realvisual Profile Banner
Lei Wu Profile
Lei Wu

@realvisual

Followers
257
Following
596
Media
19
Statuses
564

Co-founder of BlockSec (@BlockSecTeam) | Views are my own

Hongkong
Joined April 2009
Don't wanna be here? Send us removal request.
@realvisual
Lei Wu
7 hours
Just curious why users are still interacting with @Bankroll_Status? Every transaction here is basically lining the attackers’ pockets. Do yourself a favor: Stay far away.
@Phalcon_xyz
BlockSec Phalcon
8 hours
Our system has detected a series of attacks targeting @Bankroll_Status across both Ethereum and BSC, resulting in total losses of ~$400K since Sep 2024. Attempts to contact the project team have received no response. These attacks exploit the same root vulnerability in the
Tweet media one
0
0
0
@realvisual
Lei Wu
2 days
0
39
0
@realvisual
Lei Wu
4 days
0
6
0
@realvisual
Lei Wu
8 days
As previously mentioned, EIP-7702 renders the sole condition "msg.sender == tx.origin" ineffective; the size/length of the code must also be taken into account!.
@BlockSecTeam
BlockSec
8 days
. @QuickswapDEX . 7702 breaks the assumption in the code, and creates an attack surface.
Tweet media one
0
1
5
@realvisual
Lei Wu
15 days
Bypassing insolvency checks—a classic attack vector for lending protocols—demands attention!.
@Phalcon_xyz
BlockSec Phalcon
15 days
Yet another lending protocol exploited via exchange rate manipulation on low-liquidity—even empty—markets!. Specifically, attackers artificially inflated #cvcrvUSD's share price through donations. @ResupplyFi's ResupplyPair contract ( created ~2h ago) uses
Tweet media one
0
2
12
@realvisual
Lei Wu
16 days
RT @BlockSecTeam: Our system detected several attack transactions targeting @SiloFinance's smart contracts on different chains, with the ro….
0
10
0
@realvisual
Lei Wu
16 days
RT @Phalcon_xyz: ALERT! Our system detected multiple attacks on #BSC targeting unidentified contracts (suspected MEV bots), resulting in ~$….
0
6
0
@realvisual
Lei Wu
18 days
Here are interesting BSC transactions exploiting EIP-7702’s EOA code delegation. Initial analysis suggested a $350K loss via a suspected force-swap attack, but the hardcoded tx.origin (0xbf073e9eb8a345d2e33e70c6e1f60b0cb6e85f9a) validation in the contract reveals a possible
Tweet media one
0
7
20
@realvisual
Lei Wu
1 month
Since @Corkprotocol has paused the protocol, I'd like to share some findings from our initial investigation based on the attack transaction trace: it appears that the protocol fails to properly verify the arguments passed to the CorkCall function, allowing the attacker to specify
Tweet media one
@BlockSecTeam
BlockSec
1 month
A bad day… @Corkprotocol was attacked. Detected by @Phalcon_xyz .
2
5
17
@realvisual
Lei Wu
1 month
RT @BlockSecTeam: A bad day… @Corkprotocol was attacked. Detected by @Phalcon_xyz .
0
3
0
@realvisual
Lei Wu
2 months
Yep, the overflow check can be bypassed:.
Tweet media one
@realvisual
Lei Wu
2 months
.@CetusProtocol was reported to have suffered a security incident resulting in a loss of ~$223M: $162M worth of funds has been frozen on the #Sui, while $60M has already been transferred to #Ethereum. Due to the lack of advanced forensic tools comparable to Phalcon Explorer
Tweet media one
0
5
13
@realvisual
Lei Wu
2 months
.@CetusProtocol was reported to have suffered a security incident resulting in a loss of ~$223M: $162M worth of funds has been frozen on the #Sui, while $60M has already been transferred to #Ethereum. Due to the lack of advanced forensic tools comparable to Phalcon Explorer
Tweet media one
@BlockSecTeam
BlockSec
2 months
A sad day (and night) . .
3
5
17
@realvisual
Lei Wu
4 months
Small but powerful features—especially handy for security folks.
@BlockSecTeam
BlockSec
4 months
Upgrade MetaSuites to 5.7.0 to sync local labels between Etherscan (or other scans) to Phalcon Explorer.
0
0
1
@realvisual
Lei Wu
5 months
An in-depth analysis you can’t afford to miss!.
@BlockSecTeam
BlockSec
5 months
In our latest blog, we dive deep into the recent @zkLend incident, offering a detailed security analysis and clearing up misunderstandings about the attack within the security community.
0
0
0
@realvisual
Lei Wu
5 months
RT @BlockSecTeam: In a word: Change your RPC to to avoid sandwich attacks and happily play @four_meme_! 🛡️🎮.
0
1
0
@realvisual
Lei Wu
5 months
RT @BlockSecTeam: 🚀Enhancing On-Chain Security on Ethereum and BSC🚀.Read the full analysis👉 Blocksec has partnered….
0
3
0
@realvisual
Lei Wu
6 months
RT @yajinzhou: We have released the data from our paper, 'Dissecting Payload-based Transaction Phishing on Ethereum,' which was accepted to….
0
5
0
@realvisual
Lei Wu
8 months
BlockSec Phalcon 2.0 has just been announced—ushering in a new era!.
@Phalcon_xyz
BlockSec Phalcon
8 months
🚀 BlockSec Phalcon 2.0 Unleashed! Don't let your protocols be unprotected!. We're thrilled to launch the 2.0 version of BlockSec Phalcon, the world's first crypto hack monitoring and blocking platform. BlockSec Phalcon 2.0 Delivers:.🛡️Extensive Coverage: Monitors the vast
Tweet media one
0
0
0
@realvisual
Lei Wu
9 months
RT @WXblockchain: Get ready to connect with @yajinzhou, CEO and Co-founder @BlockSecTeam at the upcoming 10th Global #Blockchain Summit.….
0
3
0
@realvisual
Lei Wu
10 months
RT @BlockSecTeam: .@OnyxDAO was attacked, resulting in a loss of nearly $4M. The root cause was unverified user input during the liquidatio….
0
17
0