Smart Contract Audit | Security Monitoring | AML/CFT (KYA/KYT) | Crypto Investigation | @Phalcon_xyz @MetaSleuth @MetaDockTeam 👉TG: t.me/BlockSecTeam

We blocked an attack on @ParaSpace_NFT and rescued 2900 eth. Please contact us asap. Dmed 45 minutes ago but get no response.
136
117
842
341,868
We help @Platypusdefi recover 2.4M USDC from the attacker contract successfully! BlockSec will always be here to secure the whole ecosystem.
34
71
596
129,599
.@KyberSwap was exploited due to tick manipulation and double liquidity counting. In summary, the attackers borrowed a flash loan and drained the pools with low liquidity. By executing swaps and altering positions, they manipulated the current prices and ticks of the victimized pools. Ultimately, the attacker triggered multiple swap steps and cross tick operations, resulting in double liquidity counting and consequently draining the pools.
Kyber being exploited on all chains rn. here's an example tx on base. 20m+ lost already
12
101
414
216,197
Our initial analysis of the Cream Finance attack: tx.blocksecteam.com/tx/0x0fe… @Mudit__Gupta @banteg @CreamdotFinance
21
120
418
1/ @samczsun explained that the attacker exploited the vulnerability in mev-boost-relay to drain MEV bots. After digging into the attack, we have two more findings. First, the attacker used a honeypot tx to lure MEV bots. Second, the honeypot tx has a self-protected mechanism.
Dusk for sandwich bots? A few top mev bots were targetted in block etherscan.io/txs?block=16964… @peckshield @BlockSecTeam @bertcmiller @samczsun @bbbb
14
101
335
111,908
1/ Exploits on chain are growing at an alarming rate. Here's how #BlockSec responds when an attack occurs and the secret weapons we deploy to analyze incidents quickly and accurately.
7
132
187
56,016
1/ Alert | BlockSec detected that exploiters are replaying the message (calldata) of the PoS chain on @EthereumPow. The root cause of the exploitation is that the bridge doesn't correctly verify the actual chainid (which is maintained by itself) of the cross-chain message.
18
90
283
1/ The key to the success of the Tornado Cash DAO attack is that 1) blindly vote -- vote without knowing the consequence; 2) a proposal contract can be updated through a well-designed trick -- create and create2. Click to see the detailed attack steps: docs.google.com/presentation…
9
69
258
73,818
Euler exploiter just returned 51000 Eth to Euler finane. Still some Ethers are remaining in the exploiter account.
11
43
240
152,240
Please note that this reentrancy issue is associated with the use of 'use_eth', which could potentially place the WETH-related pools in jeopardy! @CurveFinance , please DM us if you need any help.
Another attack cause the loss ~$14m! explorer.phalcon.xyz/tx/eth/…
29
54
217
199,454
Looks like an MEV bot has been attacked(tx.blocksecteam.com/ETH/0x6c…) due to the lack of a check for the sender. @Mudit__Gupta
9
32
211
Please revoke approval to 0x1231deb6f5749ef6ce6943a275a1d3e7486f4eae (LI.FI: LiFi Diamond) asap! @lifiprotocol
48
101
180
277,935
Hey, @0xsifu We have successfully blocked an attack transaction and rescued 100 Ether. Please get in touch with us.
23
10
192
96,157
Our system monitored that @eulerfinance is being attacked. Please take action! phalcon.blocksec.com/tx/eth/…
16
84
163
311,098
1/ There is a flawed logic in borrow() of the ParaProxy contract (0x638a) of @ParaSpace_NFT . The attacker can borrow more tokens as his scaledBalance will be enlarged by depositing into the position of the proxy (0xC5c9), i.e., specifying the _recipient of depositApeCoin().
We blocked an attack on @ParaSpace_NFT and rescued 2900 eth. Please contact us asap. Dmed 45 minutes ago but get no response.
4
38
165
157,282
Unibot @TeamUnibot was reported to be hacked. As the code is not open-sourced, we suspect that there is a lack of input validation of the function 0xb2bd16ab in the 0x126c contract, which allows an arbitrary call. Therefore, an attacker could invoke 'transferFrom' to transfer out tokens approved to the contract. DO revoke the approvals ASAP.
