Specter

13.4K posts

Specter banner
Specter

Specter

@SpecterAnalyst

Onchain Investigator | Peace ✌️ Specteranalyst.sol (.eth)

Katılım Mayıs 2024
450 Takip Edilen12K Takipçiler
Specter
Specter@SpecterAnalyst·
@Naeven_ Crazy dude 🤣😂 some accounts only need followers to showcase their banger boys talent
English
0
0
0
0
Specter
Specter@SpecterAnalyst·
One of the most infamous incidents in Ethereum history involved the Parity Multisig wallet, in which a total of 544,000 ETH (~$187.3M at the time, now ~$1.4B) was lost or frozen in 2017 On July 18, 2017, about 153K ETH (~$30M) was stolen from three project multisig wallets created via Parity. There was a 13-hour gap after the first wallet was drained before the attacker continued, successfully draining two more projects. White hats identified the same vulnerability and raced to exploit it, managing to secure some funds before the attacker could access them. The attacker distributed ~70K ETH across seven wallets (10K ETH each) and held them for years. Laundering activity began in 2021, with the last visible movements in 2024. The funds moved through services like Tornado Cash and eXch. I traced part of the funds to the Bitcoin network and also identified wallets used to withdraw from Tornado in 2023. The attacker still holds the majority of the stolen funds, totalling 109kETH (~$234M), across the following wallets: 0x4FB0BC75d56035fb6d07C80E44c156C88ba852ba 0x92446EB937Ec98842A146021002f605fDaBbE9D9 0x6a14E385Fff2F21aBE425A07CE29842b7037A80D 0x18345118bd04c405B4D74941563a21B5a2bF06b7 0xEf0683BEF79b7AD85573415c781eDFDE8bEc65b1 0x4De76b3dfD38292Ba71cF2465Ca3a1d526dCB567 0xB3764761E297D6f121e79C32A65829Cd1dDb4D32 The second incident (November 2017) In November 2017, a user known as devops199 accidentally triggered another critical bug. After the July exploit (caused by a function visibility issue), Parity deployed a new wallet library. However, it still contained a flaw. The user became the owner and then self-destructed the contract, effectively deleting the shared library. Since all Parity multisig wallets depended on that library for execution logic, this action permanently froze all affected wallets. Impact: -598 wallets affected ~514K ETH (~$156M at the time, now ~$1.1B) was frozen -Funds are still inaccessible today The largest affected wallet (~60% of total) belonged to the Web3 Foundation, tied to early fundraising for Polkadot Polkadot multisig (306K ETH): 0x3BfC20f0B9aFcAcE800D73D2191166FF16540258 Had the July hack occurred today, a small portion of the stolen funds would likely have been frozen and recovered with AML tools, and investigators would respond much faster and organizations such as @_SEAL_Org now operating in this space. Stay smart
Specter tweet mediaSpecter tweet mediaSpecter tweet media
English
5
0
23
1.5K
ZachXBT
ZachXBT@zachxbt·
@evilcos @coinbase @im23pds So basically Coinbase has an official page live threat actors can use to target Coinbase users via seed phrase social engineering if they wanted?
ZachXBT tweet media
English
54
50
574
57.3K
trade.xyz
trade.xyz@tradexyz·
S&P Dow Jones Indices and trade[XYZ] have joined forces to launch the first official S&P 500 perpetual contract, available exclusively on Hyperliquid. For 69 years, the S&P 500 has been a defining reference point for global finance. Until now, access to that benchmark has been shaped by market hours, intermediaries, and geography. Today, that changes. The S&P 500 perp is now available 24/7/365, anchored by the official index data required for deep liquidity and institutional confidence at scale.  SPDJI helped define modern indexing. They are stewards of an iconic benchmark, the standard against which portfolios across the globe are measured. We are honored to bring that legacy on-chain. Trade[XYZ] is bringing the world's most iconic assets towards a future of global, continuous markets — a future powered by Hyperliquid.
English
885
1.9K
7.5K
3M
tanuki42
tanuki42@tanuki42_·
You can lead a horse to water @VenusProtocol... 🐴 Venus was notified months in advance by multiple parties about this exact risk and chose to do nothing. I hope any users affected get fully reimbursed.
THENA@ThenaFi

