On-chain sleuth ๐Ÿ•ต๏ธ

187 posts

On-chain sleuth ๐Ÿ•ต๏ธ

On-chain sleuth ๐Ÿ•ต๏ธ

@Onchainsnoop

Fighting/Tracking/Reporting on-chain scams in my free time.

๊ฐ€์ž…์ผ Eylรผl 2022
227 ํŒ”๋กœ์ž‰291 ํŒ”๋กœ์›Œ
๊ณ ์ •๋œ ํŠธ์œ—
On-chain sleuth ๐Ÿ•ต๏ธ
On-chain sleuth ๐Ÿ•ต๏ธ@Onchainsnoopยท
Here's how the funds moved cross chain from SOL to ETH-@DriftProtocol hack -~$268M was bridged from Solana to Ethereum in ~7 hours. -At least 6 bridges were used (excluding gas-related transfers) -Total cross chain transactions: 143 Breakdown of bridge usage and volumes below.
On-chain sleuth ๐Ÿ•ต๏ธ tweet media
English
2
0
0
698
Cointelegraph
Cointelegraph@Cointelegraphยท
๐Ÿšจ JUST IN: The Drift Protocol exploiter has accumulated 130,262 $ETH worth $267M significantly impacting market volume.
Cointelegraph tweet mediaCointelegraph tweet media
English
70
66
321
35.3K
On-chain sleuth ๐Ÿ•ต๏ธ
On-chain sleuth ๐Ÿ•ต๏ธ@Onchainsnoopยท
Chainflip paused their Solana bridge as soon as the hacker started using their bridge ๐Ÿ‘๐Ÿปx.com/i/status/20394โ€ฆ
On-chain sleuth ๐Ÿ•ต๏ธ@Onchainsnoop

@WazzCrypto Chainflip paused their Solana bridge as soon as the hacker started using it. Crazy stuff..๐Ÿ˜ตโ€๐Ÿ’ซ Looks like only one transaction made it through before the pause: 0x5bcc066e5ae14ab419415fcb999dfdf1aa35ed26bdb8bf37ae4b849c39d6fcb4

