More
- Topic1/3
14k Popularity
3k Popularity
15k Popularity
23k Popularity
15k Popularity
- Pin
- 🎊 ETH Deposit & Trading Carnival Kicks Off!
Join the Trading Volume & Net Deposit Leaderboards to win from a 20 ETH prize pool
🚀 Climb the ranks and claim your ETH reward: https://www.gate.com/campaigns/site/200
💥 Tiered Prize Pool – Higher total volume unlocks bigger rewards
Learn more: https://www.gate.com/announcements/article/46166
- 📢 ETH Heading for $4800? Have Your Say! Show Off on Gate Square & Win 0.1 ETH!
The next bull market prophet could be you! Want your insights to hit the Square trending list and earn ETH rewards? Now’s your chance!
💰 0.1 ETH to be shared between 5 top Square posts + 5 top X (Twitter) posts by views!
🎮 How to Join – Zero Barriers, ETH Up for Grabs!
1.Join the Hot Topic Debate!
Post in Gate Square or under ETH chart with #ETH Hits 4800# and #ETH# . Share your thoughts on:
Can ETH break $4800?
Why are you bullish on ETH?
What's your ETH holding strategy?
Will ETH lead the next bull run?
Or any o
- 🧠 #GateGiveaway# - Crypto Math Challenge!
💰 $10 Futures Voucher * 4 winners
To join:
1️⃣ Follow Gate_Square
2️⃣ Like this post
3️⃣ Drop your answer in the comments
📅 Ends at 4:00 AM July 22 (UTC)
- 🎉 [Gate 30 Million Milestone] Share Your Gate Moment & Win Exclusive Gifts!
Gate has surpassed 30M users worldwide — not just a number, but a journey we've built together.
Remember the thrill of opening your first account, or the Gate merch that’s been part of your daily life?
📸 Join the #MyGateMoment# campaign!
Share your story on Gate Square, and embrace the next 30 million together!
✅ How to Participate:
1️⃣ Post a photo or video with Gate elements
2️⃣ Add #MyGateMoment# and share your story, wishes, or thoughts
3️⃣ Share your post on Twitter (X) — top 10 views will get extra rewards!
👉
Connext has another moth? Learn about Connext airdrop impersonation incident in one article
Original | Odaily Planet Daily
Author | Qin Xiaofeng
After waiting for two weeks, the Layer 2 interoperability protocol Connext finally opened airdrop applications tonight (website: But it caused an own incident.
Just half an hour after the application opened, the crypto KOL "Zhuzhu Bang" posted a message saying that the Connext airdrop contract is suspected of having a loophole. "Scientists" can use the loophole to steal unlimited NEXT airdrops from other users, and attached the address starting with 0x44Af (click to jump) ) Frequent claim records.
The news was widely spread in the community, and then some users analyzed the information on the chain and found that the address starting with 0x44Af was officially created today, and received more than 230 times after the airdrop was opened, and all the tokens obtained were sold and exchanged for ETH, USDT and USDC, with a profit of approximately US$39,000.
At this time, the Connext airdrop contract also malfunctioned, and some users reported that they could not successfully claim the airdrop. Rumors began to circulate in the community that the official airdrop claim was closed due to a loophole.
**However, the truth of the matter is that the Connext airdrop contract has no loopholes. **
Encryption KOL "Zhuzhu Bang" stated that the Connext airdrop contract is safe, and his initial analysis misled readers. He said that although the Connext airdrop contract stipulates that the airdrop sender and receiver can be different addresses, the original address needs to be signed and authorized to call.
"The first claim method is claimBySignature, and the last parameter is to pass the signature information, and this "signature" is returned by the user himself using the smart contract or other methods. So we can understand it as: _signature is a credential, _recipient user With this certificate, you can get the token of the _beneficiary address." He added that the address starting with 0x44Af should be the studio for token collection, not the contract itself has a loophole.
The SlowMist security team told Odaily Planet Daily that there is no obvious loophole in the Connext airdrop contract, which led to others claiming the airdrop.
Users can claim NEXT tokens through the claimBySignature function of the NEXT Distributor contract. There are recipient and beneficiary roles: **recipient role is used to receive the NEXT tokens of the claim, and the beneficiary role is the address that is eligible to receive NEXT tokens. It is in The price of the short investment was determined when the Connext protocol announced it. When the user makes a NEXT token claim, the contract will perform two checks: one is to check the signature of the beneficiary role, and the other is to check whether the beneficiary role is eligible to receive the airdrop. **
During the first check, it will check whether the recipient passed in by the user is signed by the beneficiary role, so the random incoming recipient address cannot pass the check if it is not signed by the beneficiary. If you specify a beneficiary address to construct a signature, even if it can pass the signature check, it cannot pass the second check on the eligibility for airdrops. The airdrop eligibility check is carried out through the Merkel certificate, and the certificate should be officially generated by the Connext protocol. Therefore, users who are not eligible to receive airdrops cannot bypass the check to receive other people's airdrops.
**To summarize the above analysis, if user A's address is eligible to apply, he can authorize user B to apply for it. The reason why the address starting with 0x44Af this time can claim so many tokens is because this entity controls it. Multiple qualified addresses authorize it, and hackers do not use loopholes to attack. **
However, what is interesting is that before the airdrop was opened, Connext conducted a "siege" against witch addresses, invited the community to help the team screen witch addresses, and was willing to give 25% of recovered NEXT as a reward to whistleblowers. According to official data, 5,725 Witch addresses were eventually identified and removed from the eligibility list, and 5,932,065 tokens were recovered.
However, judging from tonight's performance, the anti-witch operation seems to have left a huge number of fish that slipped through the net, and even added many obstacles to the entire airdrop.
Connext core contributor Arjun Bhuptani wrote that the address starting with 0x44Af is a witch bot, which sent a large number of garbage requests to the Tokensoft background, causing its API to crash, which may also be the reason why the airdrop application interface cannot be used. (Odaily note: Preventing other people from applying may be to get a better sale price.)
The good news is that officials have taken note of the issue and airdrops will be reopened. Connext issued a statement saying: "We are aware of an issue affecting the airdrop website, resulting in users being unable to claim. We have detected bot activity that is causing our partner and service provider server Tokensoft to be overloaded. They are actively working to resolve this issue to enable normal operations. Claim. Everything should be back to normal soon."