Elad Ernst

@DexFi_ @blockaid_ @VerusCoin Pls dm

@blockaid_ @VerusCoin I was auditing that bridge yesterday wtf

🚨 Community alert: Blockaid's exploit detection system has identified an on-going exploit on the @veruscoin Verus-Ethereum Bridge (verus.io). ~$11.58M drained so far. More details in🧵

🚨Community alert: Thorchain was likely exploited on Bitcoin, Ethereum, BSC, Base for $10M+. Exploiter addresses bc1ql4u94klk265lnfur2ujk9p6uh52f2a8jhf6f37 0x82fc0d5150f3548027e971ec04c065f3c93154eb 0xd477b69551f49C0519F9B18c55030676138890Bd More details in🧵

Since December, @Blockaid_ has seen security incidents surge from a handful a month to several a day. The driver? AI. Threat actors are using AI to find and execute exploits faster than ever, at a fraction of the cost and skill it once required.

🚨 Community Alert! @ShapeShift FOX Colony (Colony Network) drained for ~$132.7K USDC + FOX on Arbitrum. More details in🧵

Introducing Blockaid's Risk Exposure: A real-time onchain compliance solution that lets organizations monitor addresses, transactions, and act the moment they're exposed to illicit funds. Powered by Blockaid’s first-party signals to make policies programmatically enforceable.

We’ve been working with @blockaid_ on investigating the legacy @humafinance v1 protocol exploit, and for transparency I’m sharing their excellent root cause analysis (link in the first reply). Here is a TL;DR and the key architectural learnings from the incident. 👇 TL;DR The Exploit: An attacker found a smart contract bug and drained ~$101K in leftover protocol and pool owner fees from three legacy v1 pools on Polygon. User Funds: Zero user funds were impacted. Isolation: This is strictly a v1 issue. It is completely unrelated to PayFi Strategy Tokens (PST), the permissioned v2 pools, or the permissionless programs (PST & Prime). Solana Programs: The Solana programs feature a fully redesigned architecture and do not contain the exploited functions or logic. Status: All v1 pools have been paused. Key Architectural Learnings On the surface, this was a smart contract bug in v1, launched in early 2023, but it highlights several critical protocol design and operational considerations where different paths should have been pursued: 1. Decouple state transitions from complex logic. Functions like _updateDueInfo() and _getDueInfo() carried high complexity to calculate dues and fees. Embedding state transitions within these complex functions is an anti-pattern. This complexity was recognized as unsatisfactory and was completely abandoned during the architecture of Huma v2 smart contracts. 2. Ruthlessly eliminate unused functions. requestCredit() was built to support future expansion but never actively utilized in operations. Non-critical functions inherently receive less testing and security scrutiny, creating an unnecessary attack vector. We even discussed removing it before launch, but kept it under the assumption that it doesn’t add much complexity. If a function isn't required for current operations, it shouldn't be in the contract. 3. Proactively migrate and close legacy pools. Leaving older contracts out on the blockchain creates unnecessary liabilities. With developers and attackers both leveraging AI extensively today, legacy contracts that haven't undergone AI-assisted audits are naturally more vulnerable. Older pools should be actively migrated and fully closed, rather than left running. We were in the process of sunsetting the v1 pools, but didn't have a chance to complete it. This is a hard lesson. But a hard lesson should never be wasted. Sharing these reflections to help the entire ecosystem in the joint defense against attackers. DeFi United, DeFi Strong! 🛡️

🚨 Community Alert - Exploit on @Aurellion_Labs An unverified EIP-2535 Diamond proxy on Arbitrum was exploited a few minutes ago for ~$456K because of uninitialized Diamond / unprotected initialize(). More Details in 🧵

🚨 Exploit Alert - @humafinance V1 (deprecated) ✅ No user funds at risk. Huma Finance's V1 BaseCreditPool deployments on Polygon were exploited a few minutes ago for ~$101K. Total drained: ~$101.4K (USDC + USDC.e) More Details:

🚨 Community Alert @inkfinance's Workspace Treasury Proxy on Polygon was exploited a few minutes ago for ~$140K. More details in🧵

DeFi is brutal, tough day at Renegade, but grateful this was isolated to V1 It's the simplest stuff that gets you, not even all the application-layer ZK complexities Shout out to the incredible @blockaid_ team, their monitoring tools and technical team are top-notch

Today’s blockchain compliance tools are slow and reactive. @Blockaid_’s Risk Exposure is built for onchain teams that need proactive, always-on compliance. Coming soon.

🚨 Blockaid's exploit detection system has identified an on-going exploit on TrustedVolumes (1inch market maker / resolver, @trustedvolumes ). Chain: Ethereum Victim contract: TrustedVolumes resolver — 0x9bA0CF1588E1DFA905eC948F7FE5104dD40EDa31 Exploiter: 0xC3EBDdEa4f69df717a8f5c89e7cF20C1c0389100 Exploit tx: 0xc5c61b3ac39d854773b9dc34bd0cdbc8b5bbf75f18551802a0b5881fcb990513 Total extracted so far: ~$5.87M (1,291.16 WETH + 206,282 USDT + 16.939 WBTC + 1,268,771 USDC). Same operator as the March-2025 1inch Fusion V1 incident; this is a different vulnerability, in a TrustedVolumes-controlled custom RFQ swap proxy (0xeEeEEe53033F7227d488ae83a27Bc9A9D5051756). More details will follow.

🚨Blockaid's exploit detection system has identified an on-going exploit on an @EkuboProtocol custom extension contract on Ethereum. $1.4M drained so far. Ekubo users are not at risk. Only users who have approved this specific v2 contract as a spender (any token) are at immediate risk and should revoke now.

For us at @blockaid_ no news is good news. Most incidents we prevent go unnoticed and unreported.

🚨 Blockaid's exploit detection system identified an on-going admin-key compromise exploit on @wasabi_protocol across Ethereum and Base. The Wasabi: Deployer EOA was used to grant ADMIN_ROLE to an attacker helper contract, which then UUPS-upgraded the perp vaults and LongPool to a malicious implementation that drained balances.

When working with onchain assets, you need to detect and respond to attacks in seconds and minutes, not hours. The need for speed is real. @Blockaid_ gives teams the speed and agility they need to act and contain the damage in real time.

Update: Great news. Thanks to support from @Mysten_Labs and @SuiFoundation all users will be made whole ZERO losses for anyone. Aftermath will be up and running again soon. Thank you to both teams and to @blockaid_ for the rapid response. For clarity: this was not a Move contract-language security issue.

🚨Community Alert: Ongoing exploit on @SweatEconomy on @NEARProtocol. Exploiter: 3be304b2151870b2be88b9de0b80acab921337ad152584138bd852fc6e9ae018 Largest exploit tx: DvrSMfY85Anc6AuLUmoEDkDdab7qX5NUZLu76HN8NoPn

~$15.5M funds saved. 1.2K sketchy dApps blocked. 83K malicious txs caught. One year ago, we integrated @blockaid_ into all @WalletConnect sessions on Tangem. Safer web3 isn’t the goal; it’s the baseline.