Igor Igamberdiev
@FrankResearcher
Followers
53,116
Following
32
Media
579
Statuses
1,060
Head of Research at @wintermute_t , Research Collaborator at @paradigm , ex @TheBlock__ 𝝪(𝞂ₜ, 𝝩) → 𝞂ₜ₊₁ Views are my own
Joined March 2019
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
Carabineros
• 245827 Tweets
Beşiktaş
• 127561 Tweets
Leverkusen
• 106904 Tweets
#النصر_الخليج
• 59937 Tweets
Burnley
• 54681 Tweets
O Vasco
• 35299 Tweets
Xabi Alonso
• 30794 Tweets
Feds
• 30140 Tweets
Aston Villa
• 27327 Tweets
Cavs
• 24045 Tweets
FaZe
• 22604 Tweets
رونالدو
• 22484 Tweets
Criciúma
• 22188 Tweets
Ramon
• 21708 Tweets
Nico Williams
• 19588 Tweets
Mudryk
• 17928 Tweets
#amici23
• 17439 Tweets
#MMA24
• 17262 Tweets
Rogers
• 15573 Tweets
Jordan Travis
• 12347 Tweets
Danilo
• 10190 Tweets
LOOOOL,
@VitalikButerin
removed liquidity from the SHIB pool
2/8
49.5% of the token supply was added to Uniswap after token creation.
LP tokens from this pool were sent to
@VitalikButerin
along with the remaining SHIB.
Therefore, Vitalik, instead of selling, can simply withdraw 93% of the pool liquidity without any price impact ($118M).
18
17
167
178
576
2K
Imagine stealing 600 million 6 days ago and depositing money on
@FTX_Official
The Ronin bridge has been exploited for 173,600 Ethereum and 25.5M USDC.
The Ronin bridge and Katana Dex have been halted.
649
1K
4K
145
363
2K
How many people want to learn how to do on-chain analysis like a pro?
201
33
2K
IronBank ($CREAM) was exploited on $37.5M, let’s take a quick look at what happened.👇
1/ Attacker used Alpha Homora for borrowing sUSD from IronBank.
Each time they borrow twice as much as in the previous one.
65
428
1K
1/5
The new popular
@beanstalkfarms
protocol lost $181M+ in today’s exploit, but the attacker only gained $76M.
Let’s figure out what happened👇
89
341
1K
Before the hack, the BNB bridge exploiter registered as a relayer for this bridge
64
281
1K
Ok, new DeFi exploit.
Victim:
-
@iearnfinance
Attacker profit:
- 513k DAI
- 1.7M USDT
- remaining 506k 3CRV (~$1)
To obtain such a profit, the attacker executed 11 transactions.
Below is a very superficial explanation of what was happening in these transactions👇
50
314
1K
1/8
Everyone has been waiting for this for a long time, and now
@paraswap
practically launched his token (PSP), which includes a retroactive airdrop and, apparently, some staking for Paraswap pools
Let’s see what we can learn from these unverified contracts👇
64
282
1K
1/5
Let’s look at how
@jump_
tried to defend the UST peg a week ago.
They used at least three addresses on Ethereum and spent $682.5M+ in various stablecoins.
Basically, they were adding one-side liquidity in USDC since the Curve DAI/USDC/USDT pool was already imbalanced.
126
281
1K
1/6
Some personal news.
Today is my last day at
@TheBlock__
and I’m joining
@wintermute_t
as Head of Research and
@paradigm
as Research Collaborator
69
45
996
Not impressed
Another guy put 37.65 ETH and now it's worth $2.05 billion
276 days ago someone put 10 ETH into SHIB and now it's worth $460 million.
How's your life going?
125
280
3K
46
151
909
1/9
Today we have witnessed the manipulation of XVS price — the governance token of Venus Protocol on BSC.
This incident resulted in $200M+ DeFi liquidations and a $100M+ of protocol bad debt.
As usual, let’s analyze this situation below👇
49
325
912
1/7
Many post-mortems after the Terra events have focused on “Wallet A” which played a large role in UST depegging
"Wallet A" swapped 85M UST for USDC and imbalanced the UST/3CRV Curve pool
There is a good chance this wallet is related to
@JaneStreetGroup
47
234
892
1/7
Another flash loan attack on a major DeFi protocol on BSC.
Today $7.2M was stolen from
@burger_swap
in 14 transactions.
