Security agency: Aurelion Labs contract suffered a reentrancy initialization attack, resulting in the loss of approximately 455,000 USDC.

Blockchain security firm SlowMist tweeted that an Aurelion Labs Diamond contract was compromised because the `initialize(address)` function in the SafeOwnable Facet was not protected. An attacker re-entered the initialization, altered the contract owner, and executed `diamondCut` to inject a malicious Facet containing `pullERC20`, thereby transferring authorized USDC assets. SlowMist stated that affected contracts include addresses such as 0x0adc63e7… (the victim contract), 0x2e933518…, 0xa90714a1…, and 0xeced2d37…, while the attacker's address was 0x9f49591a3b…, resulting in a loss of approximately 455,003 USDC.