web3rekt.com

Did an analysis of the top data sources that feed web3rekt database. A big thank to you all for your effort @CertiKAlert @PeckShieldAlert @BlockSecTeam @BeosinAlert @AnciliaInc @zachxbt @RugDocIO @bbbb @CyStackSecurity @StaySAFUOrg @Mudit__Gupta and many others.

@RyanSAdams Definitely an intern!

The SEC says their account was compromised, but the original tweet looks suspiciously similar to something they'd publish. And if compromised, they certainly got their account back in a hurry. Maybe what actually happened is an intern hit send 24 hours too early.

Added a data feed from chainabuse!

Big update on web3rekt.com

@0xfoobar What is this?

wtf it’s real etherscan.io/tx/0x1e701748c…

Nice!

📸 Hundreds of people in Argentina forming the shape of a #Bitcoin in protest during soaring inflation 🇦🇷

How quickly people forget that the same can happen to traditional securities as well and that have not prevented ETFs on such getting approved - nytimes.com/2023/05/23/bus… XRP spike on hoax filing a ‘bad look’ but won’t sway SEC’s ETF approvals cointelegraph.com/news/xrp-hoax-… via @cointelegraph

@CharlesWangP Do you mean Raft Finance?

A protocol which was audited by Trail of Bits and HatsFinance was exploited, I have quite a critical opinion when it comes to different security companies, but these two I would absolutely see as top notch. This makes this topic even worse, that a protocol which had such a great audit coverage got exploited. It was not a bug reported, it was exploited…. The web3 security needs to unite together to prevent such things in the future - the only question is: „How can we do this?“ What is your opinion on this topic?

@x_explore_eth Very interesting two observations! I put money on your observations! 😀🙏

b. Use a middle address to swap erc20/trc20 token on dex and then transfer the ETH/TRX to the new address.

We do an analysis of Poloniex hacker. 1. Here is the table of current addresses and balance related to the hacker.

Was this bug flagged in the Hats Finance audit? Self Redemption can be caused to break Debt Accounting: The first depositor may be malicious, they can do a deposit for the minimum amount (borrow 301e18 tokens), then self-redeem causing all the future debt to be improperly counted.hatsfinance.medium.com/raft-finance-a…

.@raft_fi protocol on Ethereum was attacked due to a precision loss issue. The loss amounted to ~1577 Ether. However, the attacker mistakenly burnt 1570 of them, ultimately resulting in a net profit of -4 Ether after accounting for costs such as gas fees. The attacker initially donated 1,061 cbETH into the IRPM contract and subsequently liquidated his position (created in this transaction: explorer.phalcon.xyz/tx/eth/0xa1378…), which resulted in manipulation of the collateralIndex. Following this (explorer.phalcon.xyz/tx/eth/0xfeedb…), the attacker repeatedly increased his position by 1 collateral, receiving 1 share each time. It's important to note that the mint function in the rcbETH-c contract uses rounding up to calculate the number of shares to be minted. Due to this precision loss issue, the attacker received 1 share instead of the expected 0 shares when minting. The attacker subsequently redeemed all the cbETH he had paid. Finally, the attacker borrowed an extra 6,705,028 R tokens as profit.

@MetaTrustAlert $61k - bscscan.com/tx/0x4b98af11a…

📉 #MetaTrustAlert #Slippage A scammer dumped 151,695,090,227 $MEME on #BNBChain for 268 $BNB for $16K. The price of $MEME on #BNBChain has dropped 99.00%. Scammer: 0x7297858700781b3b133Fb1e82a1081DA93Ecb815 $MEME: 0xf967922a576c0462d78806946bfd22ebfc8250ff

@MetaTrustAlert The funny thing is that the token contract was created on 7th day of the 7th month. Not so lucky as the token name implies!

The scammer received 1.6M $LSC from the 0xae3...f8D who is the nodeFeeAddress of the $LSC token contract

📉 #MetaTrustAlert #Rugpull $1.1M rugpull. Our #MetaScout detected that a scammer dumped 3,003,098 $LSC for $1.1M. The price of $LSC on #BSC has dropped 98.33%. Token: bscscan.com/token/0x2b3559… Scammer: bscscan.com/address/0x9ef7… TX: bscscan.com/tx/0xca0ef4214…

@DecurityHQ Please tagged @Web3rekt_com for addition to database for interesting incidents like this. Thanks.

Although we revealed the exploit right away, we could not stop it since the protocol ceased operations after exactly the same exploit last year. twitter.com/finance_build/…

Another governance attack — this time on @finance_build defimon.xyz/attack/mainnet…

@MetaTrustAlert This is the same scammer who did OHEARN token and so many of other scammy tokens. Stay away. web3rekt.com/hacksandscams/…

📉 #MetaTrustAlert #Rugpull The price of $CongCong on #ETH has dropped 100.00%. The scammer dumped 1,603,040,020,640,000 $CongCong and got 45 $ETH(worth of $71.7K) Scammer: etherscan.io/address/0xbd72… Token: etherscan.io/token/0xa27e7c…

@DeDotFi Question for speakers. Have there beem any specific evaluation of accuracy and detection of the various platforms?

Chainalysis Investigations Lead Is ‘Unaware’ of Scientific Evidence the Surveillance Software Works bitcoinmagazine.com/technical/chai… via @L0laL33tz

@wallet_guard Just a coincident but we have peko protocol rugged today! Punt on Mr. Peko