Let’s see what’s happened👇
58
236
841
1/8
In the past few days, meme token SHIB has been a source of high gas prices and incredible profits for some early adopters.
Let’s take a look at some data to understand what’s going on👇
15
210
782
1/8
New weekend - a new attack on BSC DeFi protocol.
Today $6.2M in BUSD was stolen from Belt Finance in 8 transactions.
Below is what happened👇
36
212
759
1/6
Today, BUNNY tokens worth $1B+ were minted from Bunny Finance on BSC, resulting in $40M+ was stolen:
- 114k WBNB ($40M)
- 697k BUNNY
For this reason, the BUNNY price fell from $146 to $6👇
38
208
699
1/6
Many talk about the
@0xPolygon
success and the record number of transactions, but is everything really so good?
Let’s see how arbitrage bots spammed Polygon with failed transactions👇
41
145
698
1/12
Alright, I've been sitting on this news all day, but let's look at the
@BaldBaseBald
deployer.
This is definitely someone from Alameda, but I don't think we can safely say that this is
@SBF_FTX
(even though he is a psycho)
Let's go👇
25
131
673
1/7
Rari Capital lost a lot of funds as a result of a complex exploit, right?
However, things are far from simple, and we witnessed the first cross-chain exploit, so let’s see how it went👇
12
175
656
1/3
Looks like Larry Sukernik, one of the multi signers behind the $20M DeFi education fund, dumped UNI five hours before the $10M OTC sale.
30
90
617
1/5
We’re back to interesting exploits, and
@InverseFinance
users lost money today.
As a result, $15.6M was stolen in the form of:
- 1588 ETH
- 94 WBTC
- 4M DOLA
- 39.3 YFI
34
168
593
1/10
So, Uranium Finance (another Uniswap v2 fork on BSC) was exploited for $51M, right?
Nope, everything is much more complicated.
Let’s figure out what happened.👇
20
173
575
So what happened to Furuсombo👇
An attacker using a fake contract made Furuсombo think that Aave v2 has a new implementation.
Because of this, all interactions with ‘Aave v2’ allowed transfers approved tokens to an arbitrary address.
27
173
537
Below is the code that was used in today's attack through ads on crypto websites like
@coingecko
or
@etherscan
The attacker wanted to get tokens approvals or perform swaps through DEXs to their address (it is not hardcoded, since it was pulled from API)
31
185
514
I even started to get a little bored, but half an hour ago $31M were stolen from
@MonoXFinance
on Polygon and Ethereum.
- 5.7M MATIC ($10.5M)
- 3.9k WETH ($18.2M)
- 36.1 WBTC ($2M)
- 1.2k LINK ($31k)
- 3.1k GHST ($9.1k)
- 5.1M DUCK ($257k)
- 4.1k MIM ($4.1k)
- 274 IMX ($2k)
58
138
485
1/9
Another DeFi protocol xToken was exploited today and almost $25 million was stolen.
The attacker was smart enough (or close enough to this project) to use two different exploits for two projects’ tokens.👇
27
136
464
Looks like
@jack
's exchange of preference is Kraken.
I don’t know if Jack uses Ethereum, but he used a fresh address specifically to dump the ETH he made from selling his NFT tweet.
Good wallet privacy management
20
48
453
Since launching MetaMask Swaps in October, MetaMask earned almost $2.5M in ETH and $1.5M in various tokens.
This is 3x Kyber Network fees for the same period.
Wen Metamask token?
23
63
450
1/2
Ok, the first connect-kit version with the drainer (1.1.6) was added to the npm registry at 9:44am UTC
Better to check that you have not interacted with any UIs starting this time
24
130
428
1/3
Today
@Moola_Market
has been exploited for $8.4M:
- 8.8M CELO ($6.5M)
- 765k cEUR ($0.7M)
- 1.8M MOO ($0.6M)
- 644k cUSD ($0.6M)
It was an incredibly simple attack👇
63
102
394
1/6
Big Data Protocol on crazy hype, huh?
BDP contract now holds $6.2B, collected in just a few days, which puts the project on par with MakerDAO and WBTC.
Let’s take a look at the four addresses that collectively own 41% of this TVL and dump BDP as soon as they claim it.
14
84
377
It seems that
@justinsuntron
did not really like that I disclosed his address for BDP farming, and therefore he began to use a new one.
h/t
@DeBankDeFi
2/6
One of the addresses deposited 25% of the current TVL ($1.6B).
