VectorBits

⚠️Earlier Attack: STO Protocol - Loss ~69k The attack reported by DefimonAlerts came from yet another imitator. We have identified an earlier and more serious attack incident. Same token name — Victim token $STO: 0xc6941C6bffdc844073e2c7C22816216C3890Cd65 The first $STO attack was carried out by a completely different Attacker: 0x87A8Ff8AD993C10aF4ad85b62Ddb50b4968ABc93 Attack TX: bscscan.com/tx/0xf7f741bf1… Profit from this $STO attack: ~69k Vulnerability type (both incidents): Logic Error — Deflationary Sell-Burn Drain

👋AI Agent-powered EVM smart contract vulnerability batch detection framework。 Modes: Mode 1: Directed Scanning/Mode 2: Hybrid Fuzzing Input: Batch addresses / Block ranges / Real-time monitoring Decision: Strategy-driven, multi-LLM integration, Slither + LLM co-verification github.com/VectorBits/Ves…

@S7iter_ It can be even faster :)

@VectorBits 这么快？

⚠️⚠️⚠️Alert Notic Attack Tx: etherscan.io/tx/0x54bb31a5a… Victim contract: 0x222E674FB1a7910cCF228f8aECF760508426b482 Attacker: 0x4Fd9669FB676EA2AcE620AFb6178aE300EcFd8a9 Attacker contract: 0xc8540A70Aa191651D7Cf8ED854eA3d346C897b2A Chain: Mainnet Loss: ~ $13k

@Numbers19079000 Pay attention to another related TX: bscscan.com/tx/0xee614af97…

This is linked to a price manipulation exploit on #FAMA token on BSC The attacker took advantage of the syncFamaStakeAccount() function which can transfer tokens from the pool to the stake contract, inflating the price of FAMA skylens.certik.com/tx/bsc/0x3f830…

⚠️⚠️ Alert Notic Attack Tx: bscscan.com/tx/0x380cd298a… Victim contract: 0xb6761b4d7b913ef048c92e3bb1305883422e819a Attacker: 0x236f08d8962e1F29700e3D91009bfa8D37D71e53 Attacker contract: 0x129b803F5E8e36e2d6e705D84BBe7995b02FC0CB Chain: BSC Loss: ~ $10k

Alert Notic Attack Tx: etherscan.io/tx/0x623c74386… Victim contract: 0xF5E48fF26C60f3d2bdC0B38A570Ce6373a927E19 Attacker: 0x40D24cc6D173e9d2433446F4838BEe76D592A55d Chain: Mainnet Loss: ~ $859k

Alert Notic Attack Tx: bscscan.com/tx/0x6d060e0c4… Victim contract: 0x763FaE69d2b7882Ed6470BBcABA3A0B368c8f1D9 Attacker: 0x6bfdd4a4e895d5437b3073a3bc22a3ff6d3227fb Chain: BNB Smart Chain Loss: ~ $245k Preliminary Root Cause Analysis: The core issue appears to be related to the `getUserLPAmount` function producing incorrect LP share calculations under extreme conditions Key observations from preliminary analysis: 1. The protocol relies on internal reserve tracking that is not strongly validated against real-time pool balances and lacks protection mechanisms to defend against flash loan manipulation. 2. Under flash-loan-induced extreme liquidity states, the return value of `getUserLPAmount` becomes significantly distorted. 3. The function with selector `0x3cc9` (likely involved in reserve synchronization, LP burning, redemption, or reward distribution logic) does not appear to include deviation checks, threshold guards, or rollback conditions when reserve and actual pool states diverge substantially. 4. The combination of: - Calling `processLPReward` - Toggling internal state (selector `0x0f2de53f`) - Performing a very large buy of LED tokens directly to the dead address triggers abnormal behavior, including unexpected `LPRewardDistributed` events and abnormal increases in pool WBNB balance. 5. The attacker exploits this inconsistency by first massively buying LED to the burn address (causing price impact + abnormal reward/pool inflation), then immediately selling the acquired LED back, extracting profit from the distorted pool state.

🔍 Threat Intelligence Program is Live We’re opening our threat intelligence pipeline to the community. Submit threat incidents via our website "vectorbits.net Intelligence Column" or root@vectorbits.net. 💰 Premium rewards + an extra $10,000 USDC incentive pool, available after our March launch. #ThreatIntel #Web3Security #BugBounty #SecurityResearch

New blog post: Empty JSP File Evasion 🕵️‍♂️ Make a JSP file appear completely empty on disk while running a full webshell. Exploits Tomcat's timestamp-based recompilation to load malicious .class without triggering detection. Highly stealthy for red team ops. vectorbits.net/#/blog/Blank-J… #InfoSec #WebShell #RedTeam #CyberSecurity #bypass

We’re hiring！ We’re currently hiring for the following positions: Business Development Manager (Priority Hire) Security PhD (Intern) Security Researcher LLM / AI Security Engineer Remote-friendly. 👉 Apply: vectorbits.net/#/careers 📩 Contact: https[:]//t.me/Yooike

How to think and operate like a smart contract hunter. What follows is practical and directly applicable. I share techniques I actually use, and in recent months, they’ve brought in approximately $80k.

Yesterday, we received a theft incident request. We traced the on-chain flows, identified the root cause, and conducted remote incident response on the victim’s computer. Attacker address: 0xd1a5ddddac356fb4c57d7de55740366684ef1a59 The attacker stole funds from 10 victim wallets across 10 transactions, totaling $41k. Funds were stolen as USDC on Base, then bridged to Solana, and ultimately flowed to ChangeNOW. Root cause: downloading a malicious file. Malware sample hashes: hash1: 0be8e24e4faf7055cb0d458332d2e7f92660b49b7faa182fdee661670f96783d hash2: 0df30d75b43433200fa3b5a6ab7e4eea8f9a755c5cd4cdfe019c3be837b7121f Sample download link: #EgO3wGQppP" target="_blank" rel="nofollow noopener">limewire.com/d/4ANfQ#EgO3wG… Based on historical samples, this appears to be large-scale malware targeting Web3 practitioners, often bundled with third-party software. If you ever experience a theft incident and need assistance, feel free to contact https://t[.]me/S7iter. Of course, we sincerely hope you never have to face situations like this.