The 0G Foundation disclosed that its reward contract was attacked on December 11, resulting in the theft of approximately 520,000 0G tokens.

PANews reported on December 13th that the 0G Foundation stated on the X platform that a targeted attack on December 11th resulted in the compromise of the rewards contract. Attackers exploited the emergency withdrawal function of the 0G rewards contract used to distribute affiliate rewards, stealing 520,010 0G tokens, 9.93 ETH, and USDT worth $4,200. These tokens were subsequently bridged and distributed via Tornado Cash. Due to a critical vulnerability in Next.js (CVE-2025-66478) exploited on December 5th, attackers moved laterally via internal IP addresses, affecting calibration services, validator nodes, Gravity NFT services, node sales services, computation, Aiverse, Perpdex, Ascend, etc., but the core chain infrastructure and user funds were unaffected.