This is a lot of money and most likely belongs to
@justinsuntron
, who tried to buy
@jack
NFT tweet from this address.
He added to the BDP farm contract:
- 661.8k WETH
- 228.9M USDT
- 161.6M USDC
- 150 WBTC
8
12
108
21
52
380
1/5
Two hours ago, someone sold a huge amount of social tokens issued on Roll platform.
As a result, an attacker earned almost 3k ETH ($5.7M), of which 700 have already been sent to Tornado Cash.
Most of social token prices dumped as a result.
24
136
379
1/8
Another weekend with a DeFi exploit on BSC, and this time the AMM called vSwap from
@value_defi
is in trouble.
About $11M was stolen today from non 50/50 pools, in addition to $6M already lost this week as a result of contract reinitialization.
Let’s see what happened👇
11
113
386
1/11 Okay, MEV is coming
MEV is a consequence of the fact that miners (pool operators) have the right to choose the tx order in a block.
They can be the first to:
- execute arbitrage
- get access to token offerings
- perform liquidation
Plus, they may not pay a fee for this.
23
136
379
10/10
Since the team fixed this bug that led to the exploit, they should have known about it for sure.
In this case, the best option would be a white hack not to jeopardize users’ funds.
Since there was no white hack, I tend to believe that it was a rug pull.
18
23
381
1/7
DeFi exploits have recently picked up significantly.
So far, there has been at least ~$370M withdrawn from DeFi due to exploits.
In the first part of my latest report, you can quickly look at how the attack proceeds and how it is investigated.
13
93
353
1/7
Euler lost $197M in 6 tokens:
- 73.8k wstETH ($116M)
- 34.2M USDC
- 846 WBTC ($18.6M)
- 8k WETH ($12.6M)
- 8.9M DAI
- 3.8k stETH ($6M)
Also, EULER price fell by 52%👇
We are aware and our team is currently working with security professionals and law enforcement. We will release further information as soon as we have it.
111
104
532
21
111
339
Each time the attacker had more 3crv tokens, which he was later able to swap for stablecoins.
Lol, it's funny how so many flash loans have been used.
This means that my new research piece about flash loans, which will be released very soon, will be relevant.
10
9
345
1/12
I’m finally home, which means it’s time for a thread about a four-hour attack on Spartan Protocol that resulted in $30.5M being stolen.
@Peckshield
has already written about the root cause, but there will be more details here as usual.
Enjoy👇
11
100
331
How confident do you need to be to buy USDC on one of the ETH POW forks?
29
18
305
5/5
What do we know now?👇
- Despite the use of capital almost equal to the entire UST pool size, it was impossible to keep the peg.
- Jump lost hundreds of millions, which doesn’t even include CEXs.
- They control 36% of the total staked LUNA.
22
29
304
One of the dumbest things I've seen
It seems like the
@THORChain
team were well aware of the danger of using tx.origin but they were okay with it 🤔
17
37
200
7
33
296
3/8
The top 50 ‘diamond hands’ by the number of tokens have a paper profit ranging from $5M to $2.5B, with an average of $65M.
Btw, someone turned $17 into $6.5M, and they can get $4.2M with current liquidity.
8
38
266
1/5
Do you like fancy words like MEV and Flashbots and want to have ‘stress-free passive income’?
Then be careful, and don’t get caught by scammers like
@mevbots
.
For half a year of existence, 4.4k addresses independently transferred 1.8k ETH ($2M+) to them👇
36
63
229
8/8
The final tokenomics and the ability to claim tokens are not yet available (due to the absence of Merkle data), but it has already become clear that $WEN is really coming soon
20
9
248
Over the past two and a half years, the number of addresses interacting with DeFi protocols has grown from several thousand to over three million.
For this reason, over the past few months, I have been fascinated by researching the various characteristics of protocol userbases.
6
66
257
The Wintermute exploiter has one day to return funds👀
38
27
251
1/6
I’m very excited to release new “DeFi Protocol Revenue” charts in
@TheBlock__
data dashboard.
I have been collecting this data from Ethereum in parallel with all other work for two months now, so the release of these charts is very important for me.
9
67
257
1/6
Sad, but
@raft_fi
was exploited, and the attacker was able to mint 6.7 uncollateralized R stablecoin
The twist is that they converted them into ETH, which was sent to the null address, but first things first👇
We are aware of a potential security vulnerability.
