Lei Wu

604 posts

Lei Wu banner
Lei Wu

Lei Wu

@realvisual

Co-founder of BlockSec (@BlockSecTeam) | Views are my own

Hongkong Beigetreten Nisan 2009
168 Folgt268 Follower
Lei Wu retweetet
DeepSeek
DeepSeek@deepseek_ai·
🚀 DeepSeek-V4 Preview is officially live & open-sourced! Welcome to the era of cost-effective 1M context length. 🔹 DeepSeek-V4-Pro: 1.6T total / 49B active params. Performance rivaling the world's top closed-source models. 🔹 DeepSeek-V4-Flash: 284B total / 13B active params. Your fast, efficient, and economical choice. Try it now at chat.deepseek.com via Expert Mode / Instant Mode. API is updated & available today! 📄 Tech Report: huggingface.co/deepseek-ai/De… 🤗 Open Weights: huggingface.co/collections/de… 1/n
DeepSeek tweet media
English
1.6K
7.7K
45.1K
9.6M
Lei Wu
Lei Wu@realvisual·
DeepSeek-V4 just dropped, turning million-token context into a routinely deployable engineering capability. Another possible highlight: kernel performance was validated on Huawei Ascend NPUs. huggingface.co/collections/de…
English
0
0
0
117
Lei Wu
Lei Wu@realvisual·
Code audits matter. But infrastructure security deserves equal attention. 🧵 "...we believe the attack was the result of a private key compromise...This was not a smart contract vulnerability or a protocol-level exploit; the Sui blockchain and its infrastructure performed as intended throughout."
Volo@volo_sui

📋 Community Status Report - Volo Protocol We want to provide our community with a full and honest account of where things stand following yesterday's security incident. We owe you clarity, and we are committed to providing it every step of the way. 1. Cause of the Hack Our investigation is ongoing, and we do not want to speculate on details before we have a complete picture. What we can share at this stage: we believe the attack was the result of a private key compromise. Despite our best efforts and security practices in place, the attacker was able to exploit this vector to access the affected Vaults. This was not a smart contract vulnerability or a protocol-level exploit; the Sui blockchain and its infrastructure performed as intended throughout. A full technical post-mortem will be published once the investigation is concluded. We are working with security partners to ensure this cannot happen again. 2. Fund Recovery - $2M Successfully Frozen Of the ~$3.5M in assets taken, we have successfully frozen approximately $2M in close coordination with the Sui Foundation and ecosystem partners. This was the result of a rapid, round-the-clock effort from our team and the broader ecosystem. We are continuing to work through the details of the recovery and return process with our partners during EST business hours on Wednesday. A further update will follow as soon as those discussions are concluded. 3. Making Users Whole - We Are Fully Prepared For the remaining ~$1.5M, we are fully prepared to make every affected user whole. No user will be left out of pocket. We know that a promise alone is not enough - we will be communicating every step of the process transparently before funds are returned, so you know exactly what is happening and when. Details on the reimbursement process will be shared shortly. We are deeply sorry this happened. The Volo Team is working without pause to resolve it and to rebuild the trust you have placed in us. Thank you for your patience and continued support.

English
0
0
0
94
Lei Wu retweetet
BlockSec Phalcon
BlockSec Phalcon@Phalcon_xyz·
.@arbitrum Security Council took emergency action to freeze 30,766 ETH held at the Arbitrum One address linked to the @KelpDAO exploit. The key technical point is how this was executed: it was not a normal transfer signed by the exploiter's key. Based on the on-chain trace, this appears to have been executed from Ethereum (L1) via governance-level emergency upgrade powers. The Upgrade Executor temporarily upgraded DelayedInbox, invoked a temporary entrypoint to enqueue a delayed L1→L2 message via Bridge.enqueueDelayedMessage(kind=3, ...), and then restored the original implementation. The critical logic change was that the sender input shifted from the standard msg.sender path to a caller-controlled parameter (then transformed via L1→L2 aliasing), allowing the injected message to carry exploiter-linked sender context. Also, kind=3 maps in Nitro to L1MessageType_L2Message, which allows L2MessageKind_UnsignedUserTx execution on L2, i.e., this path does not require a user signature check. So the L2 transaction view (“from exploiter to 0x…0DA0”) reflects a chain-level forced state transition, not a standard user-signed transfer. TX on L1: app.blocksec.com/phalcon/explor… TX on L2: app.blocksec.com/phalcon/explor…
BlockSec Phalcon tweet media
Arbitrum@arbitrum

The Arbitrum Security Council has taken emergency action to freeze the 30,766 ETH being held in the address on Arbitrum One that is connected to the KelpDAO exploit. The Security Council acted with input from law enforcement as to the exploiter’s identity, and, at all times, weighed its commitment to the security and integrity of the Arbitrum community without impacting any Arbitrum users or applications. After significant technical diligence and deliberation, the Security Council identified and executed a technical approach to move funds to safety without affecting any other chain state or Arbitrum users. As of April 20 11:26pm ET the funds have been successfully transferred to an intermediary frozen wallet. They are no longer accessible to the address that originally held the funds, and can only be moved by further action by Arbitrum governance, which will be coordinated with relevant parties.

