# Vulnerability Report: 0G Foundation Reward Contract Emergency Withdrawal Exploit --- ## 1. Executive Summary **Vulnerability Name:** 0G Foundation Private Key Compromise and Emergency Withdrawal Hijack **Severity:** **Critical** (Estimated CVSS 9.8 – Remote Code Execution with Severe Financial Impact) **Vulnerable Product:** 0G Foundation Reward Distribution Contract and Supporting Infrastructure **Immediate Impact:** Unauthorized drainage of reward contract funds via misuse of the emergency withdrawal function, resulting in the theft of **520,010 $0G tokens, 9.93 ETH, and 4,200 USDT** (approx. **$520,000**). Stolen assets were bridged across chains and laundered via Tornado Cash. Core blockchain infrastructure and general user funds were not impacted. Between **December 11–12, 2025**, attackers compromised multiple Alibaba Cloud instances operated by the 0G Foundation. The initial breach leveraged a critical **Next.js remote code execution vulnerability**, enabling the theft of a **locally stored private key**. This key was used to invoke the reward contract’s **emergency withdrawal function**, draining alliance reward funds. The incident was rapidly contained, with remediation steps including key rotation, service rebuilds, infrastructure hardening, and a roadmap toward Trusted Execution Environments (TEEs). --- ## 2. Basic Identification & Classification - **CVE ID:** Not Assigned - *Related:* **CVE-2025-66478** (Next.js RCE – insecure deserialization in React Server Components) - **Vulnerability Title:** 0G Foundation Reward Contract Emergency Withdrawal Exploit via Compromised Private Key - **Vulnerability Types (CWE):** - **CWE-798:** Use of Hard-coded Credentials (plaintext private key stored locally) - **CWE-502:** Deserialization of Untrusted Data (Next.js RCE enabling initial access) - **Affected Products & Services:** - 0G Foundation reward distribution smart contract (Ethereum-compatible, 2025 deployment) - Alibaba Cloud instances running **Next.js 15.x–16.x** (affected by CVE-2025-66478) - Supporting services: - Alignment service - Validator nodes - Gravity NFT service - Node sales service - Compute services - Aiverse - Perpdex - Ascend --- ## 3. Technical Description The 0G Foundation operates a decentralized AI operating system built on a **hybrid Web2/Web3 architecture**, combining on-chain smart contracts with off-chain cloud-hosted services. Reward distribution to alliance participants is handled via a smart contract that includes an **emergency withdrawal function**, intended for crisis recovery and controlled by an administrative private key. ### Attack Timeline & Mechanics - **December 5, 2025 – Initial Breach:** The attacker exploited **CVE-2025-66478**, a critical RCE vulnerability in Next.js caused by insecure deserialization in the React Server Components (RSC) protocol. This allowed unauthenticated remote access to an Alibaba Cloud instance responsible for NFT state and reward updates. - **Private Key Compromise:** Within the compromised environment, the attacker discovered a **plaintext private key stored locally** on the server—an operational security failure. This key provided administrative privileges over the reward contract. - **Lateral Movement:** Due to insufficient network segmentation, the attacker moved laterally across internal IPs, compromising additional services, including validator-related infrastructure and auxiliary platforms such as Gravity NFT and Aiverse. - **On-Chain Exploitation (December 11, 2025):** Using the stolen private key, the attacker invoked the **emergency withdrawal function** on the reward contract, draining: - **520,010 $0G** - **9.93 ETH** - **4,200 USDT** - **Post-Exploitation Laundering:** Funds were bridged to other chains (including Ethereum and BNB Chain) and laundered using **Tornado Cash** to obfuscate attribution. ### Key Contributing Factors - Exploitable Next.js RCE (CVE-2025-66478) - Plaintext, locally stored private keys - Single-key authorization for emergency withdrawals - Lack of network segmentation and zero-trust controls This incident exemplifies a broader pattern observed in **~40% of DeFi exploits in 2025**, where cloud misconfigurations and off-chain key management failures directly enable on-chain fund theft. --- ## 4. Risk Assessment - **Overall Severity:** Critical - **Estimated CVSS Base Score:** **9.8** - **Estimated CVSS Vector:** `CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H` ### Impact Analysis - **Direct Fund Theft:** Yes – reward pool fully drainable via emergency function - **Infrastructure Compromise:** Partial – multiple services breached, but core chain and user vaults unaffected - **Reputational Impact:** Medium – transparent disclosure limited long-term damage; token price dipped ~30% before partial recovery - **Exploit Status:** Confirmed exploited in the wild (on-chain transactions verified; attacker addresses traced) --- ## 5. Remediation and Mitigation ### Primary Remediation (Long-Term) - Migrate all key-bearing services to **Trusted Execution Environments (TEEs)** for hardware-backed key isolation - Enforce **multi-signature wallets** for all emergency and fund-management functions - Apply **zero-trust architecture** principles with strict least-privilege access controls - Introduce automated alerts for: - Contract balance changes - Emergency function invocations - Conduct comprehensive audits of: - Reward contracts - Off-chain infrastructure - Integrate real-time alerting to **Telegram and Slack** for incident response ### Immediate / Temporary Mitigations - **Key Revocation & Rotation:** Revoke all compromised keys; eliminate plaintext key storage across environments - **Service Isolation & Rebuild:** Shut down affected Alibaba Cloud instances; rebuild with patched dependencies - **Patch Management:** Upgrade and secure Next.js installations to remediate CVE-2025-66478 - **Network Hardening:** Deploy Alibaba Cloud Firewall and Security Suite to restrict unauthorized access - **Fund Tracing & Blacklisting:** Monitor attacker wallets and coordinate with exchanges and analytics providers - Known attacker address: `0x617E8e3C07bEF319F26C1682270A19e89Ea2bf75` - **Pause Controls:** Activate contract pause mechanisms where available to prevent further withdrawals --- ## 6. References - 0G Foundation – Official Post-Mortem (X, December 13, 2025) - ChainCatcher – *0G Foundation Contract Attacked* (December 13, 2025) - MEXC News – *0G Foundation Lost About $520,000* (December 14, 2025) - CryptoRank – *How 0G Tokens Were Stolen in a $520K Exploit* (December 13, 2025) - Next.js Security Advisory – **CVE-2025-66478** (December 3, 2025) - Palo Alto Networks Unit 42 – Exploitation Analysis of CVE-2025-66478 (December 12, 2025) - RootData – *0G Foundation: Contract Attacked* (December 13, 2025) ---