4
53
159
184,625
.@AaveAave the latest upgrade of ReserveInterestRateStrategy in Aave V2 (Polygon) has caused a temporary halt of the protocol, impacting assets worth ~$110M! The root cause is the new ReserveInterestRateStrategy is only compatible with Ethereum, not compatible with Polygon.
found a governance issue in Aave V2 impacting the Polygon Aave V2 Pool, causing USDT/BTC/ETH/MATIC assets worth up to 120 million to become inaccessible. gist.github.com/mookim-eth/7… @AaveAave
15
42
167
192,335
Indeed, smart contracts compiled using Vyper versions 0.2.15, 0.2.16, and 0.3.0 are vulnerable, which can lead to the failure of the reentrancy guard.
A number of stablepools (alETH/msETH/pETH) using Vyper 0.2.15 have been exploited as a result of a malfunctioning reentrancy lock. We are assessing the situation and will update the community as things develop. Other pools are safe.
6
58
162
119,559
1/ We are thrilled to launch a powerful transaction explorer: Phalcon (phalcon.blocksec.com/), which aims to provide comprehensive data on invocation flow, balance changes, and fund flows. Currently, it supports #Ethereum, #BSC, and #Cronos.
9
38
163
Phalcon has released the biggest update yet! 🎉 Here's what's new. - Source code view directly shows the source code, parameters, and return values along with the trace. - Fund flow chart intuitively shows the Token transfer in a transaction. Let's deep dive into transactions!
6
39
116
25,701
1/ We are thrilled to release Rustle (github.com/blocksecteam/rust…), the first automatic auditor for @NEARProtocol community. @PagodaPlatform @proximityfi blocksecteam.medium.com/rust…
4
54
134
We knew that @SushiSwap RouteProcessor2 was attacked. We evaluated possible damages in the past few hours and made this public only after we think it's safe : users' assets are always our first priority. Btw: we rescued part of them and will release the details later.
9
18
129
76,134
Excited to be the ecosystem security partner for @Ancient8_gg! 🎉 We are currently partnering with Ancient8 for auditing, with more security-focused collabs in the pipeline. Ancient8 aims to empower the next 100 million Metaverse citizens, and BlockSec is here to secure their journey. 🛡 #Blockchain #Security #Web3Gaming #SecurityAudit
71
42
64
5,047
We observed that the #Euler attacker 0xb66cd966670d962C227B3EABA30a872DbFb995db is returning money to Euler finance now. 3000 Ether was returning so far.
10
21
129
109,728
1/ We have analyzed the recent @Platypusdefi attack and found that the attacker made a mistake in the first attack transaction, which prevented the attacker from withdrawing the profits. Here is the full story. Thanks, @spreekaway for pointing out this direction.
2
22
124
32,954
Splendid explanation! Security is the top priority for DeFi. Together we can build a safer DeFi community.
In a dazzling reverse hack, a substantial chunk of the Playtpus hack stolen funds have been recovered. Here's how it worked: (1/4)
6
12
123
15,504
🎉Phalcon now supports #Avalanche C-Chain @avalancheavax! * Latest transactions since block height 20876888 are available. Old transactions are importing and should be available later * Now we support #ETH #BSC #Cronos #Avalanche Try this transaction: phalcon.blocksec.com/tx/avax…
4
33
112
1/ the attack to the @ElephantStatus is a traditional price manipulation attack. We will use the following transaction(versatile.blocksecteam.com/t…) to illustrate the process. @defiprime @bbbb @Mudit__Gupta @banteg
9
34
113
1/ @SturdyFinance was attacked and the loss is ~442 ETH. The root cause is due to the typical Balancer's read-only reentrancy, while the price of B-stETH-STABLE was manipulated!
