Dilation Effect 膨胀效应
231 posts
Dilation Effect 膨胀效应
@dilationeffect
We are a group of Web3 security enthusiasts from around the world. Share neutral viewpoints of security. 膨胀效应安全社区,专注于分享客观中立的 Web3 安全观点。
Black hole Katılım Mayıs 2023
18 Takip Edilen915 Takipçiler
0-click攻击效果演示视频:x.com/DarkNavyOrg/st…
DARKNAVY@DarkNavyOrg
We triggered WhatsApp 0-click on iOS/macOS/iPadOS. CVE-2025-55177 arises from missing validation that the [Redacted] message originates from a linked device, enabling specially crafted DNG parsing that triggers CVE-2025-43300. Analysis of Samsung CVE-2025-21043 is also ongoing.
中文
WhatsApp 近期出现了一个 0-click 漏洞,意味着攻击者给你发送一个恶意图片,你的设备就可能会被控制,攻击无门槛。考虑到使用 iPhone 时存在切换 Apple ID 等场景,会导致 WhatsApp 升级不及时。Dilation Effect做出紧急提醒,请检查 WhatsApp 版本,务必马上完成升级。同时也请定期升级你的iOS系统。
中文
This was an extremely unusual attack. How could 10 out of 12 validators’ signing keys have been compromised simultaneously? Can’t figure it out.
Shib@Shibtoken
UPDATE 13/09/25 What we know so far about the recent incident 👇 How the exploit was executed: • The attacker used funds from the bridge hack in the same block as the attack to acquire 4.6M BONE to temporarily gain validator voting power, attempting to do it in one transaction like a flash transaction • With this, they were able to sign a malicious state on Shibarium. • The flash loan-like transaction was repaid using assets drained from the bridge: 224.57 ETH & 92.6B SHIB. • Importantly, because the BONE remains delegated to validators, it is currently locked and cannot be withdrawn. Validator compromise: • Evidence indicates 10 of 12 validators’ signing keys were compromised. • Only @K9finance and @UnificationUND validators refused to sign the malicious state. • Without the flash loan, ($1m BONE bought and delegated in 1 transaction using the hacked funds) the attacker would not have achieved the required 2/3 majority. Assets affected: • Bridge assets: 224.57 ETH & 92.6B SHIB. • The attacker attempted to sell ~$700K in KNINE but all attempts failed after @K9finance DAO multisig blacklisted their address. • Additional tokens impacted (LEASH, ROAR, TREAT, BAD, SHIFU) have not been moved or sold at this time. Immediate actions taken: • Paused stake/unstake functions to protect community assets. • Transferred stake manager funds from proxy contracts to a secure 6/9 hardware multisig. • Partnered with Hexens, Seal911, and PeckShield for a full forensic investigation. Next steps: • Secure validator key transfers and confirm full chain integrity. • Restore stake manager funds once security is assured. • Continue coordinating with partners to freeze attacker-linked funds • Publish a full incident report once investigations conclude. Our commitment: The #ShibArmy deserves clarity and accountability. This is a fast-moving investigation, and we are working around the clock with leading security partners. Please bear with us — verified updates will be shared as soon as possible. Attacker address: etherscan.io/address/0x999e…
English
最近见过好几起因为线上会议导致电脑钱包被盗的事情。攻击者会构造各种场景,比如开会时音频有问题了要更新程序,会议过程中发来一个链接让打开阅读,或者利用会议软件本身特性来诱导授予远程控制权限等,真是防不胜防啊。如果认真做到我们总结的这几条简单安全原则,能避免99%此类攻击。
Dilation Effect 膨胀效应@dilationeffect
如何安全的参加线上会议、使用网络会议软件 使用各类会议软件来召开线上会议是Web3行业非常高频的活动,但近期通过线上会议来钓鱼的攻击越来越频繁,攻击方式也出现了很多创新。Dilation Effect总结了几点注意事项供大家参考,都是非常精简的干货:
中文
这里存在两个很明显的问题:
1、各角色的多签成员和阈值数量太少
2、各角色的多签成员存在大量重复使用
搞定热验证者的3个签名(由于地址重用导致Finalizer检查也可通过)就可能提空合约的USDC。历史上不是出现过 Ronin Network 9个验证节点的5个都被搞定的事情吗?@HyperliquidX @chameleon_jeff
中文
-Locker:紧急情况下,达到一定数量的投票时可暂停合约。2/5多签
0xf9d2282A4A4C216f624717C0747D23146FC048c5
0x58E1b0E63C905D5982324FCd9108582623b8132e
0x263294039413B96D25E4173a5F7599F8b3801504
0xda6816df552c3f9e0FB64979fb357800d690d79B
0xEF2364dB5db6F5539Aa0bC111771a94Ee47637Fc
日本語
Dilation Effect 对 Hyperliquid 的安全性做了一些研究。用户在 Hyperliquid 上交易,要先存入 USDC,存入的 USDC 留存在 Arbitrum 的 Bridge2合约,目前余额44亿美金,占 Arbitrum 网络上 USDC 总量的65%。保存如此巨量资金的智能合约,一定会是黑客关注的对象。Bridge2 合约的核心角色与职责如下:
中文
4、不要随意点击会议过程中出现的网站链接和文件。作为主持人来召开会议时,需要启用“等候室”功能,仔细确认每个参会人的身份。
中文
3、对会议过程中出现的各种弹框请求,默认点击拒绝。目前观察到的趋势,攻击者会利用一些会议软件的远程控制功能来进行攻击,我们肉眼看到的“录屏”请求其实是“远程控制”请求。
中文
1、优先使用Google Meet/Zoom等主流会议软件。如果对方让临时安装某款新的会议软件,要看是否为主流会议软件,对于那些没听过的,一定不要安装。且一定要注意去软件的官网下载,不要使用对方提供的链接来下载安装。
中文
如何安全的参加线上会议、使用网络会议软件
使用各类会议软件来召开线上会议是Web3行业非常高频的活动,但近期通过线上会议来钓鱼的攻击越来越频繁,攻击方式也出现了很多创新。Dilation Effect总结了几点注意事项供大家参考,都是非常精简的干货:
中文
Coinbase事件恰好说明这个趋势已经到了一个明显阶段。现在黑客的思路是越来越打开了。近期我们也监控到了一些新攻击方式,显示黑客的攻击和钓鱼思维又上升到了一个新的等级。
中文
一年前Dilation Effect在内部做出预判:以后的攻击趋势是,黑客除了针对组织(企业级冷钱包)的攻击,会逐步增加针对大户(平台的某个账户)的攻击。
Bybit事件之后,各大平台都做了大量加固措施,也许现在黑客搞定一个组织的难度提高了,但是针对性的搞定大户还是容易一些的,尤其是里应外合的场景。
Coinbase 🛡️@coinbase
Cyber criminals bribed and recruited rogue overseas support agents to pull personal data on <1% of Coinbase MTUs. No passwords, private keys, or funds were exposed. Prime accounts are untouched. We will reimburse impacted customers. More here: coinbase.com/blog/protectin…
中文