0G Foundation pierde medio millón: atacantes se llevan 520,010 tokens $0G y cripto adicional

La seguridad blockchain vuelve a fallar—y los inversores pagan el precio.

Un ataque coordinado drena fondos del ecosistema 0G, exponiendo vulnerabilidades en protocolos que prometían ser a prueba de balas. Los hackers no solo extrajeron más de medio millón de dólares en tokens nativos, sino que también limpiaron activos digitales adicionales de los fondos de la fundación.

El modus operandi

Los atacantes explotaron una brecha—los detalles técnicos aún se investigan—para desviar los activos. La transacción se ejecutó con una precisión que sugiere conocimiento interno o una auditoría de seguridad lamentablemente deficiente. Los tokens $0G, el activo central del proyecto, fueron el principal botín.

Las consecuencias inmediatas

El precio del token se desploma tras el anuncio. La confianza de la comunidad, ya frágil en un mercado bajista, se resquebraja. La fundación promete una investigación completa y reembolsos—el clásico guion de daños controlados que los inversores han visto demasiadas veces.

Un recordatorio costoso

Este incidente subraya una verdad incómoda: en la carrera por lanzar productos y captar capital, la seguridad sigue siendo la asignatura pendiente. Medio millón de dólares desaparecen, los documentos técnicos se actualizan y la FSA (Fe, Esperanza y Autopromoción) sigue siendo el activo más líquido en cripto.

Mientras los equipos juran que 'nunca más', los hackers ya buscan la siguiente puerta trasera sin cerrar.

Exploit traced to leaked private key

According to the foundation, the attacker exploited an emergency withdrawal function in the affected reward contract after gaining access to a private key that had been inadvertently stored on a compromised cloud server.

The key was linked to an Alibaba Cloud instance responsible for managing NFT status and reward updates.

“The attacker accessed a leaked private key from an AliCloud instance,” the foundation said, adding that storing plaintext private keys locally was a critical operational failure, saying, “this is a practice we now know must never happen again.”

Further investigation revealed that the breach was not limited to a single server. The foundation said multiple AliCloud instances were compromised after attackers exploited a critical vulnerability in the popular Next.js web framework, tracked as CVE-2025-66478, on December 5. Using internal IP addresses, the attacker was able to move laterally across systems, affecting a wide range of services.

These included the alignment service, a validator node, the Gravity NFT service, node sale infrastructure, and several ecosystem products such as Compute, Aiverse, Perpdex, and Ascend.

However, the foundation has maintained that no additional losses tied directly to user-held assets have been identified.

CertiK, a blockchain security firm, flagged the suspicious withdrawals from a 0G-related reward contract earlier, estimating losses in line with figures that were later confirmed by the foundation.

What’s next for 0G Foundation?

0G foundation claims that it has implemented immediate security measures. The organization has also patched the Next.js vulnerability and rebuilt affected services.

As part of what 0G said it is doing to prevent a repeat incident, the foundation claims it will migrate all key-bearing services to Trusted Execution Environments (TEEs), implement multi-signature wallet requirements for critical fund management, and adopt zero-trust security principles across its infrastructure.

The hack incident that 0G Foundation reported comes after it raised over $290 million in November 2024, including a $40 million seed funding round led by Hack VC with participation from Delphi Ventures, okx Ventures, Samsung Next, Animoca Brands, among other investors. That raise made it $325 million in committed funding for the platform.

0G conceded that the breach is “a painful but necessary wake-up call.” It also promised to release a full post-mortem report, which its community can look forward to knowing more about how the foundation lost $520,000 to bad actors.

Sharpen your strategy with mentorship + daily ideas - 30 days free access to our trading program