3
25
107
34,109
Thrilled to announce our proposal has been supported by a grant from Uniswap Foundation @UniswapFND ! Our static analyzer will support the secure operations of Uniswap v4. 🦄 The new "Hooks" feature in #Uniswap v4 significantly enhances the extensibility and flexibility of pools, while also posing certain challenges for contract security. In this grant, we will provide a static analyzer to identify vulnerabilities and malicious behaviors in Uniswap v4 hook contracts, allowing developers and auditors to take preventative measures. 🧑‍💻 It can significantly enhance the overall security of the system and give users more confidence when interacting with pools. In addition, we will soon post 3 articles looking into the "malicious design space" of hooks and our solutions. Stay tuned! 🦾
6
19
97
24,777
Hey @LefterisJP, your blame is unfair. There are some facts you did not know. - We located this WETH pool (0x8301) issue at 17:10 UTC on July 30. Unfortunately, we cannot DM @CurveFinance on Twitter because their DM is not allowed. So we shared this finding with a trusted channel and asked him to help forward this finding to the protocol at 17:16 UTC. After that, we actively monitored this pool for any suspicious activities. - Two hours later, at 19:08 UTC, unfortunately, our internal system reported an attack on this pool. This means attackers have also located the same issue and successfully launched the attack. - We need to ensure the protocol and, more importantly, users know this new issue and take action asap to save funds. What’s our choice here? Being an ostrich and putting the head into the sand did not help – attackers have already taken action and will NOT stop. We decided to alert the community and the protocol to take action – the Twitter thread you saw (posted at 19:59 UTC). - Ten minutes later, we got a response from the trusted channel and were notified that "we knew the issue" and tried to rescue but "weren't fast enough". We always stand with the users and help protect the community. Our records of saving and recusing users' funds have spoken for ourselves. We are sorry if you lose your money in the security incident. But your blame on a team trying to help the community is unfair.
You either need to be an idiot or outright malicious to tweet out potential vulnerabilities @BlockSecTeam while there is an ongoing incident Adding screenshots and asking the potential victim to DM you? IN A PUBLIC TWEET? I wont even quote your tweet/s but what the actual fuck?
33
14
103
167,850
Alert! All projects that rely on the following Syncswap code need to be vigilant. @syncswap @zksync github.com/syncswap/core-con…
We are assisting @Era_Lend to this issue, and the root cause has been identified. The total loss is ~$3.4M. Specifically, this is a read-only re-entrancy attack. Another attack tx is: explorer.zksync.io/tx/0x7ac4… Attacker address: 0xf1D076c9Be4533086f967e14EE6aFf204D5ECE7a
13
38
99
68,251
1/ @iearnfinance was hacked with two consecutive attack transactions. The root cause is due to an (on-purpose?) misconfiguration which makes the rebalance of the pools rely on an incorrect underlying token. This misconfiguration has been there for more than three years.
4
24
100
33,659
1/ We confirmed that both @paraswap deployer address (0x490ce4616672e93b1c8f5e43aa80312fd73dee8c) and @curve deployer address(0x07a3458ad662fbcdd4fca0b1b37be6a5b1bcd7ac) are vulnerable to the profanity vulnerability. The private keys can be recovered.
1/ Hi @paraswap ,I heard that you want to see this? your deployer address private key may have been compromised (possibly due to Profanity vulnerability) and funds have been stolen on multiple chains. etherscan.io/tx/0xe7f2bd3a36…
8
27
104
1/ The PolyNetwork was attacked. There are multiple attack transactions. The attacker first locked a small number of tokens on the source chain and then unlocked more tokens on the destination chain.
5
25
98
36,349
1/ @eulerfinance is attacked. The root cause is due to the lack of liquidity check in the function donateToReserves() phalcon.xyz/tx/eth/0xc310a0a… See the detailed attack steps below.
Our system monitored that @eulerfinance is being attacked. Please take action! phalcon.blocksec.com/tx/eth/…
8
29
90
83,616
We are thrilled to announce Phalcon's new feature Transaction Simulation is live for ETH. You can simulate arbitrary transactions on ANY position in ANY block, and instantly get complete traces/events and balance changes. Fly with Phalcon! phalcon.blocksec.com
2
22
94
1/ @Pawnfi was attacked in a furry of transactions (e.g., explorer.phalcon.xyz/tx/eth/…) The root cause for the attack is that the protocol failed to verify whether the NFT had actually been transferred when users used a specified NFT as collateral for borrowing.