We are currently investigating and will provide an update as soon as we can.
15
21
79
9
54
260
1/5
How can Defi live without new hacks, right?
The new victim is ForceDAO, who didn’t provide the necessary checks in a contract code.
Anyone could call the function “making a deposit” even without having FORCE.
However, the received xFORCE could be used to obtain real FORCE.
12
63
255
1/9
I looked at my calendar and realized that it was time for a little personal story.
It is about how exactly a year ago I quit my job at the most unsuitable moment and what happened in the end.
🧵
22
39
251
1/9
Today I’m starting a new chapter in my life by joining
@TheBlock__
family as a Research Analyst. I am very grateful to
@lawmaster
and all the rest of the team who supported the materials that I published here.
Also from today, I will be using my real name Igor on Twitter.
14
21
237
I don't think that
@Ledger
made all these updates...
🚨🚨🚨 RED ALERT 🚨🚨🚨:
Do not interact with ANY dApps until further notice. It appears that a commonly used web3 connector has been compromised which allows for injection of malicious code affecting numerous dApps.
515
3K
6K
11
36
222
.
@justinsuntron
trivially put about a $1B into
@LiquityProtocol
.
Another $2B are in
@Ellipsisfi
on BSC.
The rich get richer, right?
🚨 🚨 🚨 🚨 🚨 🚨 🚨 🚨 🚨 🚨 440,000
#ETH
(938,057,953 USD) transferred from unknown wallet to unknown wallet
27
43
324
14
37
223
Two failed transactions, why not use admin privileges?
13
18
214
1/9
One of the largest crypto market makers is Wintermute (
@wintermute_t
).
They are currently
#1
on Bitfinex based on current month volume, also very active on FTX, and responsible for 40% of dYdX volume in 2020.
Let’s see what we can find out from their Ethereum addresses.👇
3
37
219
$ENM hacker used Tornado to fund his address a week ago. Right after that, he claimed $UNI tokens for one of arbitrage contracts and withdrew them to himself in another tx by simulating arb. In theory, this claim could be a hack, which is why a mixer might have been used.
11
59
203
What was stolen ($14M+):
- 3,9k stETH
- 2.4M USDC
- 649k USDT
- 257k DAI
- 26 aWBTC
- 270 aWETH
- 296 aETH
- 2.3k aAAVE
- 4 WBTC
- 90k CRV
- 43k LINK
- 7.3k cETH
- 17.2M cUSDC
- 69 cWBTC
- 142.2M BAO
- 38.6k PERP
- 30.4k COMBO
- 75k PAID
- 225k UNIDX
- 342 GRO
- 19k NDX
15
47
188
Looks like casual rug pull.
PAID deployer made an attacker the owner of PAID admin contract.
This attacker deployed a new implementation contract for PAID token and minted almost 60M tokens.
22
47
184
9/9
I am sure that the actual damage from this case is greater than this figure, but the continuation of the analysis takes more time.
Perhaps later, I will find time to calculate all losses, as I did with Black Thursday.
17
15
188
8/8
According to Nansen, out of the Top 10 traders’ balances, only one sold tokens in the last week.
As already mentioned, the main reason for this is the very low liquidity, which will not allow to cash out in size.
Let’s see what happens when retail interest disappears
17
16
181
1/6
MakerDAO community was able to convince
@a16z
to start participating in governance.
Five days ago, a16z locked 20k MKR and voted for the current executive proposal.
But no one seems to have noticed that before that they also locked in some profits from their investments.👇
5
38
180
6/6
While scaling solutions have successfully lowered fees, they are already starting to run into problems due to adverse activity.
My user experience on BSC continues to deteriorate with each day, so it seems like the same will happen with Polygon.
18
12
180
FinNexus (FNX) contract deployer changed the token owner to some address on Ethereum and BSC.
This address minted:
- 323M FNX ($6M) on Ethereum
- 60M FNX ($1.6M) on BSC
and started dumping tokens.
Rug pull or StOlEn PrIvAtE kEy?
20
28
166
.
@1inchExchange
token is almost launching.
In addition to the 1inch token, 1inch distribution contract and a set of governance and staking contracts were deployed.
Get ready to give liquidity into pools with YFI, USDT, USDC, WBTC, DAI, and ETH on Mooniswap to farm 1inch.
