According to the Beosin EagleEye security warning and monitoring platform, the UVT project was attacked by hackers, involving an amount of 1.5 million US dollars.
The attack transaction is 0x54121ed538f27ffee2dbb232f9d9be33e39fdaf34adf993e5e019c00f6afd499 After analysis by the Beosin security team, it was found that the attacker first used the 0xc81daf6e method with Controller permission of another contract deployed by the developer.
This method will call the 0x7e39d2f8 method of the attacked contract. Because the contract has Controller permission, all UVT tokens of the attacked contract are directly transferred through verification. The Beosin security team traces through Beosin Trace and finds that the stolen funds have all been transferred. Tornado Cash.