6
20
96
33,527
1/ RouteProcessor2 @SushiSwap has a vulnerability that can drain accounts that approved to this contract. Our system immediately detected the attack attempt to @0xsifu and rescued some funds. Unfortunately, some other funds cannot be rescued. docs.google.com/spreadsheets…
5
21
93
31,334
.@LeetSwap on $Base was attacked, and the loss was over 340 ETH. The attacker abused the public _transferFeesSupportingTaxTokens function to manipulate the pool: 1. Swapping $WETH for another token A. 2. Invoking the _transferFeesSupportingTaxTokens function to transfer token A, and subsequently invoking the sync function, causing the price of token A to increase. 3. Swapping token A for $WETH and draining the pool. The attacker (0x705f) launched several attacks, targeting multiple such pools. The profits reaped from these exploits were then transferred to another address (0x5b03).
A public _transferFeesSupportingTaxTokens function?
3
23
96
29,795
The @Hope_money_ on Ethereum was subjected to an exploit due to a precision loss issue. There have been several such attacks recently. We advise developers to review these incidents and promptly conduct self-checks. Here are the details:
On October 18, 2023, at 11:48:59 AM +UTC, the HopeLend protocol fell victim to a hacker attack. It is important to note that the hacker did not profit from this attack. The attack resulted in a loss of approximately 528 ETH, out of which 263.91 ETH were bribed by the frontrunner to a Validator (managed by Lido). The exploit frontrunner eventually profited by 264.08 ETH. Currently, we are actively reaching out to the parties involved and recovering the related assets. It is crucial to emphasize that all protocols deployed on Hope.money are independent and will not impact the various other products and protocols currently live on the platform, including HopeCard、HopeSwap and $HOPE. We are committed to ensuring the protection of the affected users' rights, and the corresponding funds remain secure. We sincerely appreciate the continued support and trust from the Hope community. We will provide updates as information becomes available.
3
27
92
33,351
1/ How is a honeypot contract trapped by an MEV bot The defi_game(etherscan.io/address/0x18a21…) is a honeypot contract. If the player can guess the answer to the question, he/she will get the Ether inside the contract. @Mudit__Gupta
4
23
82
1/ @ZunamiProtocol was hacked, and the loss is over $2M. It is a price manipulation attack that dues to the flawed calculation of the LP price, i.e., within the totalHoldings function of strategies like MIMCurveStakeDao where sdt and sdtPrice were artificially inflated.
2
18
83
26,939
1/2) Our monitoring system alerted that SashimiSwap @SashimiSwap was attacked (both Ethereum and BSC). and we confirmed that it is due to the bad logic of the swap function, which ALWAYS use the first pair to calculate the balances. @banteg @defiprime versatile.blocksecteam.com/t…
5
21
89
Well, besides public mint, public burn, public oracle, we now have public safeTransferFrom ...... @Mudit__Gupta
8
11
83
1/5) Yesterday, we reported the attack towards the Visor project (@VisorFinance). We deleted the twitter later due to the raised concern that the disclosed information could be abused to attack others. Then we confirmed that other pools are safe (also confirmed by @samczsun).
12
20
78
🦅We are thrilled to announce a significant upgrade to Phalcon (phalcon.xyz). 1/ Debug Capability: Phalcon now can dive into the function level analysis with the view of source code, corresponding internal/external function calls, and the concrete parameter values.
5
15
80
23,878
The exploiters use @ankr 's deployer address to replace the $aBNBc contract's implementation. Afterward, use the new added backdoor function (0x3b3a5522) to mint $aBNBc token. The following chart shows the exploiters' fund flow generated by MetaDock with one-click.
