According to Foresight News , the 0G Foundation stated on the X platform that a targeted attack disrupted its rewards contract on December 11.
Attackers exploited the emergency withdrawal feature of the 0G rewards contract used to distribute affiliate rewards, stealing 520,010 0G tokens, which were subsequently bridged and distributed via Tornado Cash.
The attackers obtained the leaked private key from an Alibaba Cloud instance that was responsible for managing NFT status and reward updates and storing the private key locally.
On December 5th, a critical vulnerability (CVE-2025-66478) in Next.js was exploited, resulting in the compromise of multiple Alibaba Cloud instances. Attackers moved laterally via internal IP addresses, affecting services including Calibration, Validator Nodes, Gravity NFT Service, Node Sales Service, Compute, Aiverse, Perpdex, and Ascend.
Confirmed total losses: 520,010 0G, 9.93 ETH, and 4,200 USDT. Apart from the reward distribution contract, the core chain infrastructure and user funds were unaffected.
