0G Foundation lost about $520,000 after attackers stole 520,010 $0G tokens and additional crypto

A cyberattack on the 0G Foundation has resulted in the theft of over half a million dollars’ worth of cryptocurrency, according to the company.

The foundation, which is building what it describes as the world’s first decentralized and open AI operating system, reported that an attacker stole 520,010 $0G tokens that were later bridged out and routed through Tornado Cash. Additional losses included 9.93 ether and roughly $4,200 in USDT, bringing the total confirmed loss to around $520,000 at the time of the theft.

Exploit traced to leaked private key

According to the foundation, the attacker exploited an emergency withdrawal function in the affected reward contract after gaining access to a private key that had been inadvertently stored on a compromised cloud server.

The key was linked to an Alibaba Cloud instance responsible for managing NFT status and reward updates.

“The attacker accessed a leaked private key from an AliCloud instance,” the foundation said, adding that storing plaintext private keys locally was a critical operational failure, saying, “this is a practice we now know must never happen again.”

Further investigation revealed that the breach was not limited to a single server. The foundation said multiple AliCloud instances were compromised after attackers exploited a critical vulnerability in the popular Next.js web framework, tracked as CVE-2025-66478, on December 5. Using internal IP addresses, the attacker was able to move laterally across systems, affecting a wide range of services.

These included the alignment service, a validator node, the Gravity NFT service, node sale infrastructure, and several ecosystem products such as Compute, Aiverse, Perpdex, and Ascend.

However, the foundation has maintained that no additional losses tied directly to user-held assets have been identified.

CertiK, a blockchain security firm, flagged the suspicious withdrawals from a 0G-related reward contract earlier, estimating losses in line with figures that were later confirmed by the foundation.

What’s next for 0G Foundation?

0G foundation claims that it has implemented immediate security measures. The organization has also patched the Next.js vulnerability and rebuilt affected services.

As part of what 0G said it is doing to prevent a repeat incident, the foundation claims it will migrate all key-bearing services to Trusted Execution Environments (TEEs), implement multi-signature wallet requirements for critical fund management, and adopt zero-trust security principles across its infrastructure.

The hack incident that 0G Foundation reported comes after it raised over $290 million in November 2024, including a $40 million seed funding round led by Hack VC with participation from Delphi Ventures, OKX Ventures, Samsung Next, Animoca Brands, among other investors. That raise made it $325 million in committed funding for the platform.

0G conceded that the breach is “a painful but necessary wake-up call.” It also promised to release a full post-mortem report, which its community can look forward to knowing more about how the foundation lost $520,000 to bad actors.

Want your project in front of crypto’s top minds? Feature it in our next industry report, where data meets impact.