@zachxbt @bax1337 @circle @FastCompany 21 out 80 addresses that were blacklisted yesterday never had USDC transfers. Not sure if they block in case related batches or not
English
RealVovochka
1.3K posts
RealVovochka
@TobyFrei4
Decentralization Maxi | On-chain sleuth | Investigator
เข้าร่วม Eylül 2018
1.2K กำลังติดตาม757 ผู้ติดตาม
Circle has been named one of @FastCompany’s 2026 World’s Most Innovative Companies in the finance category.
The velocity of money is upgrading to the speed of the internet.
We’re building the infrastructure behind that shift, enabling the instant exchange of value worldwide.
fastcompany.com/91497212/finan…
English
@chainyoda its extremely easy to buy KYC - it's not a solution at all
English
All my friends will get mad but only KYC is the foolproof solution for bear market DeFi exploits
The Block@TheBlockCo
Balancer Labs to shut down after $128 million exploit; protocol eyes 'lean' restructuring theblock.co/post/394797/ba…
English
RealVovochka รีทวีตแล้ว
We doubled Claude usage on weekends, and outside 5–11am PT on weekdays for the next 2 weeks.
Claude@claudeai
A small thank you to everyone using Claude: We’re doubling usage outside our peak hours for the next two weeks.
English
@zacodil actually that transaction is not in the Flashbots Mempool Dumpster, so it looks like it wasnt leaked
English
Read both post mortems from CoW Protocol and Aave on the $50M swap. What they reveal is worse than the headlines. Here's what stood out:
The auction timeline:
- Three solvers quoted. Two found routes returning ~52K AAVE (~$5.7M). One returned ~330 AAVE (~$36K). The two good quotes were rejected by a hardcoded 12M gas limit in the verification system - legacy code nobody updated. The worst quote set the limit price.
- A solver later found the good route again and won two consecutive auctions. Then never submitted the transaction. No revert. No error. Just didn't execute. Then stopped bidding. CoW says this is "under investigation."
- The last solver standing had the worst route. Won the third auction with no competition. That's what executed.
Mempool leak:
- The solver submitted via private RPC. Etherscan tagged it as seen in the public mempool. If confirmed, the transaction leaked - enabling ~$34M in backrun extraction. Also "under investigation."
Aave's side:
- UI showed 99.9% price impact. Checkbox: "I confirm the swap with a potential 100% value loss." User confirmed on mobile.
- Initially announced a $600K fee refund. Post mortem now says $110K. That's not a rounding error.
- Shipping "Aave Shield" - blocks swaps over 25% price impact by default. A threshold check. After $50M.
- The user still hasn't contacted them.
What neither report addresses:
- Why CoW is hardcoded as the only swap provider with no price comparison.
- The SolverParticipationGuard deleted six weeks earlier instead of fixing it
- The 12M gas ceiling that rejected 160x better quotes was legacy code. CoW says it's "already fixed." It took a $50M loss to update a hardcoded number.
- CoW confirms even the best quotes reflected ~90% value loss. The liquidity wasn't there on any single chain. This isn't a routing problem - it's a liquidity fragmentation problem.
- Solver E found a 160x better route, won two consecutive auctions - and never submitted the transaction. Didn't even try. Then stopped bidding. The worst solver won the third auction by default. CoW's explanation: "ongoing investigation."
English
For any reason?! I'm assuming that your IP address and browser fingerprints get sent too?
Aave@aave
English
@zacodil Hardcoded 12m gas limit in check is sick as well as private rpc leak
English
@zacodil @StaniKulechov I cant imagine a single reason to buy 3% aave supply in one order
English
I would say its quite indirect evidence, too many ifs that its Garrett. I pretty sure he couldnt fat-fingered. If I had a smoking gun to my head and had to say what this money is, I'd say someone wanted to quickly pull liquidity from Binance, using unprepared individuals. The current geopolitical situation and alarming articles in the WSJ lead to certain conclusions. But i might be paranoid
English
the $50M AAVE wallet has a name now. and it makes the story worse.
I'll be straight: the laundering theory is suboptimal at best. KYC'd Binance wallet, and routing 80% of the value to entities that are hard to coordinate with and impossible to guarantee - risky way to wash money.
but then Lookonchain dropped this: 13 wallets traced back to Garrett Jin - former CEO of BitForex, the exchange that faked volumes, had a $57M private key "leak," got a fraud warning from Hong Kong SFC, and shut down. he sold 261K ETH ($543M) and 11.3K BTC ($761M) mid-February. the dates match exactly when these wallets withdrew stablecoins from Binance. one wallet shares the same Binance deposit address as Jin.
so the "poor guy fat-fingered it" narrative is now: a guy who ran an exchange that collapsed under fraud allegations, who moved $1.3B in crypto weeks earlier, opened Aave on his phone, saw a 99% loss warning, and tapped confirm.