. @ankr private key compromised? Deployer uses the privilege to mint token to the exploiter. phalcon.blocksec.com/tx/bsc/…
3
27
82
As a blockchain security firm, it’s our natural duty to protect users’ assets and safeguard the web3 world for its long-lasting prosperity. However, recent events have led to discussions about the attack alert rule and procedure. We feel called to stand up and openly share our upgraded attack alert policy with the community, with careful consideration about the balance between transparency and trust. 1) The first alert should contain enough information to alert the community, including the affected protocol and the number of potential losses. This can tell the community who is affected and the severity of the attack. In most cases, an attack tx will NOT be included in this alert – to prevent such information from being abused. 2) Actively monitor the affected protocols and contact the project with trusted channels to share detailed information, like tx hash and root cause – to help them fix the protocol. Of course, at the same time, respond to the inquiries from LPs of affected protocols and provide necessary help if necessary. 3) Publicly release the root cause analysis later when the affected contract is safe. Root cause analysis is a useful resource for the community. 4) Last but not least, we call on the community to unite together to make the Web3 world safe and prosperous. Note that such a policy applies to the attack in the wild. For the zero-day vulnerability that has not been exploited, the detailed information should be kept confidential and reported to affected protocols. We understand different people may take different perspectives on one thing. And we are open to the community's voice and think for the public good.
4
14
83
53,480
1/@Level__Finance was reported to be hacked due to the lack of checks of repeated items for the array argument of the vulnerable function. Note that the hacker first tried to make a preparation but failed several times 7 days ago, and finally made it before launching the attacks.
4
24
73
18,748
The @ExactlyProtocol has been paused. It's time to review the attack. The root cause is #insufficient_check. The attacker was able to bypass the permit check in the leverage function of the DebtManager contract by directly passing a fake market address without validation, and changing the _msgSender to the victim address. Then, in the untrusted external call, the attacker reentered the crossDeleverage function in the DebtManager contract and steal the collaterals from the _msgSender. #BlockSec_AttackAnalysis Here is one of the attack tx: explorer.phalcon.xyz/tx/opti…
#PhalconAttackAlert @ExactlyProtocol got hacked with~$7.3M loss by now. Join Phalcon Block Waitlist, get precise alert before attack tx was executed, take automatic actions to fight hackers back. 🦾 phalcon.xyz/block/?waitlist=…
6
25
79
22,552
The strategic partnership between BlockSec Phalcon and @puffer_finance is set to elevate the entire #Restaking field to new heights of security standards. 🙌
👏 We're excited to announce a new level of partnership with @puffer_finance. We are integrating our Phalcon platform into Puffer’s protocol to enhance their security measures.
5
11
57
25,176
Currently, the total loss is ~$28m on ETH and $73K on BSC. Here is the attack list: docs.google.com/spreadsheets…
Indeed, smart contracts compiled using Vyper versions 0.2.15, 0.2.16, and 0.3.0 are vulnerable, which can lead to the failure of the reentrancy guard.
1
25
73
62,177
1/ @dForcenet attacked in both @arbitrum and @optimismFND . The root cause is the well-known read-only reentrancy in the curve pool.
3
16
71
22,170
Our monitoring system detected that multiple pools related to @RariCapital @feiprotocol were attacked, and lost more than 80M US dollars. The root cause is due to a typical reentrancy vulnerability. @defiprime versatile.blocksecteam.com/t…
18
33
73
💡 Curious about how #PufferProtocol keeps its funds secure? Check out BlockSec's deep dive into its access control architecture! blocksec.com/blog/demystify-… Understand the roles, smart contracts, and strategies for managing over $900M assets. Knowledge is power! @puffer_finance @pufferfi_cn
6
14
62
20,227
2/ The total loss in four attack transactions is around 177M USD. see the link: docs.google.com/spreadsheets…
5
20
77
68,469
🚀 We're thrilled to introduce Phalcon Fork, a cutting-edge toolkit for Web3 developers & security researchers! It enables collaborative testing with private mainnet states, creating private chains forked from any mainnet position. #Web3 #DeFi
10
17
79
24,879
3/ The exploiter (0x82fae) first transferred 200 WETH through the omni bridge of the Gnosis chain, and then replayed the same message on the PoW chain and got extra 200 ETHW. As a result, the balance of the chain contract deployed on the PoW chain would be drained.
7
6
61
It’s a ridiculous logic. The Vyper officially announced the affected versions on UTC 16:44 July 30, and Curve confirmed at 16:45. After that, three attacks happened between 19:08 and 22:00. Do you think these exploits might have been white hacked if they hadn't tweeted and confirmed the vulnerable Vyper versions? Prejudicially blaming others does not make anyone look any better. The attack timeline comes from @tayvano_'s Twitter.