English
0
0
1
78
On-chain sleuth ๐Ÿ•ต๏ธ
On-chain sleuth ๐Ÿ•ต๏ธ@Onchainsnoopยท
Here's how the funds moved cross chain from SOL to ETH-@DriftProtocol hack -~$268M was bridged from Solana to Ethereum in ~7 hours. -At least 6 bridges were used (excluding gas-related transfers) -Total cross chain transactions: 143 Breakdown of bridge usage and volumes below.
On-chain sleuth ๐Ÿ•ต๏ธ tweet media
English
2
0
0
698
ZachXBT
ZachXBT@zachxbtยท
Update: $230M+ USDC bridged via CCTP from Solana to Ethereum across 100+ txns. 6 hours is how long Circle had to freeze stolen funds from the $280M+ Drift hack. Circle is a centralized stablecoin issuer headquartered in New York and the attack began around 12 pm ET. Why does our industry allow them to stay silent? @jerallaire @circle @usdc
ZachXBT tweet media
English
196
348
2.7K
442.3K
Circle
Circle@circleยท
Two things are evolving together: how value moves and how work gets done. @jerallaire explains why the connection between them matters.
English
29
23
193
79.1K
ZachXBT
ZachXBT@zachxbtยท
Circle was asleep while many millions of USDC was swapped via CCTP from Solana to Ethereum for hours from the 9 figure Drift hack during US hours. Value was moved and nothing was done yet again. Comes days after you froze 16+ business hot wallets incompetently which is still being slowly unfrozen. @circle @jerallaire @usdc are bad actors for the industry.
ZachXBT tweet mediaZachXBT tweet media
English
185
388
3.6K
412.4K
chainflipgod
chainflipgod@chainflipgodยท
@Onchainsnoop @WazzCrypto Yeah myself and another Chainflip LP saw the Mert tweet and were on it within a moment, worked with the Chainflip team to get it shutdown as best we could First one got through because the blockchain analytics companies are slower than molasses to update
English
2
0
2
97
Wazz
Wazz@WazzCryptoยท
Drift summary: - $200M stolen and no one noticed for an hour - Apparently a single compromised admin key (lol) - Hacker still came in for seconds 2 hours after the hack to drain a few extra millions - Hacker still bridging out $USDC 3 hours after the hack wp everyone
English
33
10
519
48.7K
On-chain sleuth ๐Ÿ•ต๏ธ
On-chain sleuth ๐Ÿ•ต๏ธ@Onchainsnoopยท
Follow-up attack (Jan 8): 0x7347C7468Cef51053d395a6D1e0c771198c5014A Funds were routed via ChangeNOW and appear to have been swapped into XMR.
English
0
0
0
212
On-chain sleuth ๐Ÿ•ต๏ธ
On-chain sleuth ๐Ÿ•ต๏ธ@Onchainsnoopยท
Attacker addresses linked to the Jan 5 and Jan 8 Kontigo hack. (Base/Ethereum) Jan 5 attack: 0x1347914ac3184382e955e2b26089743836cb24a0 0xfeeb5227ef65eb78ef6baccbcd643944103684f6 0x61FcBA9828c8f65B1C5a62E420B1F56517f6FcD7
HT
1
0
0
254
On-chain sleuth ๐Ÿ•ต๏ธ
On-chain sleuth ๐Ÿ•ต๏ธ@Onchainsnoopยท
@tayvano_ Round number input and random output. Looks like the 500k is an internal movement of funds between two addresses belonging to the same service and the output is withdrawal from the service..??
English
0
0
2
164
Tay ๐Ÿ’–
Tay ๐Ÿ’–@tayvano_ยท
You receive a flat 500,000 from someone. You know what it's for (wink wink nudge nudge ๐Ÿ˜„) Now, under what circumstances do you send out...*checks notes*....exactly $46,511.62? Don't overthink itโ€”you're not an expert and that's fine. Just use your brain. There are a handful of possibilities. All of them are possible based on the limited information I've given you. Some are more reasonable than others. What do you think?
English
9
0
32
4.6K
Tay ๐Ÿ’–
Tay ๐Ÿ’–@tayvano_ยท
I am very concerned that the courts, these AUSA's prosecuting crypto crime, and the IRS do not seem to understand the difference between using LIFO to: (1) establish the amount of assets that flowed through a very limited set of KNOWN parties and a very limited set of their KNOWN accounts. (2) trace $148k through TEN unattributed wallets on the blockchain, each of which do somewhere between $4m in volume and $1.5 billion in volume, to establish that the last wallet in the chain received the victims funds and then sent out the victim's funds to Tornado Cash. I've never seen anything like this. I've never worked with a single fed who would back a freeze like this. I wouldn't back a freeze like this. Doing so runs a real risk in freezing an innocent third-party's funds unlawfully. It almost certainly does not impact the actual criminalโ€”the thief, or their money laundering counterparts. Thus, it would not create recourse for the victims of the original crime.
Tay ๐Ÿ’– tweet media
English
20
44
318
46.9K
On-chain sleuth ๐Ÿ•ต๏ธ ๋ฆฌํŠธ์œ—ํ•จ
ZachXBT
ZachXBT@zachxbtยท
1/ Meet Yicong Wang (็Ž‹้€ธ่ช), a Chinese OTC trader who has helped Lazarus Group convert tens of millions of stolen crypto to cash from various hacks via bank transfers since 2022.
ZachXBT tweet mediaZachXBT tweet mediaZachXBT tweet media
English
400
849
5.9K
1.4M
SlowMist
SlowMist@SlowMist_Teamยท
๐Ÿšจ Breaking News: SlowMist AML(@MistTrack_io), in collaboration with Taiwan's Criminal Investigation Bureau, Judicial Reform Foundation, and XREX, has set a legal precedent by cracking a complex crypto scam case! ๐Ÿ•ต๏ธโ€โ™‚๏ธ๐Ÿ’ผ๐Ÿ” For the first time in Taiwan's judicial history, advanced blockchain tracking technology was utilized to trace illegal fund flows and prove cryptocurrency asset ownership, leading to the freezing, seizing, and successful return of stolen funds to victims. ๐Ÿš“๐Ÿ’ธ๐Ÿ” This groundbreaking case showcases the power of collaboration and technology in fighting cybercrime and protecting digital assets. ๐ŸŒ๐Ÿ›ก๏ธ Read more about this landmark achievement and how it was accomplished. slowmist.medium.com/slowmist-aml-sโ€ฆ
English
6
8
41
8.9K
On-chain sleuth ๐Ÿ•ต๏ธ ๋ฆฌํŠธ์œ—ํ•จ
Rekt News
Rekt News@RektHQยท
Phishing is a year-round sport... ...but crypto has been providing especially bountiful waters lately. When it comes to the experts, it seems nobody is safe. What lurks in the murky depths? rekt.news/gone-phishing/
Rekt News tweet media
English
8
17
76
19.7K
On-chain sleuth ๐Ÿ•ต๏ธ ๋ฆฌํŠธ์œ—ํ•จ
ZachXBT
ZachXBT@zachxbtยท
It appears North Korea is also responsible for the $54M @coinexcom hack from yesterday after they accidentally connected their address to the $41M Stake hack on OP & Polygon. 0x75497999432b8701330fb68058bd21918c02ac59
ZachXBT tweet media
English
277
300
2.2K
105.6M
On-chain sleuth ๐Ÿ•ต๏ธ
On-chain sleuth ๐Ÿ•ต๏ธ@Onchainsnoopยท
@coinexcom As more information emerges and losses extend to two additional chains, BTC and XRP, the total stolen amount has surged significantly! BTC: 1BHNb9UJy4cWFB5wywZkTVgoNB4JbFmswH - 231 BTC ($6M) XRP: rpQxVcjVF2fC23r3xKyJS53jw8d5SRhZQf - 12,625,364 XRP ($6.1M) twitter.com/coinexcom/statโ€ฆ
CoinEx Global@coinexcom

