Warning ❗️ An attack on thematic
@telegram
crypto chats ongoing now. The attackers use an account named "Smokes Night" to spread Echelon malware by dropping a file into the chat room.
TLDR: Disable auto-downloading in Telegram settings right now.
👇 See the thread below 👇
You've been asking me for a long time and finally I decided to write an ultimative thread on an advanced (and authorial, please note) cryptocurrency storage technology 😎
Read carefully, there will be only Spy-level trips 👇
This video of cops in Nevada searching a suspect and finding a seed phrase is pretty wild. Imagine having your seed phrase become part of public record due to it being captured by an officer's body camera!
.
@FixedFloat
hacked, resulting in ~1,728 ETH (worth ~$4.85m) and & 409 BTC (worth ~$21m) stolen. The drainer already transferred most of the stolen ETH to eXch on Ethereum. 26M$ loss in total!
Drainer on Ethereum (1700 ETH stolen): 0x85c4fF99bF0eCb24e02921b0D4b5d336523Fa085
Researchers have detected an unusual transaction of $718M $ on the BSC network, the meaning of this is not clear at the moment, but many are already talking about a possible hack 🤷♂️
Interview with a
@KyberNetwork
hacker.
5 quick questions. 5 brief answers.
Key takeaways:
• I don't watch anime, but I get it tho.
• There's no secret ingredient, just do a lot of reading and practice.
•
@SoloditOfficial
and
@officer_cia
blog are very cool, a huge fan.
•
Attempting to conduct an interview with a
@KyberNetwork
exploiter. What can I possibly ask them?
Please post your questions in the comments section below the tweet!
If your job requires you to work with multiple files (for example, a CV), always request that they be uploaded to Google Drive in preview mode beforehand or just open them via .
The main goal is to convert a possibly infected PDF to pixels and vice versa.
The lockup assets on the Multichain MPC address have been moved to an unknown address abnormally.
The team is not sure what happened and is currently investigating.
It is recommended that all users suspend the use of Multichain services and revoke all contract approvals
I’m often asked if I’m aware of any dataset of DeFi exploits including post mortem analysis twitter threads, blog posts, etc…
So I collected such resources in my special note for y’all fam🫡
Gm fam ❤️ New day, new cool thread! 😎 Today I'll share with you the best
@solidity_lang
resources, as well as bonus materials such as awesome tools, patterns, & self-study Dev resources 💎
I spent a great deal of time filtering the information and checking it for this thread 👇
Attempting to conduct an interview with a
@KyberNetwork
exploiter. What can I possibly ask them?
Please post your questions in the comments section below the tweet!
Would stay extra vigilant over the holidays…
A few people I know were recently attacked & lost their crypto assets, I can't disclose the details publicly but what they had in common was that their seed phrases were generated 3-4 years ago, they were all 12 words.
To add, all
If the Ronin exploiter phishes the Euler one with a suspect decryption tool I think I might actually just write a screenplay
Alternative, more paranoid theory is that this is being stage managed between them
(Please don’t make the joke, it’s tired and stale at this point)
Gm fam ❤️ Let me start a mega-thread about smart contract-side and user-side attacks in Dapp, Web3, Blockchain, DeFi, NFT and Metaverse 🧐
You'll find the coolest links and tools in this track. Let's go! 👇
An Open Letter to the Manufacturers and Designers of Crypto Wallets (both cold and hot).
There have been far too many attacks lately. Many users are losing money due to what appear to be straightforward attacks. In light of this, I have made the decision to publish an open
Here's the victim of the 1157 wBTC address poisoning scam, issuing an on-chain message to hackers to return 90% of stolen assets! and promising to keep 10% as a bounty! (Image by
@somaxbt
)
I think the best hacker can do now is to keep his 10%. That would be wise IMO.
$68M (1155WBTC) lost after victim fell for address poisoning attack.
