Asterix Token Contract Attacked for 30 ETH via Exploited Approval Vulnerability

The Asterix token contract was attacked on June 8, with an attacker stealing around 30 ETH through 242 transactions. The vulnerability exploited outdated token approvals and repeatedly selling tokens in the Uniswap v4 liquidity pool to obtain ETH. The smart contract is immutable and cannot be patched.

The team behind Asterix suspects that the attacker used a jailbroken AI tool for fuzz testing to discover unconventional logic paths. This attack is similar to ones on Flooring Protocol and BMP, which also involved high-value NFT ID position overflow and reuse operations.

According to ChainCatcher's MistTrack founder余弦 (Yu Xuan), the attacker appears to be searching for common vulnerabilities. The team recommends users stop interacting with the current pool and token and are planning to migrate and deploy a secure token.