Over the past 2 days, there has been a lot of discussion, concern, and misinformation around $THE. Let’s clarify what actually happened. THENA was not exploited. The incident originated from $THE market on Venus Protocol. Our own smart contracts and liquidity pools remain safe and operational. We had been monitoring suspicious accumulation patterns for months and shared observations with security and protocol partners as early as 2025. Venus was always a potential risk surface. We also worked closely with @zeroshadow_io and @HypernativeLabs, who helped flag early signals and coordinate with relevant parties, including law enforcement. While market conditions and liquidity can influence price dynamics during extreme events, the root cause of this incident was a known architectural gap in Venus’s supply cap enforcement, previously identified but not remediated. No one could predict how, if, or when an event like this would occur. But we were watching closely and ready to respond. So what’s next? 1. Later today $THE Single Sided Vaults will see a large increase in APR, driven by fees generated during the incident. These update weekly on Tuesdays. 2. This Epoch’s voters will see outsized returns following the extreme volatility on Sunday. We’re also planning to shed a bit more light on what THE future looks like. Yes, it’s a challenging time, but we’re doing everything we can to push through and remedy the situation. Onwards.

English
2
0
5
733
Wazz
Wazz@WazzCrypto·
Other than Eric Trump (who is barely sentient), there's not a single comment from a real person on this post It's all bots
Simon Gerovich@gerovich

Metaplanet has raised ~$255m from global institutional investors via a placement of new shares priced at a 2% premium, paired with fixed-strike warrants at a 10% premium that monetize our equity volatility for up to ~$276m in additional capital upon exercise. Up to ~$531m in additional firepower on our march towards 210,000 BTC. $MPJPY

English
7
3
167
88.4K
Specter
Specter@SpecterAnalyst·
Most people just want to post for engagement. For example, look at the $5M swap incident a few days ago everyone posted the same information with no details except mine (I'm the second to post it on X using timing). When it was later attributed, I was also the first to make the attribution with well detailed analysis. Most accounts simply just put the attribution, except Lookonchain, which also added some details. You sure understand why now.
English
0
0
2
34
Naeven
Naeven@Naeven_·
@SpecterAnalyst not blaming them, also it's not only look on chain their are so many accs who share half details as you said patient & details matters
English
1
0
1
44
Nova
Nova@badattrading_·
bro didn't like me showing his bundles
Nova tweet media
English
96
23
620
40.2K
Blockaid
Blockaid@blockaid_·
🚨Community Alert: Blockaid exploit detection system detected an ongoing exploit affecting @VenusProtocol via delegated borrowing abuse. Example exploit tx: bscscan.com/tx/0x5aede60c7…. Please pause any Venus interactions, avoid signing delegation approvals, and revoke existing delegate permissions immediately.
Blockaid tweet media
English
8
12
39
4K
Specter
Specter@SpecterAnalyst·
@Nikopolos I remember that day. I was totally shocked and surprised at the same time. The amount was just too big to lose to such an attack.
English
0
0
9
383
Specter
Specter@SpecterAnalyst·
Lol, imagine trying to justify one wrong by pointing to another. Undisclosed ads will always be treated the same whether the post was made before, now, or three years ago. It’s like saying illicit activity shouldn’t be uncovered just because it happened a long time ago. I remember linking some Meteora campaign payments that you were involved in, which weren’t disclosed the same goes for other influencers. Your followers should be your responsibility, not a way to get rich off them.
English
0
0
5
291
IcoBeast.eth🦇🔊
IcoBeast.eth🦇🔊@icobeast·
CT showing how incapable they are of identifying organic vs astroturfed engagement by accusing Mr Wonderful of undisclosed ads while ignoring the 99% of CT people who have been running undisclosed promos with botted engagement for the last 5 years. lol, lmao even
English
30
1
109
7.3K
Specter retweetledi
Specter
Specter@SpecterAnalyst·
The wallet is linked to the 10/11 whale, which was confirmed by @GarrettBullish to be his client. Wallet 0xcaE1 received $2.6M from Kraken between October and December 2025. On December 20, $2M was deposited to Binance. The deposit address had previously received 100M $USD1 on November 17 from: 0xF6FD12fbf8bBe0e08Ac739c3634CD1cB21acf5E9 Wallet 0xF6FD1 was first funded with 70.4K ETH (~$331M) on August 23, 2025 by: 0x079433Ee99C5dF344Fa9836c8cc6F64E6c4859b6 The funds were withdrawn from Hyperunit to 0x079. Tracing further, the source of the funds leads to: 19D5J8c59P2bAkWKvxSYw8scD3KUNWoZ1C Which links us to the main source: 1KAt6STtisWMMVo5XGdos9P7DBNNsFfjx7
Specter tweet mediaSpecter tweet mediaSpecter tweet media
Specter@SpecterAnalyst

