LEVI_104

@pennysplayer 之前做paradigm ctf 2022的时候，vanity那题也是这样，不过题目要算的是0x1626ba7e(算了三个多小时，but python）。这里是0x00000000，那个人在petal合约部署之后的四小时就搞定了😲

巧妙的ponzi hash游戏，稍微慢了2min，能躺着收米的000000邀请码被人抢先注册上了。曼巴out #code" target="_blank" rel="nofollow noopener">etherscan.io/address/0xe097…

@TycheKong @PolytopeLabs @Polkadot yoink again😹

What ???? etherscan.io/tx/0x9cf4aad49… @PolytopeLabs @Polkadot

Clara is something I actually use in my daily life among numerous AI products. tbh although it may sometimes make mistakes in analysis(just for now), it still gives me a general description when an attack occurs which helps me a lot.

@lzhou1110 AI will be helpful if someone is gonna build WhereToMigrate ;D

Looks like we have an imitator here for this Alkemi liquidation thing. Someone copied the attacks after 40 mins?

@hklst4r 噢噢有道理，攻击比rugpull更快一步😂

@0xLEVI104 原本的就是被攻击了。因为被黑客拿走的钱owner本来就能拿走。后续项目方直接跑路了

The root cause of the @SynapLogic apears to be a business logic fault. When purchasing the SYP token with ETH (or USDC), you can fill in the `address[] refBy` parameter with a list of addresses, each getting a certain percentage (10%) of the ETH/USDC user spend. However, the attacker uses `refBy = [self, self, ...]`, setting himself as the refer 31 times (reference gets 31 * 10% = 310% of the total spending) to drain the purchasing contract. The total loss is around $88K. --- It seems the contract has been already paused. This is only my preliminary analysis and I may make mistakes.

It seems someone is building a honeypot for hackers. 15 ETH, does it look tempting? Who is the prey, who is the hunter? Honeypot contract: #code" target="_blank" rel="nofollow noopener">etherscan.io/address/0x8326… Actually Log contract: etherscan.io/address/0xa865…

thread 4) the end, see u on chain

thread 3) When the market is good, your bot will keep climbing upwards, printing money :D

thread 1) In October last year, when fourmeme was in full swing, I used my spare time to build a fourmeme sniper bot, which I am now open sourcing: github.com/chen4903/group…. It can still run stably, but whether it is profitable depends on your strategy and the market.

thread 6) Therefore, if you plan to test on the mainnet, do not use commonly used addresses. You can use something like `makeAddr("user1-prevent-abuse")`. Or your tests maybe fail unexpectedly due to the fisherman. And never send real assets to such addresses

thread 5) He is constantly abusing other addresses we usually use... No need to decompile, it must be a malicious contract: #code" target="_blank" rel="nofollow noopener">basescan.org/address/0x3Ae1…

thread 1) Fisherman has a new idea to hack with 7702, plz note to use a public account when making tests or other stuffs

- Backend: github.com/chen4903/papri… - Front-end: github.com/chen4903/papri…

thread end) Everything will be open-sourced in July 2025.

thread 1) A simple tool, capable of comparing the similarity of Similar Contracts and guessing EVM contracts that are not open-source. paprika-evm.xyz

🔓 99+% of Ethereum contracts are closed-source. We built an LLM that decompiles their bytecode — and exposes what’s inside. Readable. Auditable. Battle-tested. Not a toy. Try it now 👉 evmdecompiler.com 📄 arxiv.org/abs/2506.19624 w/ @zaddyzaddy @lzhou1110 @dawnsongtweets @HatforceSec #Ethereum #BSC #SmartContracts #LLM #MEV #DeFi

@0_x_0_0_0 @beckerrjon 我无处不在🏄

🦦🦦🦦🦦🦦🦦🦦🦦🦦🦦🦦🦦🦦🦦🦦🦦🦦🦦🦦🦦🦦🦦🦦🦦🦦