Unagii Whitehat Hack

In June 2023 the Unagii team got notified of a vulnerability in their system. Their WethZap contract (meant to help with (un)wrapping ETH and interact with the Unagii system in a single transaction) had missing ownership checks, allowing anyone to execute privileged functions. The team was notified of this vulnerability after one user lost over $60k to an automated MEV operator.

After being notified, the team withdrew the vulnerable funds to a wallet they controlled to mitigate the damage. They were able to rescue the remaining user funds (around $100k) and no further funds were lost. The Unagii team has since returned the rescued funds and reimbursed any users affected by the vulnerability.

受影响的用户只要没有撤销他们的授权，就仍处于危险之中。因此我们建议您使用Revoke.cash漏洞检查器，以确保资金安全。