Gotta wonder if some of yesterday's exploits might have been white hacked in time if multiple "auditors" like @SupremacyHQ and @BlockSecTeam hadn't tweeted which Vyper versions were affected when a team was working hard to keep it under wraps. Shameful behaviour.
6
15
76
37,918
A bot was attacked due to the lack of access control of a public function 0xf6ebebbb, which could be exploited to manipulate swaps in Curve pools. The loss was ~$2M. Hence the attacker could first abuse the flawed function to pump the asset price (e.g., WETH) and then make a reverse swap to make a profit. explorer.phalcon.xyz/tx/eth/…
5
18
57
11,295
This 'attacker' (a $14m profit) is funded from @binance, whitehat? Please check it @cz_binance metasleuth.io/result/eth/0xb…
Another attack cause the loss ~$14m! explorer.phalcon.xyz/tx/eth/…
2
13
64
16,142
📢 Attention, DeFi projects! Secure your protocol's entire lifecycle with BlockSec🛡️. From pre-launch security audits to post-launch attack monitoring and blocking (Phalcon), we've got you covered. Learn more about our full-stack security solution at blocksec.com/blog/new-websit….
12
7
50
53,027
1/ We are thrilled to announce the industry-leading transaction pre-execution service - Mopsus. Mopsus aims to help users understand transactions before signing. mopsus.blocksec.com/
5
19
68
.@raft_fi protocol on Ethereum was attacked due to a precision loss issue. The loss amounted to ~1577 Ether. However, the attacker mistakenly burnt 1570 of them, ultimately resulting in a net profit of -4 Ether after accounting for costs such as gas fees. The attacker initially donated 1,061 cbETH into the IRPM contract and subsequently liquidated his position (created in this transaction: explorer.phalcon.xyz/tx/eth/…), which resulted in manipulation of the collateralIndex. Following this (explorer.phalcon.xyz/tx/eth/…), the attacker repeatedly increased his position by 1 collateral, receiving 1 share each time. It's important to note that the mint function in the rcbETH-c contract uses rounding up to calculate the number of shares to be minted. Due to this precision loss issue, the attacker received 1 share instead of the expected 0 shares when minting. The attacker subsequently redeemed all the cbETH he had paid. Finally, the attacker borrowed an extra 6,705,028 R tokens as profit.
2
20
57
17,811
1/ Our system monitored that @0vixProtocol on Ploygon was hacked, and the loss is around $2M. The root cause is due to the flawed price calculation of a deflation token. explorer.phalcon.xyz/tx/poly…
4
24
66
36,980
Hey, @ParaSpace_NFT dmed you guys 45 minutes ago but got no response. Please contact us asap.
2
6
69
18,195
Yesterday, our system detected an attack on the @hypr_network's OP Stack Bridge. We promptly reached out to their team to share our findings. As always, we are glad to help:) Now that the team has taken actions and disclosed it publicly, we'd like to provide some insight into the vulnerability. The root cause was that the attacker managed to circumvent the 'finalizeERC20Withdrawal' function check by reinitializing the contract, due to the existence of the 'clearLegacySlot' modifier. Attack Tx: explorer.phalcon.xyz/tx/eth/… Note that the vulnerability was patched by the OP team after the contract had been deployed: github.com/ethereum-optimism…. This incident underscores the importance of the community working collaboratively to refine the process for releasing security patches, which will undoubtedly benefit us all.