English
11
14
67
10.5K
Lei Wu retweetet
BlockSec Phalcon
BlockSec Phalcon@Phalcon_xyz·
.@KelpDAO was reported attacked hours ago, with total losses estimated around $290M. Based on community on-chain analysis (e.g., @banteg), the likely root cause is a compromise of the configured DVN/verifier on the Unichain→Ethereum rsETH bridge route: the route relied on a 1-of-1 check, which may have let a forged/unbacked bridge message pass verification and trigger a drain from the protocol's rsETH Adapter. The exploiter then deposited rsETH into Aave/Compound/Euler and borrowed roughly $236M in assets (WETH, wstETH, WBTC), which is the attacker’s tracked profit so far. @aave has frozen rsETH markets (V3/V4). The incident is still under investigation. The main risk now is contagion: thin rsETH liquidity could turn collateral exposure into bad debt.
Kelp@KelpDAO

Earlier today we identified suspicious cross-chain activity involving rsETH. We have paused rsETH contracts across mainnet and several L2s while we investigate. We are working with @LayerZero_Core, @unichain, our auditors and top security experts on RCA. We will keep you posted as we learn more about this situation. Please follow only the official @KelpDAO handle for the updates.

English
1
1
6
7K
Lei Wu retweetet
BlockSec Phalcon
BlockSec Phalcon@Phalcon_xyz·
ALERT! Our system detected a suspicious exploit targeting an unknown contract, reportedly the LML/USDT staking protocol, on #BSC hours ago, resulting in an estimated loss of ~$950K. While the victim contract is not open-source, our analysis suggests a likely pricing-design flaw: claimable rewards appear to have been calculated using a TWAP/snapshot-based price, while the attacker was able to sell the rewarded tokens at a manipulated spot price. This inconsistency may have enabled the attacker to extract profit through price manipulation and reverse swaps. Specifically, the attacker first used swaps, including a path with receiver = address(0), to push up the LML price in the pool. They then invoked claim through attacker-controlled addresses that had deposited earlier, making them eligible to claim directly during the attack. Example deposit TX: app.blocksec.com/phalcon/explor… Attack TX: app.blocksec.com/phalcon/explor… 🟦 Found by #PhalconSecurity, 🟦 Analyzed via #PhalconExplorer.
BlockSec Phalcon tweet media
English
4
12
47
7.3K
Lei Wu
Lei Wu@realvisual·
One observation from our evaluation: benchmark performance does not always translate to real-world incidents. model rankings can shift, detection looks strong, but turning that into real exploits remains challenging, especially without traces or prior hints. we selected models via @OpenRouter and would be happy to evaluate more. @OpenAI @GoogleAI @Zai_org
BlockSec@BlockSecTeam

One surprise from our data: GLM-5 from @Zai_org ranked 25th on @OpenAI's EVMbench (20.8%) but jumped to 7th on real-world incidents (42.9%), outperforming Gemini 3.1 Pro. Model rankings shift dramatically across datasets.

English
0
0
1
185
Lei Wu
Lei Wu@realvisual·
@hklst4r 很👍的分析。 好奇这种在理论上应该能算出最佳获利点的吧?可能攻击者的计算不准确/出了问题。
中文
1
0
0
491
Lei Wu retweetet
BlockSec Phalcon
BlockSec Phalcon@Phalcon_xyz·
Introducing #ThePhalconReport, it is a four-chapter investigation into the state of crypto crime in 2025. From stablecoin freezes to drug cartel ledgers, from scam compounds to laundering networks. Powered by #PhalconCompliance🟧. Chapter I drops tomorrow.
BlockSec Phalcon tweet media
English
2
2
8
3.8K
Lei Wu
Lei Wu@realvisual·
New deep dive on the Nov 30, 2025 Yearn Finance yETH pool exploit ($9M+). We go beyond transaction traces with Foundry + Python simulations to show why the attack worked, attribute losses across the two vulnerabilities (~$8.1M vs ~$0.9M), reclassify the official root causes, and correct key technical misconceptions. Full writeup: blocksec.com/blog/yearn-fin…
BlockSec@BlockSecTeam

x.com/i/article/2022…

English
1
0
0
187
Lei Wu
Lei Wu@realvisual·
AI coding has advanced rapidly, but it still falls short of security-grade reliability. AI auditing is even more challenging and may require deep involvement from human experts.
pashov@pashov

🚨Claude Opus 4.6 wrote vulnerable code, leading to a smart contract exploit with $1.78M loss cbETH asset's price was set to $1.12 instead of ~$2,200. The PRs of the project show commits were co-authored by Claude - Is this the first hack of vibe-coded Solidity code?

English
0
0
1
187

Entdecken

@arbitrum @KelpDAO @banteg @aave @OpenRouter @OpenAI @GoogleAI @Zai_org