#CoinExResponseUpdate - We have identified and isolated the suspicious wallet addresses linked to the hack: $ETH: ย *0xce013682eddefaca8c94fe56a43a04212ebe4673 ย *0x8bf8cd7F001D0584F98F53a3d82eD0bA498cC3dE ย *0xCC1AE485b617c59a7c577C02cd07078a2bcCE454 ย *0x483D88278Cbc0C9105c4807d558E06782AEFf584 $BTC: ย *1BHNb9UJy4cWFB5wywZkTVgoNB4JbFmswH $TRON: ย * TP75t6owoqXxskLq6FB2R37PymNTmohq9L ย * TPFUjxQzG88Vwynrpj2W61ZAkQ9W2QYgAQ$XRP: ย * rpQxVcjVF2fC23r3xKyJS53jw8d5SRhZQf We are actively collaborating with the affected crypto projects to formulate a solution. Furthermore, we urge crypto projects and our fellow crypto exchanges to remain vigilant. If you detect any unusual or related activities from the aforementioned wallet addresses, please contact us immediately. By standing together, we could navigate and surmount any challenges that come our way.

English
0
0
0
267
On-chain sleuth ๐Ÿ•ต๏ธ
On-chain sleuth ๐Ÿ•ต๏ธ@Onchainsnoopยท
Stolen tokens on on all 3 chains are being converted to thier native tokens. Additionally, a portion of the funds on Polygon has been transferred to a new address oklink.com/polygon/addresโ€ฆ @coinexcom
Tay ๐Ÿ’–@tayvano_

Looks like keys compromised. Outflows from lots of their hot wallets across many chains. Zach dropped more theft addies here ๐Ÿ‘‰ t.me/investigations CoinEx has been around a while and has shit across all the chains. I expect more outflows to be found in coming hours.

English
1
0
0
488

ํƒ์ƒ‰

@Cointelegraph @DriftProtocol @zachxbt @circle @jerallaire @usdc @chainflipgod @WazzCrypto