📢Hypr's OP Stack Bridge experienced an exploit on Dec 12th, 2023. This postmortem details the incident. Post Here: hypr.network/articles/incide… TLDR; ⚡️Hypr’s OP Stack Bridge experienced an exploit. This does not affect $hypr holders. ⚡️2 Users were affected, with a total of 2.57M Hypr drained and sold in the open market, creating a massive decline in price. ⚡️Hypr used the most recent version of the develop branch of the OP monorepo at the time of deployment. Unbeknownst to us, this was not a production-ready branch and at the time contained a critical vulnerability which had yet to be patched. SEQUENCE OF EVENTS 7:48 PM PST: We received an alert that something unusual was happening on the Hypr Bridge. This event was followed by massive selling and price dropping. 8:09 PM PST: We tweeted an announcement, informing users not to use the bridge. At the same time, we shut off access to the bridge so no users could use it. 8:31 PM PST: All-hands on deck to confirm what was happening. We determined that our bridge was exploited and the 2.57M Hypr that was bridged by 2 users was being drained and then sold in the open market, causing price to massively drop. 9:12 PM PST: We opened up a war room chat with @samczsun, other security researchers, the Optimism team, and our developers. We quickly identified the root cause. THANK YOU We want to personally thank @samczsun @SlowMist_Team @BlockSecTeam OP Labs, and others that helped us in the war room to get to root cause. We also want to thank the Hypr community for your patience the last several very difficult hours. Thank you. NEXT STEPS We are working with the OP Labs team to get the most production-ready and safe branch for the bridge. We will put that bridge under heavy testing, auditing, and want to have confidence that users are 100% safe.
2
14
50
16,802
Say NO to hacks, today is the day! Phalcon Block is here to protect you all. 🦅
📢 We are thrilled to announce the launch of Phalcon Block, the world’s first crypto hack blocking system! We welcome you to book a demo at phalcon.xyz/bookDemo. You must be wondering: what is Phalcon Block? How can I benefit from it? Let's get started. 👇 #PhalconBlock
2
12
39
6,528
1/ BitKeep’s @BitKeepOS (unverified) contract (0x75eb on BSC) was hacked. Looks like its function allows the attacker to execute an arbitrary call, i.e., both addr & function signature can be specified in the calldata --- then tokens approved to the contract were transferred out.
2
15
65
Glad to help @ParaSpace_NFT recover the fund and appreciate the transparency in the whole process. Long term collaboration is on the way to help secure the project and the whole ecosystem.
Thank you again to @BlockSecTeam and their exceptional assistance in ensuring the security of the ParaSpace platform. We received the 2,909 $ETH that the @BlockSecTeam recovered and awarded them a 5% bounty. Key updates you need to know RE our security patch/overhaul 🪡
1
7
62
12,800
🚨@starsarenacom has been exploited. Since it is not open source, we suspect that some key configurations have been manipulated due to a re-entrancy issue. They forked @friendtech 's code, but the issue is in the new/edited parts.
#PhalconAttackAlert @starsarenacom got hacked with~$2.9M loss. Join Phalcon Block Waitlist, get precise alert before attack tx was executed, and take automatic actions to fight hackers back. 🦾 phalcon.xyz/block/?waitlist=…
5
27
67
26,943
Woo, you can simulate a transaction directly on @etherscan now, powered by @MetaDockTeam.
1/5 MetaDock's hidden gem? Transaction Simulation powered by @Phalcon_xyz 🚀. You can pre-execute or simulate any transaction using MetaDock. E.g., before minting an NFT, quickly gauge the right gas limit and costs with MetaDock's Simulation feature. But how? ⬇️
2
15
67
12,750
🎉 Exciting news! BlockSec has partnered with @Conflux_Network to provide top-notch security services and insightful tools for the Conflux ecosystem. 💪 Together, we are committed to creating a more secure and robust on-chain network. 🚀 #blockchainsecurity #Conflux #BlockSec
2
15
55
19,789
DeFi Attack | Our monitoring system reported that $ROI (Ragnarok Online Invasion) was attacked (tools.blocksec.com/tx/bsc/0x…), and the loss is around 157.98 BNB (44,222.5 BUSD). It is a typical access control vulnerability of ownership transfer. #DeFi #BSC
19
9
65
We are assisting @Era_Lend to this issue, and the root cause has been identified. The total loss is ~$3.4M. Specifically, this is a read-only re-entrancy attack. Another attack tx is: explorer.zksync.io/tx/0x7ac4… Attacker address: 0xf1D076c9Be4533086f967e14EE6aFf204D5ECE7a
Looks like @Era_Lend exploited on zkysnc for $1.7m USDC
1
15
57
72,002
1/ The Binance cross-chain bridge has been attacked. The root cause is due to the vulnerability in the message verification, as reported by @samczsun (nitter.app/samczsun/status/157816…). In fact, bridges have been valuable targets for attackers. The figure shows the representative ones.
