GMX में $40M का धोखा

$40M का धोखा संयोग नहीं था

GMX के लेन-लॉग्स में मैंने एक असामान्यता पाई: EOA होने कीजगह पर smart contract को executeDecreaseOrder में पारित किया।यह encryption crack ही नहीं,बल्कि system ne fake identity पर vishwas kiya।

AUM:अदृश्य समझदार

AUM—Asset Under Management—डायनमिक होने केलिए نहीं bana gaya tha,लेकिन attackers ne unstakeAndRedeemGlp ko inflated GLP supply values ke saath call kiya, redeem_amount = (user_GLP / total_GLP_supply) * AUM ka formula dhoka diya।AUM me unrealized losses positive value ke roop mein shamil the, unempty position ek self-fulfilling debt machine ban gaya।

Reentrancy Ek Bug Nahi—Ek Feature Misused Hai

enableLeverage function ne liquid staking ko weaponized speculation bana diya।jab attacker ne WBTC short redemption se pehle khola bandha kar liya, system ke guardrails nahi the kyunki sab calls trusted addresses se aaye—the they weren’t.

Zero-Knowledge Proofs Hum Fail Huye

Humne is stack trust par banaya, verification nahi. kisi ne audit kiya ki caller identity EOA hai ya contract-based—jab bahut der ho chuka tha।यह hacking ke baare me nahi hai; yeh lazy engineering hai jo innovation ke roop mein dikhaya jata hai。

Final Thought: Trust Ek Protocol Nahi Hai

Main gusse nahi hoon—I’m disappointed. Humne yield ke liye security audits optimize kiye kyunki hum elegance ko safety se confuse kar liye।Next time? Har call root level par verify karo—ya phir $40M se zyada kho jao.