Lei Wu
@realvisual
Followers
257
Following
596
Media
19
Statuses
564
Co-founder of BlockSec (@BlockSecTeam) | Views are my own
Hongkong
Joined April 2009
Just curious why users are still interacting with @Bankroll_Status? Every transaction here is basically lining the attackers’ pockets. Do yourself a favor: Stay far away.
Our system has detected a series of attacks targeting @Bankroll_Status across both Ethereum and BSC, resulting in total losses of ~$400K since Sep 2024. Attempts to contact the project team have received no response. These attacks exploit the same root vulnerability in the
0
0
0
As previously mentioned, EIP-7702 renders the sole condition "msg.sender == tx.origin" ineffective; the size/length of the code must also be taken into account!.
0
1
5
Bypassing insolvency checks—a classic attack vector for lending protocols—demands attention!.
Yet another lending protocol exploited via exchange rate manipulation on low-liquidity—even empty—markets!. Specifically, attackers artificially inflated #cvcrvUSD's share price through donations. @ResupplyFi's ResupplyPair contract ( created ~2h ago) uses
0
2
12
RT @BlockSecTeam: Our system detected several attack transactions targeting @SiloFinance's smart contracts on different chains, with the ro….
0
10
0
RT @Phalcon_xyz: ALERT! Our system detected multiple attacks on #BSC targeting unidentified contracts (suspected MEV bots), resulting in ~$….
0
6
0
Here are interesting BSC transactions exploiting EIP-7702’s EOA code delegation. Initial analysis suggested a $350K loss via a suspected force-swap attack, but the hardcoded tx.origin (0xbf073e9eb8a345d2e33e70c6e1f60b0cb6e85f9a) validation in the contract reveals a possible
0
7
20
Since @Corkprotocol has paused the protocol, I'd like to share some findings from our initial investigation based on the attack transaction trace: it appears that the protocol fails to properly verify the arguments passed to the CorkCall function, allowing the attacker to specify
A bad day… @Corkprotocol was attacked. Detected by @Phalcon_xyz .
2
5
17
0
3
0
Yep, the overflow check can be bypassed:.
.@CetusProtocol was reported to have suffered a security incident resulting in a loss of ~$223M: $162M worth of funds has been frozen on the #Sui, while $60M has already been transferred to #Ethereum. Due to the lack of advanced forensic tools comparable to Phalcon Explorer
0
5
13
.@CetusProtocol was reported to have suffered a security incident resulting in a loss of ~$223M: $162M worth of funds has been frozen on the #Sui, while $60M has already been transferred to #Ethereum. Due to the lack of advanced forensic tools comparable to Phalcon Explorer
A sad day (and night) . .
3
5
17
Small but powerful features—especially handy for security folks.
Upgrade MetaSuites to 5.7.0 to sync local labels between Etherscan (or other scans) to Phalcon Explorer.
0
0
1
An in-depth analysis you can’t afford to miss!.
In our latest blog, we dive deep into the recent @zkLend incident, offering a detailed security analysis and clearing up misunderstandings about the attack within the security community.
0
0
0
RT @BlockSecTeam: In a word: Change your RPC to to avoid sandwich attacks and happily play @four_meme_! 🛡️🎮.
0
1
0
RT @BlockSecTeam: 🚀Enhancing On-Chain Security on Ethereum and BSC🚀.Read the full analysis👉 Blocksec has partnered….
0
3
0
RT @yajinzhou: We have released the data from our paper, 'Dissecting Payload-based Transaction Phishing on Ethereum,' which was accepted to….
0
5
0
BlockSec Phalcon 2.0 has just been announced—ushering in a new era!.
🚀 BlockSec Phalcon 2.0 Unleashed! Don't let your protocols be unprotected!. We're thrilled to launch the 2.0 version of BlockSec Phalcon, the world's first crypto hack monitoring and blocking platform. BlockSec Phalcon 2.0 Delivers:.🛡️Extensive Coverage: Monitors the vast
0
0
0
RT @WXblockchain: Get ready to connect with @yajinzhou, CEO and Co-founder @BlockSecTeam at the upcoming 10th Global #Blockchain Summit.….
0
3
0
RT @BlockSecTeam: .@OnyxDAO was attacked, resulting in a loss of nearly $4M. The root cause was unverified user input during the liquidatio….
0
17
0