Cos(余弦)😶🌫️
@evilcos
Followers
111K
Following
20K
Media
807
Statuses
8K
Founder of @SlowMist_Team. Creator of https://t.co/tFCQExsAlL // 分身一号/捉虫大师/救火运动员 🕖灾备 https://t.co/bMGdsBlwmk
HACKING
Joined November 2008
努力克制不再回复极其偷懒的安全问题,很多答案稍微翻翻之前的分享都能找到。如果每个人都来不断的重复问,这生态如何更好一点,为什么不去问 GPT. 对啊,朋友们,GPT 啊。🥺.
361
33
470
RT @BigONEexchange: ⚠️ Security Incident Update:. - All private keys remain secure.- Our team is actively collaborating with @SlowMist_Team….
0
4
0
RT @SlowMist_Team: 🚨SlowMist TI Alert🚨. The exchange @BigONEexchange was exploited due to a supply chain attack and loss exceeds $27 millio….
0
28
0
RT @SlowMist_Team: 🚨SlowMist TI Alert🚨. MistEye has detected potential suspicious activities related to @ArcadiaFi. The loss was approximat….
0
6
0
Secure by Design 一个重要的安全思想及实践建议,感兴趣的可以自行搜索学习。. 图是 ChatGPT 4o 创作,生图时容易有错别字…不过图做的还不错,我提示词给的还行。
14
0
38
还有一类像我们这种白帽黑客,从 17 年入场开始研究 Blockchain/Crypto/Web3 各类的链上链下安全威胁,比如单一个假充值问题,我们的研究跨度就从比特币、门罗币到以太坊、Token、L2、Solana、Move 系、TON 网络等等。
现在市场里资金的注意力非常割裂。. 2014年以前进圈的A12+(主要是远古矿工+几大所老板),基本不关心行业前沿趋势了,要么退圈要么在转传统资本圈玩法,场内活跃度为0%。.
34
19
123
RT @SlowMist_Team: Thank you @MYX_Finance for your trust and recognition! ❤️. On July 9th, the SlowMist team received an urgent request for….
0
7
0
RT @MYX_Finance: [5/5].Gratitude roll-call • @SlowMist_Team for nonstop triage & patching • @dedaub, @pcaversaccio, and the @seal_911 war….
0
3
0
没精细地算,如果大差不差是这样的话,GMX 一分没亏,黑客也拿走了 500 万美金赏金,转白帽成功…这种神奇结果,除了黑客自己的操作之外,得感谢 ETH 这两天涨的不错…🤣.
51
12
164
这不仅是加密货币行业经典的安全价值计算问题,其他行业也有一样的困境。其他行业先不管,因为许多都有成熟法律来约束管控。加密货币行业,比如 DeFi 场景,宣扬所谓的 Code is Law 精神,据我所知,还没有任何现有法律是直接可以应用在通过智能合约漏洞获利这种场景的。
@evilcos 白帽 hacker: 你们协议有一个漏洞,可能会被利用。. 项目方:好的,知道了,多谢提醒(一毛不拔)。. 黑帽 cracker:你们协议有一个漏洞,我利用了(被盗 42M). 项目方:留下 10%,一切好说话。. 黑帽 cracker: 好说。$5M 到手。. 总结:. 要做一个___,而不是___。.
31
12
109
攻击者选择拿 GMX 给出的 500 万美金赏金,放弃盗走的 4200 万美金。经典。
Posting this message in hopes of connecting with the individual responsible for the GMX V1 exploit. You've successfully executed the exploit; your abilities in doing so are evident to anyone looking into the exploit transactions. The white-hat bug bounty of $5 million continues.
66
19
225
RT @SlowMist_Team: Recent attack on GMX (@GMX_IO) resulted in over $42M in losses. Here’s a summary of our analysis:. Root causes:. 1️⃣GMX….
0
11
0
注意 @PlasmaFDN X 号被盗了,这次钓鱼团伙发的推文迷惑性较高,推文 thread 看去有模有样,开头的链接用了 X/Twitter Bot UA 欺骗技巧,看去是真实域名,点击后跳到钓鱼域名 https://vault-plasma[.]to. 来源 @realScamSniffer 提醒。
16
11
44
RT @1nf0s3cpt: Unphishable Call for Contributors! 🛡️. We’re inviting the community to create new phishing challenges for Unphishable!. 🎯 I….
0
5
0
那些 fork 的项目都要注意了,别大意。. 昨晚 GMX 被盗 4200 万美金的根本原因是 GMX v1 在处理空头头寸时会立即更新全局空头平均价格(globalShortAveragePrices),而这个全局平均价格将直接影响总资产规模(AUM)的计算,进而导致 GLP 代币价格被操控。. 攻击者利用这个设计缺陷通过 Keeper.
The root cause of this attack stems from @GMX_IO v1's design flaw where short position operations immediately update the global short average prices (globalShortAveragePrices), which directly impacts the calculation of Assets Under Management (AUM), thereby allowing manipulation
35
23
139
RT @SlowMist_Team: The root cause of this attack stems from @GMX_IO v1's design flaw where short position operations immediately update th….
0
50
0
RT @SlowMist_Team: 🚨SlowMist TI Alert🚨. MistEye has detected potential suspicious activities related to @GMX_IO , involving a $42M ( $USDC,….
0
8
0