GG with 2nd place. Thanks for organizing @DeFi_Wonderland!

is anyone heading to @EFDevcon? We are looking for a @DeFi_Wonderland CTF team members and are currently three. I also want to meet many security researchers. Please DM me if you're interested.

I'm heading to @EFDevcon in Argentina next month! I'd love to meet many security researchers and builders. Please DM me and recommend for good security events!

Huge thanks to @SEAL_911 for helping with the analysis.

When I queried approvals on-chain, there are many victims on Ethereum, but only few victims on Linea.

When victims deposited tokens into their wallets, the attacker used claimMessageWithProof() to execute the message (sent from Linea) on Ethereum and steal the tokens. Attack Tx (claimMessageWithProof):

The attacker identified that victims had approved Linea Bridge, then used sendMessage() to send a message calling USDT.transferFrom on Ethereum to steal tokens. Attacker's Tx (sendMessage):

I found that Linea provides message transmission functionality (arbitrary call) between L1 and L2.

The common activity of victims was that they had approved Linea Bridge on Ethereum through OKX Web3. This contract should not be approved (according to SEAL's analysis).

For some reason, I guess the OKX frontend requested users to approve the Linea Bridge contract. The wallet history showed approvals made on https://t.co/ZM5Iyn1U4z. Victim Approval Tx (approve):

SEAL's researchers discovered abnormal approvals. However, the victims hadn't visited phishing sites, and I saw their wallet approval history.

I analyzed attack tx at a friend's request. I couldn't find malicious contracts and tx, I requested @SEAL_911 .

I realized that we cannot trust approvals to official contracts. The safe usage is to approve up to the necessary amount. Let's dive into the incident.

If you've ever used @LineaBuild bridge on @okx Web3, Make sure to REVOKE approvals immediately on https://t.co/N8HibsHrkd. The contracts are 0xd19d4B5d358258f05D7B411E21A1460D11B0876F on Ethereum, 0x508ca82df566dcd1b0de8296e70a96332cd644ec on Linea.

GG. Enjoyed 3rd place again at this year's DEFCON CTF! Thanks to @SuperDiceCode.

GG for getting first blood at R3CTF by @r3kapig Thanks for the good Solana RCE pwn challenge, which only 3 teams solved!

GG with talented hackers

🎉The KimchiPremium took 3rd place at Remedy 2025! 🎉 We're a Korean CTF team that plays for fun. Many thanks to the @xyz_remedy @hexensio for hosting such a fantastic CTF with fun challenges. Looking forward to the next one!

Happy to have learned good lessons and excited to have tried @xyz_remedy 's Glider, which is a code query tool I’ve been wanting to explore for some time. I'm looking forward to trying for real hunting.

Good game with 3rd place and managed to solve an only 3-solved challenge. Thanks to @xyz_remedy @hexensio and all the authors for hosting the biggest Web3 CTF and creating such great challenges.