12
28
167
2/8
49.5% of the token supply was added to Uniswap after token creation.
LP tokens from this pool were sent to
@VitalikButerin
along with the remaining SHIB.
Therefore, Vitalik, instead of selling, can simply withdraw 93% of the pool liquidity without any price impact ($118M).
18
17
167
The question is how did the exploiter validate a Merkle proof that he initiated a large deposit in one of the extremely old blocks?
(Bug in a MerkleProof contract?)
9
15
168
1/ Flash loaned 116k ETH from dYdX
2/ Flash loaned 99k ETH from Aave v2
3/ Borrow 134M USDC and 129M DAI using ETH as collateral on Compound
4/ Add 134M USDC and 36M DAI to 3crv Curve pool
5/ Withdraw 165M USDT from 3crv Curve pool
6/ Repeat five times👇
4
10
165
If you don't like Ethereum so much, why, instead of supporting DeFi copycats on your blockchain, you make money on competitor's blockchain?
9
8
159
1/5
Imagine if you could bet on a coin flip but couldn’t lose anything
This is how someone stole around $25k from dice9win today, with another $200k was saved by SEAL 911 members
Let’s figure out how it works (we have the team's approval)👇
Today is a historic moment for SEAL 911 as it was the first incident where we were able to prevent damage _before_ the attack was carried out. h/t
@FrankResearcher
for helping with this incident & the anon community member for the intel!
9
33
227
12
27
162
9/ Stablecoins have been deposited to Aave v2,
1k ETH to IronBank deployer,
1k ETH to Homora deployer,
220 ETH to Tornado,
100 ETH granted to Tornado
and almost 11k ETH remain on the exploiter balance.
17
6
153
8/8
This is not the first and far from the last time that project teams fork someone else’s code without a deep understanding of its work.
It’s pretty foolish to think that CZ will save you if you mindlessly deposit money into projects with anon devs or obscure teams.
7
18
158
7/7
The interoperability between DeFi protocols is becoming more complex, which opens up new vectors of attacks.
This attack was similar in difficulty to the Pickle Evil Jar and will become even more frequent in the future.
7
6
151
1/8
I noticed a few days ago the use of MEV sandwiching and was preparing a Twitter thread but got frontran by
@fifikobayashi
.
In any case, I have additional insights regarding this situation and the current MEV state in general.
Let’s go👇
For those of you wondering what MEV sandwiching looks like in the wild:
1. Hop onto block
#11955959
2. Go to the last page and look at the 3 oldest tx's
3. It starts with the victim's tx in the middle buying POLK tokens on uniswap
7
41
189
5
48
153
@FTX_Access
@jump_
They withdrew stablecoins from CEXs, and I think you have more answers than I...
7
2
150
1/10
For more than a week, someone has been trying to carry out a governance attack on
@SwerveFinance
(a dead Curve clone) and steal $1M+ in various stablecoins
Let’s figure out why he didn’t succeed and also find out who the exploiter is👇
🚨Swerve Finance is facing a likely governance attack. If for some reason you still have money there, would recommend withdrawing immediately.
13
41
125
11
27
151
7/8
The second one (0x3b45...) also had a lot of activity on Paraswap and made five deposits in Tornado Cash a few minutes before they were withdrawn to a new address.
Bad opsec😢
3
4
144
3/3
Consider four transactions:
- Larry received UNI from UGP address (18 days ago)
- sent 0.05 ETH on DeFi education fund address (16 hrs ago)
- swapped UNI on $50k using Uni v3 (15 hrs 55 mins ago)
- executed the $10M OTC deal (10 hrs 45 mins ago)
5
6
146
1/8
Time to do a quick overview of my research on DeFi liquidations.
Why are liquidations needed, how they work, how keepers harm the Ethereum ecosystem, and as always you can learn much more in 5–10 minutes of reading this piece.
But a summary here:
4
24
141
6/*
UPD: The exploiter initially was funded from Tornado Cash, sent ETH through Synapse to Arbitrum, and withdrew "clean" funds to Ethereum
16
7
138
For some reason, he was using the same block from two years ago
8
16
134
1/9
Crypto has existed for more than ten years, but we have not yet seen a real adoption.
One of the main issues is a rather high entry threshold and the lack of high-quality data.
@TheBlock__
is solving exactly that, and you are the one who can help bring adoption closer👇
24
26
134