0G loses 520K tokens in rewards contract exploit; user funds unaffected

The ZeroGravity (0G) Foundation announced via X that an exploit on Dec. 11 resulted in the theft of 520,010 0G tokens. The attacker leveraged the "emergencyWithdraw" function in a rewards distribution contract. The stolen funds were subsequently bridged and laundered through Tornado Cash. 0G attributed the incident to a leaked private key stored on an AliCloud instance. Total losses amounted to 520,010 0G, 9.93 ETH, and 4,200 USDT. The foundation stressed that its core chain infrastructure and general user funds were not affected. In response, the company has revoked and replaced all keys, enhanced security, rebuilt services, and patched the vulnerability. Future plans include implementing a zero-trust security model by migrating to a Trusted Execution Environment (TEE), strengthening multi-signature permissions, and introducing an automated alert system.