HACKDEFI

🚨Update on @lifiprotocol Exploiter Activity🚨 According to MistTrack's monitoring, the LIFI Exploiter transferred another 720 $ETH to Tornado Cash a few hours ago. As of now, the LIFI Exploiter has transferred 2006 $ETH to Tornado Cash, with ~847 $ETH still untransferred. (By the way, does this guy think this is peeling chain?😓) Click the link to view the fund tracking process⬇️ misttrack.io/s/lynf4

🚨SlowMist Security Alert🚨 We detected potential suspicious activity related to @Bedrock_DeFi due to mistakenly supporting the minting of uniBTC at a 1:1 exchange rate with the native token. As always, stay vigilant!

🚨 Phishing Alert: @Polymarket users targeted on Google search! 🔍 Protect your assets—avoid simple mistakes. Get our security extension now! 🛡️✨ Stay safe and alert! ⚠️

All About DeFi and Future of Finance - Full Course in 4 playlists (80 YT Videos): LINKS 👇 1. Course I: DeFi Infrastructure: 📎youtube.com/playlist?list=… 2. Course II: DeFi Primitives: 📎youtube.com/playlist?list=… 3. Course III: DeFi Deep Dive: 📎youtube.com/playlist?list=… 4. Course IV: DeFi Risks and Opportunities: 📎youtube.com/playlist?list=…

How to become a Better Smart Contract Auditor? It's simple, put maximum time into it and do it willingly, every single day, no Excuses First is learning, then the first letter of the word Learn is removed LEARN -> EARN

Writing Multi-Fuzzer Invariant Tests Using Chimera: Fuzz smart contracts using the same code with Echidna, Medusa & Foundry! dacian.me/writing-multi-…

「⚠️ @OnyxDAO Exploit: $4M Loss」 🔗metasleuth.io/result/eth/0x6… @OnyxDAO was hit by a $4M attack due to unverified inputs in the liquidation process. The attacker used the liquidateWithSingleRepay function to manipulate liquidation parameters, liquidating all collateral with just 1 token. 🕵️‍♂️ #MetaSleuth has tracked that two addresses (0xfd47f6 and 0x680910), belonging to the same attacker, profited $2.7M. The funds are distributed across three addresses: the two attacker addresses and 0x2d334f, with most profits swapped to ETH. The starting funds originated from @ChangeNOW_io 🛡️ Simplify your on-chain investigations with #MetaSleuth

ALERT! Our system has detected hundreds of suspicious transactions targeting an unknown, non-open-sourced contract on #BSC (0xff2481) over the past few hours, suggesting a possible reentrancy attack. The total loss has reached ~$140K. Interestingly, after the first attack transaction (with a profit of ~$78K), the deployer (0x7baa94) invoked the victim contract's 'emergencyWithdrawUSDT' function multiple times, each for a small amount rather than withdrawing all the funds at once. This allowed the attacker to make small, repeated profits, ultimately accumulating to $140K. First attack TX: app.blocksec.com/explorer/tx/bs… Subscribe to BlockSec Phalcon today to get alerted in realtime and take automatic actions to protect your assets. blocksec.com/phalcon

.@OnyxDAO was attacked, resulting in a loss of nearly $4M. The root cause was unverified user input during the liquidation process. Specifically, key parameters of the liquidateWithSingleRepay function in the NFTLiquidation contract were controllable by the attacker, allowing manipulation of the extraRepayAmount variable through the repayAmount parameter. By exploiting this, the attacker was able to liquidate all collateral with just one token. The key attack steps are summarized as follows: 1. The attacker first deposited oETH and borrowed various assets to reach the liquidation threshold. Simultaneously, they created a new contract that, through a donation attack and precision loss (inherent from the Compound V2 fork), reduced the oETH exchange rate, making the attacker's position eligible for liquidation. 2. The attacker then performed the liquidation. Due to insufficient parameter validation, the attacker manipulated the extraRepayAmount variable, which was added to the calculation of how many tokens needed to be liquidated. This allowed the attacker to obtain more oETH through liquidation, leading to a profit. Attack Tx: app.blocksec.com/explorer/tx/et…

My [DAY 2] in @EthCC 2024 I had a wonderful discussion with other researchers and engineers about DeFi security/security methods ~ Especially thanks: - @JohnJsy0216 from (@Uniswap), - Jeff from (@hackthedefi) - @ZainanZhou from (@namefi_io) - Rob from (@EthereumRemix)

🌟 Excited to support @DeFiHackLabs!

👏Happy to partner with @hackthedefi. Let's secure #Web3 together 🤝

魔改 $ORE 挖矿狂赚 35万美元 的复盘帖子， @hackthedefi 牛逼！

FuzzLand (@hackthedefi) has established a strategic alliance with @chainlinklabs. This alliance helps #ChainlinkBUILD members access FuzzLand's all-in-one onchain contract security platform, enabling projects to move faster while staying secure. medium.com/fuzzland-blog/…

📢Announcement Time 📢 We're very excited to be working with @chainlinklabs to bring our on-chain security solutions to #ChainlinkBUILD members to help Web3 #builders safeguard dApps and innovate with a peace of mind. Read more in our blog here: medium.com/fuzzland-blog/…

Excited to announce our collaboration with the brilliant minds at @hackthedefi to fortify our Staking SC's security 🤖 Stay tuned for the final results, paving the way for the much-anticipated "XOX Native Staking" event ⚖️

That is exactly what we @hackthedefi are working on: - LLM-based Invariant Synthesis - LLM-guided Fuzzing - LLM-based Test Harness Synthesis 🧵

#PeckShieldAlert The #WazirX exploiter-labeled address has already laundered this batch of 5K $ETH (worth ~$11.6M) via #TornadoCash The #WazirX exploiter-labeled addresses have laundered a total of 37.6K $ETH (worth ~$87m) via #Tornadocash so far

#PeckShieldAlert The #WazirX exploiter-labeled has already laundered 4.9K $ETH via #TornadoCash The #WazirX exploiter-labeled addresses have laundered a total of 57.5K $ETH (worth ~$152.4m) via #Tornadocash so far

#PeckShieldAlert The exploiter-labeled #WazirX address has moved the 11th batch of 5K $ETH (worth ~$13.2M) to a new intermediary address, 0x0641...7b4a