EthSecurity

@SpecterAnalyst @zachxbt It’s so strange. Hackers bridges stolen funds from ethereum to btc. This guys do opposite

This is part of the stolen funds from a Coinbase user, originally reported by @zachxbt in March, 400.099 $BTC. A large portion of the stolen Bitcoin was bridged from Bitcoin to Ethereum via Thorchain and swapped for DAI. Bitcoin Theft Address: bc1qvlustvxhqzee9tgqers4tfungrg6c0fs4u76jf EVM Addresses: 0x17E0e39da162e17aFC566f835Fe41a5DF56E4EA5 0x5Edf5716CEbA7a7e8aD9a2a43c491b2A429193ae 0x1c453fd449356e07661372859B7D6A6591987F72 0xe9A798b332B8BF3c6710E91ec5E0A176a9524fBa 0x6C1692FFA729316A5E74B94ebC213F610b35C55E

@tpiliposian In armenia?

400km, some grass, and peace of mind today

@DeepPsycho_HQ Maybe but there is golden time

Read it slowly

@0xdice91 Is it awarded?

Damn🥲🥲 This kind of bugs used to be valid back then?? (4 years ago) I really missed

@MoneroMavrick If defi + big liquidity were built on monero it could trigger skyrocketing

1-Bitcoin Lightning bug allows remote theft of bitcoin via LND nodes. protos.com/bitcoin-lightn… 2-Uncovering and Fixing an Inflation Bug in Aleo. zksecurity.xyz/blog/posts/ale…

Use this list of fantastic telegram channels I've put together in order to discover them as your own personal Web3-Google! Feel free to use this folder to onboard your non-web3 friends to Web3, as the majority of the channels are maintained by independent researchers. There are also additional channels for news, CT reviews, and more!

@Sarah4Trump_ Peace

Name one thing this country gave to the world💚🤍❤️ #Iran

MCP security issues are well-documented, and now new defensive tools and testing strategies are emerging to help developers secure their implementations. 🧵

@cvetanovv0 @sherlockdefi This is basic advice seems for noobs

While judging a contest at @sherlockdefi, I saw many mistakes that auditors had made. That's why I decided to give some advice to all Security Researchers. It's worth reading 👇

Level up your blockchain security skills with hands-on shadow audits of real-world smart contracts. Get instant AI-powered feedback and track your progress. secudoku.statemind.io

The hacker behind the Nomad hack has been arrested poor guy, he is responsible for hacking 2.8 $ M. hundreds of wallets participated in the nomad bridge exploit. he is 47 years old and going to jail for 50 years. note: do not change your name when leaving israel

1inch market maker @trustedvolumes got hacked for over $4.5M and a few smaller MMs got hacked for $0.5M yesterday. The root cause is that 1inch calls MM contract’s resolveOrders function to get funds to its settlement contract. Most bots only checked the msg.sender = settlement contract - and unfortunately there was an arbitrary call vulnerability in settlement contract. Thus the hacker could forge resolveOrders call and drain MM contracts. The funny thing is the hacker incorrectly transferred half of the stolen funds to the 1inch settlement contract, making the funds available for everyone to grab, and he spent quite sometime to get funds back. We were trying to compete but the hacker got it first unfortunately.

⚠️A critical vulnerability (GHSA-vjh7-7g9h-fjfh) has been discovered in the widely-used elliptic encryption library. 😈Attackers can exploit this flaw by crafting specific inputs to extract private keys with just a single signature, potentially compromising digital assets or identity credentials. ✍️In our latest article, we break down the vulnerability—its root cause, impact, and how to mitigate the risks. ❤️Special thanks to @Rabby_io for providing the vulnerability intelligence. 🔗Read the full analysis here: slowmist.medium.com/private-key-le…

@4lteredBeast @mattkratter @USTreasury correct. if a protocol on ethereum were hacked EF do not fork it unless Ethereum protocol hacked

@mattkratter @USTreasury Typical BTC maxi misunderstanding of anything technical. This isn't a hack on the network, protocol, or even smart contract. Humans signed a transaction that they didn't read or understand. It's not 2016 any more and you guys need to move on.

If Vitalik and the Ethereum Foundation don't push through a hard fork to defund these North Korean hackers, they need to be held responsible for aiding and abetting global terrorism @USTreasury OFAC

Certik makes 50.000.000 USD with token audits every year. We tend to think that contests are a good representation of the overall security market, but there is so much more then that.

Urgent Update for Geth Users! Attention validators! If you are running Geth v1.15.1, upgrade to v1.15.2 immediately to prevent potential financial loss! github.com/ethereum/go-et…

@NiohBerg what the fuck is "iranian regime"? all they we know as regime are not iranian, most of them like their leader seyed ali hosseini is arab

Iranian regime supporters are infamously ugly. This is well known. They worship death and by extension, ugliness. They hate beauty and anything visually pleasing. Even genetically, they look entirely different from decent Iranians. Their inner corruption reflects outwards.

@sherlockdefi Does Transferfrom check revert on failure?

A vulnerability in the following snippet earned a Watson $1800 and a solo high. Can you spot the bug? This contract is a simplified version that deposits into Lido and withdraws all the balance when the withdraw function is called.

@sherlockdefi read storage find secret

The bugs in the following code are so easy that even a junior Watson can find them. The first 5 to do so will get a follow and retweet from us.