A victim lost $50.3M after swapping 50.4M aUSDT for 327 aAAVE (~$35.9K). The victim received $50.9M USDC and $50.4M USDT from Binance on February 20 to two wallets: 0xcaE19A19128C4Aabbabc2334613C6b7AE75b1111 0x98B9D979C33dD7284C854909BCC09b51FBF97Ac8 About 2 hours ago, the victim supplied the USDT and USDC and received aUSDT and aUSDC. Wallet 0x98B then attempted to swap 50.4M aUSDT for aAAVE via CoW Protocol but only received 327 aAAVE (~$35.9K), likely due to extremely low liquidity for that pair. It is worth noting that the CoW Protocol UI shows a warning for such transactions and suggests using TWAP instead. Stay smart.

English
5
7
72
20.8K
Specter
Specter@SpecterAnalyst·
@bh359 You're not wrong
English
0
0
3
445
bheau
bheau@bh359·
correct me if I'm wrong but this seems like the largest ever single-block builder profit in ethereum history, ~$33m to titan it also may be one of the largest MEV block rewards ever on eth, a 568 ETH proposer payment which falls just behind the SVB USDC depeg (had a 692 ETH payment), 2023 sushiswap whitehat hack (689 ETH), and 2023 curve whitehat hack (584 ETH) others already commented on the original issues with the order (illiquid route + insane $155k AAVE limit price), but here's where the $50m went: - $36k to the user's cowswap order (331 AAVE) - $619k cowswap solver fee - ~$9.9m to the MEV bot that backran the 17,957 ETH -> 331 AAVE swap (backrun was 128 AAVE -> 17,959 ETH) - another ~$2.6m to the same MEV bot from backrunning the $50m USDT -> $37m WETH swap over multiple txs - ~$34.3m fee to titan from the MEV bot (includes $1.2m to lido as the block proposer) - ~$3.5m in dex swap fees + residual smaller arb txs insane payday for titan, who sent their profits to coinbase, and this single MEV bot took the majority of the arbs in both the illiquid AAVE/WETH pool and the $13m slippage swap in the main USDT/WETH pool
bheau tweet media
deebeez@deeberiroz

Poor fellow swapped $50m -> $35k on eth mainnet 😭😭😭 etherscan.io/tx/0x9fa9feab3…

English
45
42
483
181.2K
Specter
Specter@SpecterAnalyst·
@brycent Nothing horrible if it was deliberately done
English
0
0
1
114
Brycent
Brycent@brycent·
As much as I love Defi this is a horrible stain on the crypto industry. Losing 99% of $50m because you wanted to swap to another coin is insanity. You can say "OMG the user should DYOR" and know better but under no circumstance should you be able to swap $50m and basically lose the entire amount That's like attempting to buy $1000 of a stock and getting $.01 - feel bad for whoever tried that swap smh.
Stani.eth@StaniKulechov

