, the hacker borrowed 50 BNB, 0.17 BTCB, 3.99 Eth, 6378 Ada, 911 BUSD through BORROW.

Step 2 Detailed analysis

The attacker converted the two previous Mint’s two minimum units DLINK to 1149999999999999999898 through the Redeemunderlying.Because the Exchangeterate was manipulated at 57500000000000000000.Therefore, the DLINK required to exchange 11499999999999999999999898 The DLINK required is 11499999999999999988 /5750000000000000000000 = 1.9999999999999, which is 1.9999999. Deceleration causes DLINK only one of the smallest units.

At this point, the attacker took out the LINK of 11499999999999999999999898.Subsequently, the borrowing of Venusprotocol, Pancakeswapv3, Dodo Private Pool will be returned to complete the attack.

Summarize

The attacker uses the reason for the poor liquidity of the new trading pool of DualPools. The Exchange of the bid’s assets causes the DTOKEN price distortion corresponding to the target asset, which can use a small DTOKEN as a mortgage to borrow a large number of other target assets.Subsequently, the interception of the intelligent contract removal method was used to retrieve the assets invested when the previous attack.So far, complete attack on DEFI project DualPools.

    • jakiro

    Related Posts

    Bankless: What are the decentralized content creation platforms worth paying attention to?
    Bankless: What are the decentralized content creation platforms worth paying attention to?

    Author: William M. Peaster, Bankless; compiled by: Tao Zhu, Bitchain Vision I have been writing in the field of crypto since 2017.Since then, I have turned writing into a career…

    Continue reading
    VIRTUAL’s investment value
    VIRTUAL’s investment value

    Source: Daoshuo Blockchain AI agents are a track I am very optimistic about in this round of market.Although the entire track is now silent for various reasons, there are still…

    Continue reading

    Leave a Reply

    Your email address will not be published. Required fields are marked *

    You Missed

    Web 3.0

    Web3 Entrepreneurship New Logic under the New Global Trade Order

    • By jakiro
    • April 24, 2025
    • 15 views
    Web3 Entrepreneurship New Logic under the New Global Trade Order
    Policy

    Russia’s Ministry of Finance and Central Bank intends to launch national cryptocurrency exchanges

    • By jakiro
    • April 24, 2025
    • 10 views
    Russia’s Ministry of Finance and Central Bank intends to launch national cryptocurrency exchanges
    Ethereum

    Ethereum Pectra Upgrade Guide

    • By jakiro
    • April 24, 2025
    • 10 views
    Ethereum Pectra Upgrade Guide
    Meme

    Trump: My $300 million TRUMP has just been unlocked. Don’t run and come and play the rankings

    • By jakiro
    • April 24, 2025
    • 11 views
    Trump: My $300 million TRUMP has just been unlocked. Don’t run and come and play the rankings
    Bitcoin

    Rethinking Bitcoin’s Lightning Network Design through Thunderbolt’s Perspective

    • By jakiro
    • April 24, 2025
    • 12 views
    Rethinking Bitcoin’s Lightning Network Design through Thunderbolt’s Perspective
    Research Report

    Crypto market may usher in a trend reversal to capture investment opportunities from short-term capital

    • By jakiro
    • April 24, 2025
    • 14 views
    Crypto market may usher in a trend reversal to capture investment opportunities from short-term capital
    Home
    News
    School
    Search