xAudits

@AdevarLabs @banescusebi Congrats @banescusebi 🫡

Meet the Adevar Labs team 🚀This time our founder & CEO: @banescusebi >PhD in Computer Science (TU Munich) CAST Prize winner for best security thesis in 2018 >1200+ citations on Google Scholar >100+ audits, helped launch the first licensed insurance for smart contract hacks >15+ years in computer security, 7+ in web3 >Ex-Deloitte, Philips, BMW

Seems the @SeedifyFund hack is related again to North Korea DPRK group. What Happened more exactly: 1. Seedify’s cross-chain bridge (using LayerZero’s OFT standard) was exploited (the exploit was NOT a @LayerZero_Core/OFT code bug, but an ownership compromise). 2. The attacker gained ownership control of the OFT contract on certain chains (e.g., Base). 3. With that control, they abused the setTrustedRemoteAddress function to redirect the bridge’s trust to their own malicious contract. 4. This let them send fraudulent cross-chain messages that were treated as valid by the destination chains (BNB Chain, Base, Polygon). Result: attacker minted/received large amounts of $SFUND on BNB Chain and dumped them, causing a severe price crash. Attack Flow: 1. Ownership Takeover Attacker obtained the private key or otherwise compromised the admin account controlling SFUND_OFTv1 contracts on some chains. tx: app.blocksec.com/explorer/tx/ba… 2. Malicious Remote Address Set Using setTrustedRemoteAddress, attacker set their own contract (0xffad4bD0fA118010bA01a3C69C9Ed7fF460E943e) as the trusted Polygon/Base link. tx: app.blocksec.com/explorer/tx/ba… 3. Fake Cross-Chain Message Sent From Polygon, attacker sent a crafted message that looked legitimate to the OFT bridge. tx: app.blocksec.com/explorer/tx/po… 4. Tokens Minted/Released on Destination Chain On Base -> BNB Chain, the OFT bridge logic minted the equivalent $SFUND amount for the attacker. Final BNB exploit tx. Profit Realization Attacker dumped the stolen $SFUND into other assets, draining liquidity and crashing the price. tx: app.blocksec.com/explorer/tx/ba… 🚨 Root Cause 1. Private key compromise of the contract owner(s) like via: a) Social engineering/phishing (tricked admins into signing something bad) b) Poor key management (private key in a hot wallet/server/malware) c) Insider misuse d) any other tech glitches used by DPRK group (more to research in the next days) 2. Once the attacker had owner rights, they could freely modify LayerZero’s trusted remote configuration. 3. This is a known centralization risk in cross-chain bridges: the “owner” key becomes a single point of failure. 📉 Impact 1. Multiple chains affected (BNB, Base, Polygon). 2. Large amounts of $SFUND minted and stolen. 3. Rapid price crash due to sell-off. 4. Exploit abused the LayerZero OFT logic, but the underlying cause was ownership compromise, NOT a flaw in LayerZero itself.

🚨 There’s a large-scale supply chain attack in progress: the NPM account of a reputable developer has been compromised. The affected packages have already been downloaded over 1 billion times, meaning the entire JavaScript ecosystem may be at risk. The malicious payload works by silently swapping crypto addresses on the fly to steal funds. If you use a hardware wallet, pay attention to every transaction before signing and you're safe. If you don’t use a hardware wallet, refrain from making any on-chain transactions for now. It’s still unclear whether the attacker is also stealing seeds from software wallets directly at this stage. Excellent report here: jdstaerk.substack.com/p/we-just-foun…

Stay safe guys. We're glad it ended well, but it doesn't always happen that way, especially in web3.

@ixfiexchange 👀

$IXFI Public Sale is live! 1M+ users in 160+ countries, largest fiat on-ramp in crypto $IXFI is deflationary and built for real utility: card spending cashback, airdrops, lowest fees, and staking rewards 100% unlocked at TGE. Limited-time bonus Join: token.ixfi.com

xAudits is proud to continuously support the #MultiversX ecosystem - auditing smart contracts to help ensure a secure and reliable environment for the community.

@AnduTabacu @MultiversX 🫡

Let’s remake the Ecosystem map. If you are a project building on @MultiversX, drop a comment or dm. I’m putting together a preliminary list. 48 hours to ask for a spot (might DM for details).