Earlier today, a user attempted to buy AAVE using $50M USDT through the Aave interface. Given the unusually large size of the single order, the Aave interface, like most trading interfaces, warned the user about extraordinary slippage and required confirmation via a checkbox. The user confirmed the warning on their mobile device and proceeded with the swap, accepting the high slippage, which ultimately resulted in receiving only 324 AAVE in return. The transaction could not be moved forward without the user explicitly accepting the risk through the confirmation checkbox. The CoW Swap routers functioned as intended, and the integration followed standard industry practices. However, while the user was able to proceed with the swap, the final outcome was clearly far from optimal. Events like this do occur in DeFi, but the scale of this transaction was significantly larger than what is typically seen in the space. We sympathize with the user and will try to make a contact with the user and we will return $600K in fees collected from the transaction. The key takeaway is that while DeFi should remain open and permissionless, allowing users to perform transactions freely, there are additional guardrails the industry can build to better protect users. Our team will be investigating ways to improve these safeguards going forward.

English
213
67
1.6K
354.8K
Vadim
Vadim@zacodil·
nobody accidentally swaps $50M into a pool with $36K of liquidity lol. fresh wallet, $50.4M from Binance, zero slippage protection, routed through the jankiest Sushiswap path possible. and then an MEV bot just happens to flash borrow $29M from Morpho in the same block and pocket $9.9M? cmon. 0xngmi called this exact play a year ago - construct a deliberately terrible swap, let a friendly bot extract the value, dirty money comes out the other side as "legit MEV profit." $154K per AAVE isn't a fat finger. it's a laundering fee
Watcher.Guru@WatcherGuru

JUST IN: Trader accidentally swaps $50 million $USDT for $36,000 $AAVE on Ethereum.

English
380
583
7.2K
1.2M
MLM
MLM@mlmabc·
Who in the world manages $464M USDT from their phone? 0x651b5943111E0B89216f36be8BC70B75cE0f415b 0xAB6efD7ca41E7245573a54afa3Ec16D660Ad0548 0x8794C43CEaB422EF4F9397A818B0D5Fa73f9EEac 0x7017dD6E3C604626ADCB95E4e5562356E55442E0 0x98B9D979C33dD7284C854909BCC09b51FBF97Ac8 0xE197ac9a200A7EA52C0fb2Ab15f8A1f702077bf4 0xd7536E10330Af851032102baDA7174910E8f3e5B
Stani.eth@StaniKulechov

Earlier today, a user attempted to buy AAVE using $50M USDT through the Aave interface. Given the unusually large size of the single order, the Aave interface, like most trading interfaces, warned the user about extraordinary slippage and required confirmation via a checkbox. The user confirmed the warning on their mobile device and proceeded with the swap, accepting the high slippage, which ultimately resulted in receiving only 324 AAVE in return. The transaction could not be moved forward without the user explicitly accepting the risk through the confirmation checkbox. The CoW Swap routers functioned as intended, and the integration followed standard industry practices. However, while the user was able to proceed with the swap, the final outcome was clearly far from optimal. Events like this do occur in DeFi, but the scale of this transaction was significantly larger than what is typically seen in the space. We sympathize with the user and will try to make a contact with the user and we will return $600K in fees collected from the transaction. The key takeaway is that while DeFi should remain open and permissionless, allowing users to perform transactions freely, there are additional guardrails the industry can build to better protect users. Our team will be investigating ways to improve these safeguards going forward.

English
137
46
1.1K
325.8K

Keşfet

@Naeven_ @_SEAL_Org @c0de4c0ffee @VitalikButerin @inversebrah @zachxbt @evilcos @coinbase