TL;DR on attack: Attacker is sending spam transactions to your address in order to catch you being inattentive. You can copy their address instead of your own from the TX history. Attackers generate addresses
The
@KyberNetwork
Hack: In-Depth analysis by
@BlockSecTeam
&
@0xdoug
&
@MetaSec_xyz
⬇️
TL;DR: It was exploited due to the flawed price calculation in 'computeSwapStep'. It produced a bigger price than the target price, but the tick was not crossed and liquidity on the next tick
Much much thanks to every single one of you for support on
@gitcoin
❤️
Follow my works progress here:
Grant:
DeFi Developer RoadMap:
Crypto Research Base:
Crypto OpSec SelfGuard:
A solution concept for
#KYC
without knowing your customer, leveraging self-sovereign identity and zero-knowledge proofs - Good Read! 👀
👉
This approach breaks the traditional privacy vs. transparency trade-off and provides structured transparency 🤯
Dear followers, I don't often ask for help, but in this situation, if you want me to create more content, please help me in any way that works for you…
I would appreciate it if you could donate to me at the following addresses:
0xB25C5E8fA1E53eEb9bE3421C59F6A66B786ED77A —
Chrome allows websites to write to the clipboard without the user’s permission!
Src:
It opens a possibility to preform a modified clipper attack! But this is way more complicated, I am surprised how attack vector on a clipboard has changed over time…
Dear followers, If I do not respond to you in DMs here or in TG, it does not mean that I am showing off or don’t like you; rather, it is because I am depressed (again) and really unable to do anything…
$68M (1155WBTC) lost after victim fell for address poisoning attack.
TL;DR on attack: Attacker is sending spam transactions to your address in order to catch you being inattentive. You can copy their address instead of your own from the TX history. Attackers generate addresses
🚨ALERT🚨Are we mistaken, or has someone truly lost $68M worth of $WBTC? Our system has detected another address falling victim to address poisoning, losing 1155 $WBTC. 😢
Victim:
Address poisoner:
Poison transaction:
Gn 😊 I've made this collection so you can use it as your handbook: you'll find in it a huge number of proven Solidity cheatsheets, tools, articles, resources, tools and an awesome bonus 👀
I'd be happy if you could distribute it!
Before you all start connecting to any dapps today - from your
@Ledger
device.❗️
Remember that you should first do a quick check to see if your browser is caching the most recent Ledger update or not. How to check:
1. Clear browser & device cache first;
2. Visit:
It would seem, what danger can a QR code pose? It turns out that you can even lose your crypto, fiat money and internet logins because of attacks!
Let's study these attacks and see how we can defend against them in my new
@viamirror
article!
GM!
Because of the increasing number of scams targeting people who don't know what MEV/MEV bot and so on are, I compiled a list of tried-and-true resources!
FYI:
Looks like orbit bridge is getting drained right now, different fresh wallets for wbtc usdt usdc and dai, test tx's showup on orbit bridge scanner but bigger ones doesnt. Wallets bellow
Awesome On-Chain Investigations HandBook 💎
Disclaimer: All information (tools, links, articles, text, images, etc.) is provided for educational purposes only! All information is also based on data from public sources. You are solely responsible for your actions, not the author!
Surprisingly, few people know that anyone can effectively defend against sim swapping…
And yes, it works both in the US and worldwide on almost all mobile operators!
Check out my thread below ⬇️
400 M + Twitter accounts data is on sale, among which the most critical are username, mobile # & email. Hacker was able to provide a sample list of 1000 usernames, and I was able to verify many of them
A clipboard meddling attack on hardware wallets with address verification evasion - Good Read! ❕
👉
Authors designed and implemented a EthClipper malware, which then successfully tested on Trezor, Ledger, and KeepKey wallets.
“It was definitely a private key that was compromised. If you look at the DAI transfer transaction, there was “uint was = allowed uint (-1)” which could have only been possible if the private key was compromised” - analysis by
@0xArhat
🫡
Gm 🙌 Spotted an awesome basic introduction to
#web3
and its concepts, using the
#javascript
you already know 🧐
👉
Check out my
#DeFi
&
#Web3
Developer Roadmap as well:
I guess I know how the Author got an inspiration 👀
Many of us travel by airplane and many of us have to deal with carrying luggage. That's a pretty serious threat to your
#OpSec
unless of course your computer or phone has potentially valuable information on it.
Read my thread ⬇️
A third variation of the "address poisoning" attack has been spotted!
In short, you receive tokens which price is displayed in your UI. You then try to exchange them, but the transaction fails, and the gas goes to the scammer’s wallet.