Until now, every audit we've delivered has stood the test of time - high-end security, proven in the wild. 🔍 Smart Contract Audit Services for Rust & Solidity 🔗 Fortify your Web3 ecosystem on #MultiversX with expert-driven security. Your code, our scrutiny - no vulnerabilities left behind.

Secure your #MultiversX smart contracts with confidence. We have identified and fixed numerous vulnerabilities for leading projects. The best proof of our expertise is time itself ; after extensive periods, no vulnerabilities have been found in the smart contracts we audited for projects such as @LudoHQ , @OneDex_X , @SuperRare_Bears, and many more.

Smart Contract Audit Services for Rust & Solidity 🔍 Secure your Web3 ecosystem with xAudits! Our experts identify vulnerabilities using cutting-edge security research & an attacker's mindset to reinforce your code. 🔹 Reverse Engineering 🔹 Cryptography 🔹 Virtualization 🔹 Exploit Analysis 📩 Get audited today!

Ensure your blockchain project is secure and trustworthy with our Smart Contract Audit Services.🔒 We identify vulnerabilities, optimize code, and protect your assets. Build confidence in your platform. 🚀

Strengthen Your Web3 Security with xAudits Ensure the safety of your smart contracts with xAudits' expert audit services. Our team leverages advanced security research and an attacker's perspective to identify vulnerabilities and enhance code reliability. With expertise in reverse engineering, cryptography, malware analysis, and exploit detection, we help safeguard your Web3 ecosystem. 👉Read more on xAudits.io

@BHeroLaunchpad @GPTWars

@BHeroLaunchpad @ethereum @BeHeroNetwork @BNBCHAIN Let's audit some Smart Contracts on #Ethereum 🫡

@BeHeroNetwork let's do it again 🫡

New $BHAT Burn happening on #MultiversX! 🔥 Accordingly with our tokenomics 2.0 roadmap, a new buyback and burn of 200,000 $BHAT tokens was completed using funds from our products hub revenue. Here are the latest details: Current Supply: 180,500,857 Total Burnt Supply: 319,499,143 The Great Burn Progress: 79.87% You can check the live supply evolution and all burning events on our website burnbhat.com

Contest ALERT: Win Guaranteed $BHAT Tokens! 🎉 How to Participate: 1️⃣ Create content: a Tweet, TikTok video, Facebook post, Instagram reel, or any other social media format- image, video - anything goes! 2️⃣ Language? Your choice! 🌍 3️⃣ Use the tickers: $BHAT and $EGLD. 4️⃣ Join our Telegram groups and share your content URL there. 5️⃣ Get boosted by the community and earn 100% guaranteed $BHAT tokens! 🔥 Start creating and join the the movement. Let's go! 🚀

@BeHeroNetwork @xAnalyzeio welcome aboard my little brother @xAnalyzeio!

BH Network Presents: @xAnalyzeio ✨ Export Your MultiversX Wallet Transaction History Effortlessly We’re excited to launch xAnalyze, our 5th product, exclusively on the #MultiversX blockchain! 💡 What is xAnalyze? Easily export your full wallet transaction history or focus on specific dates. Perfect for tracking, reporting, and analysis. 🌟 Why Use xAnalyze? With the EU’s upcoming MiCA legislation, xAnalyze simplifies tax reporting for your #EGLD, ESDTs, and #NFTs, from the blockchain's genesis to today. Enjoy added perks: 🏆 Track leaderboard rankings. 🎁 Win prizes. 📣 Share on social media! The BH Network Team

The Linux kernel 6.10 introduces the mseal syscall for memory protection. Discover its unique features, how it differs from prior schemes, its kernel implementation, and the userspace exploits it prevents. hubs.la/Q02VNW-30

@DBCrypt0 @xSpac3s @MultiversX @OneFinityChain @BurnifyApp @Globees_Project @ProjectX_DAO @BHeroLaunchpad @Inspir3NFT @Longin_X @CatalinBarascu @SasuRobert @xAdamBates @AnduTabacu @mvgrigoras @c_iacob

War Mode On! Join @xSpac3s as we host core team members of @MultiversX for a mega space! 🔥 As well as special guests from: @OneFinityChain @BurnifyApp @Globees_Project @ProjectX_DAO @BHeroLaunchpad @Inspir3NFT Plus tons of prizes and giveaways! 🎁 Link in comments ⬇️

@flipixio GM!

GM! Who’s online from #MultiversX? 🎁 Say GM and share your wallet address ; a small gift of FLIPiX Points is coming your way!