Beosin: The Aave fork project on the Pulse Chain suffered a governance attack and lost about $930,000

According to the Beosin EagleEye security risk monitoring, early warning and blocking platform monitoring of the blockchain security audit company Beosin, the Aave fork project on the Pulse chain suffered governance attacks and lost about 930,000 US dollars. The hacker first purchased a large number of Aave tokens to obtain the governance authority of the Aave fork project, and then created multiple contracts. The hacker seemed to want to use the governance authority to modify the implementation address of the proxy contract, and to use the user’s uncancelled authorization of the contract. Transfer the user's funds away, such as WBTC, YFI, BAL, AAVE, UNI and other tokens. Finally, the hacker converted the above stolen funds into ETH through the cross-chain bridge protocol, and sent it to the address starting with 0xA30 in Ethereum. The attacker made a profit of 483 ETH, about $930,000.