CoW's routing function that should catch insane quotes was hard-disabled. one builder pocketed ~$34M in a single block. and we still don't know why someone with this background would do a $50M collateral swap through a mobile UI with zero slippage protection.
not claiming to know what this is. but it's not a fat finger.
Lookonchain@lookonchain
The person who swapped 50.43M aEthUSDT for only 327 aEthAAVE ($36K) may actually be Garrett Jin(#BitcoinOG1011short)! 👀 Evidence:👇 Through on-chain tracing, we found 13 wallets that may belong to him. These wallets: - All wallets received USDC or USDT from Binance on Feb 16 and Feb 20. - All wallets became active again today and moved funds to 2 new wallets. One of these wallets shares the same Binance deposit address as Garrett Jin. Garrett Jin sold 261,024 $ETH($543M) and 11,318 $BTC($761M) on Feb 15 and Feb 20, which is close to the dates when these wallets withdrew stablecoins from Binance. Wallets: 0x98B9D979C33dD7284C854909BCC09b51FBF97Ac8 0x8794C43CEaB422EF4F9397A818B0D5Fa73f9EEac 0x7017dD6E3C604626ADCB95E4e5562356E55442E0 0xAB6efD7ca41E7245573a54afa3Ec16D660Ad0548 0xd7536E10330Af851032102baDA7174910E8f3e5B 0xE197ac9a200A7EA52C0fb2Ab15f8A1f702077bf4 0x651b5943111E0B89216f36be8BC70B75cE0f415b 0xcaE19A19128C4Aabbabc2334613C6b7AE75b1111 0xA71E174Ef86d93573CfD0f18e04808Ebb4f718C4 0xaFec395F6CBeb64e674bd0a0d8c873fd2f97513e 0x315b44f9397b426F8453bB9b22DbcfBEFd3eFFd0 0xBE295544d2C07FcB67CEF20699DfF3Ebc45829e4 0x1AC312360AACf782993CB6E283aC433623f7e8b6 0x1cBa79CF8DD10D0D6cD6f098B34DFc3499377829 0x2E42E686c6444781E110775F2623E895e900AcbF 0x7d09eBF7A43FD3b0427541BA9D762466C9CBfC8A
English
RealVovochka รีทวีตแล้ว
nobody accidentally swaps $50M into a pool with $36K of liquidity lol. fresh wallet, $50.4M from Binance, zero slippage protection, routed through the jankiest Sushiswap path possible. and then an MEV bot just happens to flash borrow $29M from Morpho in the same block and pocket $9.9M?
cmon. 0xngmi called this exact play a year ago - construct a deliberately terrible swap, let a friendly bot extract the value, dirty money comes out the other side as "legit MEV profit."
$154K per AAVE isn't a fat finger. it's a laundering fee
Watcher.Guru@WatcherGuru
JUST IN: Trader accidentally swaps $50 million $USDT for $36,000 $AAVE on Ethereum.
English
When investigating crypto addresses, most analysts focus on who interacts with whom and how much value moves.
But one of the most revealing dimensions is often overlooked: time.
Looking at when transactions occur - temporal analysis - can reveal behavioural patterns that aren’t obvious in transaction graphs alone.
Regular activity windows, bursts of rapid transactions, long dormancy followed by movement, or coordinated timing across multiple addresses can all hint at automation, operational routines, or common control. In many investigations, timing becomes a behavioural fingerprint.
For investigative work, combining transaction flows with timing patterns can help surface operational habits, link wallets more confidently, and sometimes even reveal when actors react to external events.Curious to hear from other investigators:
Do you use temporal analysis when analysing crypto addresses, and in what circumstances has it been most useful?
Below is an image of an output generated from one of my temporal analysis tools (python script)! Would something like this be useful to you?
English
This address belongs to a hacker,the funds used are illegal proceeds stolen from BC.GAME!!
The hacker exploited a vulnerability in a third-party game and illegally profited $4,326,700 from BCGAME.
BCGAME is now offering a global bounty to all players worldwide for any leads on this address!Bounty reward: $500,000 USD!The HYPE invite code he used is: MMREFCSI
EyeOnChain@EyeOnChain
This one escalated very fast 🥶. Wallet 0xA5e4F8141Cb2759CeA58F28cF2d0AB21b98580cA came in heavy about 19 hours ago, receiving 1.7M USDC and going straight into a massive short --- 15,457 $ETH , roughly a $31M position. Big size and Clear conviction. But #ETH didn’t cooperate. As price pushed higher, the pressure started building. The position got hit with partial liquidations as the move continued against him. Margin kept shrinking… and shrinking. Now............. That original $1.7M USDC stack has been cut down to just $171K USDC. Roughly $1.53M gone in under 20 hours. High leverage cuts both ways. When you’re right, it feels unstoppable. When you’re wrong… it moves just as fast.
English
RealVovochka รีทวีตแล้ว
@PeckShieldAlert @sillytuna XMR is not at Hyperliquid it was bridged to Monero through Wagyu
English
#PeckShieldAlert The attacker who drained $24M worth of $aEthUSDC from @sillytuna has swapped ~$2M worth of $DAI & $ETH for 6,174.4 $XMR, which is currently held on #Hyperliquid.