A thread 👇
Unverified messages: An online video showing a 1-click Telegram attack utilizing a calculator load as an example has been found (it is stated that it may be any malware, Windows-specific).
I strongly advise you to disable the auto-downloading function (disable both wi-fi and
How to protect your X/Twitter account against sim-swapping? A thread.
First, you can make a Google Fi account and turn on Advanced Protection:
We discussed this in more detail in the chat here, check it out (up/down):
1/6
GM! Going private for a few hours...
I'd like to ask you something... How many of you have actually seen my articles, GitHub collections, and investigations? Thank you ❤️
This video is from last year, but I never tyre of rewatching it again and again! It's extremely informative…
A police officer can be seen "working" behind the suspect's computer in this body-cam footage. Then he pulls out a USB memory stick and wipes everything out as the data
On November 23, 2023, the decentralized trading platform
@KyberNetwork
was attacked, resulting in the attacker stealing approximately $54.7 million…
Here is a PoC by
@paco0x
⬇️
In today's article, I'd want to draw your attention to some of my most time-consuming articles (there are 45+ already!), which I feel to be my best! Enjoy!
Surprisingly few people know that anyone can effectively defend against sim swapping. It works both in the US and worldwide in almost all mobile operators!
But how? Check out my thread 👇
Probably everyone has heard about the BNB chain hacked and then stopped? I've compiled everything for you step-by-step in the thread that you'll find below, for convenience here's its most recent version at the moment in a readable format:
I can't believe there are already 25,000 of you! 🎇🎆
We've been through a lot together, but there's more yet to come!
Thank you for everything dear community, without you I wouldn't have believed in myself!
Without you, none of this would have been possible! ❤️
Memo to those who have lost their funds.
1. Hacker may fail to drain all of your NFTs, stake position, or forget to drain assets from other networks. In these cases, the issue of how to get the remaining money back (un-hacked!) arises urgently. Check out
ZachXBT has just deleted his X/Twitter account...
Come back, we are all (adequate people) waiting for you!
Just DMed his 2nd account and waiting for a reply. If he will want it - I’ll share answers.
Gm! It seems
@GoGalaGames
$GALA token has been infinimint exploited on
#BSC
and is currently getting TWAP dumped by an attacker!
TX (use
@bscscan
): 0x4b239b0a92b8375ca293e0fde9386cbe6bbeb2f04bc23e7c80147308b9515c2e
Dear followers, I don't often ask for help, but in this situation, if you want me to create more content, please help me in any way that works for you…
I would appreciate it if you could donate to me at the following addresses:
Dear followers, I'm seeking for work.
I'll be reviewing my DMs all day; any suggestions are welcome. CV and other information will be provided during private conversations.
Thank you!
In case you didn't know, I'm maintaining a
#DeFi
Developer roadmap, thanks a lot to the community for your support ❤️
Link:
and a special thanks to
@LidoGrants
&
@LidoFinance
for helping me get started! You are awesome!
Here's the most correct recap of what's happening with OpenSea right now.
tl;dr The security of web3 platforms depend entirely on wallets with universally poor security UX, and there's very little the platforms can do about it.
Gm 🙌 I was asked if I know a list of all existing smart contract security tools. So I collected all known SC sec tools based on 4 fresh academic researches 😎
👉
👉
👉
👉
I'm happy to share that I have received a grant from
@LidoGrants
(ecosystem funds from
@LidoFinance
) for another 6 months of work on the
#DeFi
roadmap and related materials!
Check out our guide, pass it on to your friends, and check out
@LidoGrants
👀
This is the hacker.
As I do with every DM, I analyze all the info available to see whether this is legit. He had articles from 5 years ago, his message was professional, and it was a discord account since 2018. This was enough to start a conversation, at least.
Dear followers, I've made the decision to temporarily go private in order to address the shadowbans applied to my account, which are impacting the distribution of content. I'm hoping that by doing this, I can interact with my fans more often.
Stay safe!
In this article, we will explore the powerful capabilities of HackedWalletRecovery - an awesome tool developed by
@austingriffith
&
@buidlguidl
teams! I'll also provide some additional safety advice.
“If we finally want to give people the opportunity to be their own bank, we must realize that in this case, people must be able to replace all those services and actions for which traditional banks get money”.
Check out my updated OpSec guide ⬇️