A cyberattack on the 0G Foundation has resulted in the theft of over half a million dollars’ worth of cryptocurrency, according to the company.
The foundation, which is building what it describes as the world’s first decentralized and open AI operating system, reported that an attacker stole 520,010 $0G tokens that were later bridged out and routed through Tornado Cash. Additional losses included 9.93 ether and roughly $4,200 in USDT, bringing the total confirmed loss to around $520,000 at the time of the theft.
Exploit traced to leaked private key
According to the foundation, the attacker exploited an emergency withdrawal function in the affected reward contract after gaining access to a private key that had been inadvertently stored on a compromised cloud server.
The key was linked to an Alibaba Cloud instance responsible for managing NFT status and reward updates.
“The attacker accessed a leaked private key from an AliCloud instance,” the foundation said, adding that storing plaintext private keys locally was a critical operational failure, saying, “this is a practice we now know must never happen again.”
Further investigation revealed that the breach was not limited to a single server. The foundation said multiple AliCloud instances were compromised after attackers exploited a critical vulnerability in the popular Next.js web framework, tracked as CVE-2025-66478, on December 5. Using internal IP addresses, the attacker was able to move laterally across systems, affecting a wide range of services.
These included the alignment service, a validator node, the Gravity NFT service, node sale infrastructure, and several ecosystem products such as Compute, Aiverse, Perpdex, and Ascend.
However, the foundation has maintained that no additional losses tied directly to user-held assets have been identified.
CertiK, a blockchain security firm, flagged the suspicious withdrawals from a 0G-related reward contract earlier, estimating losses in line with figures that were later confirmed by the foundation.
What’s next for 0G Foundation?
0G foundation claims that it has implemented immediate security measures. The organization has also patched the Next.js vulnerability and rebuilt affected services.
As part of what 0G said it is doing to prevent a repeat incident, the foundation claims it will migrate all key-bearing services to Trusted Execution Environments (TEEs), implement multi-signature wallet requirements for critical fund management, and adopt zero-trust security principles across its infrastructure.
The hack incident that 0G Foundation reported comes after it raised over $290 million in November 2024, including a $40 million seed funding round led by Hack VC with participation from Delphi Ventures, OKX Ventures, Samsung Next, Animoca Brands, among other investors. That raise made it $325 million in committed funding for the platform.
0G conceded that the breach is “a painful but necessary wake-up call.” It also promised to release a full post-mortem report, which its community can look forward to knowing more about how the foundation lost $520,000 to bad actors.
Claim your free seat in an exclusive crypto trading community – limited to 1,000 members.
Earn more PRC tokens by sharing this post. Copy and paste the URL below and share to friends, when they click and visit Parrot Coin website you earn: https://parrotcoin.net0
PRC Comment Policy
Your comments MUST BE constructive with vivid and clear suggestion relating to the post.
Your comments MUST NOT be less than 5 words.
Do NOT in any way copy/duplicate or transmit another members comment and paste to earn. Members who indulge themselves copying and duplicating comments, their earnings would be wiped out totally as a warning and Account deactivated if the user continue the act.
Parrot Coin does not pay for exclamatory comments Such as hahaha, nice one, wow, congrats, lmao, lol, etc are strictly forbidden and disallowed. Kindly adhere to this rule.
Constructive REPLY to comments is allowed