Additionally, they have deposited ~6.5M $USDC & $USDT into CEXs including OKX, MEXC, & Bitkan, and laundered 375 $ETH via #TornadoCash.
English
Китайский трейдер опубликовал в WeChat фотографию: «Моя новая ферма. 40 серверов. Похоже на майнинговую ферму. Но это не криптовалюта. Это арбитражные боты».
Его друг переслал это сообщение всего одному человеку. К утру его увидели 3000 человек.
На одном из мониторов — открытый профиль. gabagool22. Прибыль 868 000 долларов. Теперь все знают, откуда берутся 30 000 долларов в неделю.
gabagool22. 28 620 прогнозов. Все прогнозы по BTC на 15 минут. Все по одной и той же стратегии.
Стратегия, показанная на просочившемся скриншоте:
→ Формирование позиции с низкой средней ценой
→ Следите за падением противоположного результата.
→ Проверьте, что ДА + НЕТ < 99 центов
→ Если хеджирование недоступно, закройте сделку без потерь.
→ Профиль: @gabagool22" target="_blank" rel="nofollow noopener">polymarket.com/@gabagool22
40 машин. Работают круглосуточно. Каждая сканирует разные окна. Вместе они печатают на сумму 140 000 долларов в месяц.
Фотография была удалена из WeChat. Но скриншоты уже есть в Discord. Кошелек по-прежнему публичный. Ферма продолжает работать.
Сейчас смотрят 685 тысяч человек. Кто-то пытался определить местоположение по метаданным фотографии. Они их удалили.
Русский
John Daghita (Lick) was arrested in the Caribbean yesterday as a direct result of my investigation.
In late January 2026, I exposed how John stole $ 46M+ in seized crypto assets from the US government by abusing access at CMDSS, his father's company, which held a USMS contract.
John then taunted me multiple times via his Telegram channel and dust attacked my public wallet address with stolen funds.
Thanks for the last laugh, John.
English
@somaxbt @PerpetualCow Of course, all the tools are lacking, and in-house manual effort is needed to block things, especially in incidents where there's a lot of public info. I only know one project doing this. Nothing in the name is related to cows.😎
English
@TobyFrei4 @PerpetualCow I think most compliance tools do not work in this case (because funds are from the victim). They need to update or mark those addresses manually, only then can the AML kit flag the address, otherwise it won’t trigger anything.
English
Hey guys, I was sleeping. Really sorry about that. If I’d been awake, I would of course have stopped these funds from going through.
1. Wagyu will never freeze funds. That’s just against everything I stand for.
My goal is instead to stop these kinds of funds from ever entering, similar to NEAR Intents or Railgun.
Compliance tools are in place to block transactions like these.
These just happened to pass because there was no risk score on them for a while from multiple venues.
The risk scores eventually kicked in, which is why the transactions stopped and only a small amount went through.
Clearly the current protocols aren’t sufficient. I’ll be working to make sure this never happens again.
English
@BoringSleuth @sillytuna nevermind 0xBEEF0000072943D4872462D9C7BD727f672eCB27 is wague. There is a different market maker with 0xbeef.
English
@BoringSleuth @sillytuna 0xBeef is market maker in intent based swaps. Share the wallet please
English
The Gas feeder wallet that funded the Hackers network of wallets for the $24 Million stolen from @sillytuna began with 0xBeef.
This Hacker is a serial scammer that I brought attention to over 3 Years ago, using 0xBeef in their address’/contracts is their Signature mark.
Tyler Reed - TruthLabs 🫡@BoringSleuth
I'm going to one day show this, but their are two Serial rug artists in Crypto. They create a ton of contracts. Their contracts leave their signature marks, the word "beef" or "fed", found typically at the very beginning, in the very middle, or at the very end of their contract.
English
@ImmutableLawyer There shouldn't be decentralised swaps to XMR w/o best in class AML monitoring. It's suicidal
English
Sole Controller of Platform: If I’d been awake, I would of course have stopped these funds from going through.
From Wagyu Interface:
Platform Description: Wagyu swaps are done through a decentralized bridge aggregator and Hyperliquid's decentralized orderbookinfrastructure.
Lmaoo
PerpetualCow.hl@PerpetualCow
Hey guys, I was sleeping. Really sorry about that. If I’d been awake, I would of course have stopped these funds from going through. 1. Wagyu will never freeze funds. That’s just against everything I stand for. My goal is instead to stop these kinds of funds from ever entering, similar to NEAR Intents or Railgun. Compliance tools are in place to block transactions like these. These just happened to pass because there was no risk score on them for a while from multiple venues. The risk scores eventually kicked in, which is why the transactions stopped and only a small amount went through. Clearly the current protocols aren’t sufficient. I’ll be working to make sure this never happens again.
English