Five hours ago, an attacker stole 2 million BNB (~$566M USD) from the Binance Bridge. During that time, I've been working closely with multiple parties to triage and resolve this issue. Here's how it all went down.
4
18
60
This is a killer feature for (security) researchers, you can now view private variables on Etherscan. Thanks to @MetaDockTeam. Install the MetaDock extension and enjoy the feature now.
4
10
62
17,708
The sheet updated. Losses have already ~$41m! docs.google.com/spreadsheets…
Currently, the total loss is ~$28m on ETH and $73K on BSC. Here is the attack list: docs.google.com/spreadsheets…
1
16
60
28,334
All of our rescued funds have been returned to @0xSifu etherscan.io/tx/0xe9af60755f…
Hey, @0xsifu We have successfully blocked an attack transaction and rescued 100 Ether. Please get in touch with us.
4
4
59
30,352
2 weeks ago, @Balancer and its fork @beethoven_x sufferd attacks, with total losses ~$2.1M. The subtlety of the bug and its exploitation have remain under-analyzed. In this report we deliver a comprehensive community-engaging analysis. blocksecteam.medium.com/yet-…
3
18
56
31,997
1/ Rumors said that everyone could hack the Ethdev contract (0xde0b295669a9fd93d5f28d9ec85e40f4cb697bae -- with $532M). Lots of trials have been observed to change the owner of this contract. We will use Phalcon's simulation to tell you the truth that the contract is NOT hacked.
1
9
58
1/ Hey community, we have been performing a whitehat rescue of vulnerable addresses generated by the vanity tool for a few days. Even though our optimized algorithm can recover a private key in 2 to 30 minutes, we still need more time to search for vulnerable addresses.
8
9
62
Happy to be the security parter of Stratos @Stratos_Network. BlockSec has audited a couple of representative projects in the #Cosmos ecosystem @cosmos. Work with Stratos is one step further to commit to the Cosmos ecosystem.
🎉 We’re thrilled to announce that Stratos will work with @BlockSecTeam for security auditing. 🔒 Their innovative research, vast project experience, and reliable security services will help pave the way for the successful launch of the #Stratos Decentralized Storage Mainnet.
8
51
8,277
oops, @safemoon has been attacked due to a public burn issue (in 2023!!) with a loss of around 8M. The original attack tx (0xbcf5e30c164837b5d7c42fd7e33e47a0072dc014e7f0a67aa7710af49d0ce53b) was front-run by an MEV bot. phalcon.xyz/tx/bsc/0x48e52a1…
4
12
54
11,042
.@MidasCapitalXYZ has been exploited with losses ~$600K. The Midas is a fork of Compound and this attack is similar to @HundredFinance and @SiloFinance (the vulnerability disclosed today). Here's an attack transaction: explorer.phalcon.xyz/tx/bsc/…
3
14
53
13,432
Hey community, we are performing a whitehat rescue. We cannot share the details at the current stage (to protect the users from being attacked), but we have documented it in a pdf file (md5: 286b4c040bda356eb685c2ec24d575e0). We will release this pdf when the rescue is done.
2
12
58
1/ @skywardfinance was attacked by explorer.near.org/accounts/5… in transaction explorer.near.org/transactio…. The loss is more than 1M $NEAR Tokens. @NEARProtocol
2
18
54
1/ BlockSec handpicked ten security incidents in 2023, each with a unique reason. Some featured "innovative' attack strategies; some led to significant financial losses, and some exploited previously unknown attack surfaces. blocksec.com/blog/top-ten-aw…
1
12
49
8,445
the root cause of the Popsicle Finance attack 0xcd7dae143a4c0223349c16237ce4cd7696b1638d116a72755231ede872ab70fc
2
19
58
.@Wise_Lending has been attacked (notable white-hat c0ffeebabe.eth managed to front-run successfully), and the Pool has been drained. In this incident, the attacker exploited two issues to successfully carry out the attack: 1. Manipulating the value of each shares through 'Donate'. 2. Using precision loss to lead 'withdrawShares' to 0 and withdraw the donated WBTC. Here is the transaction of the attack: explorer.phalcon.xyz/tx/eth/…
2
9
53
16,945
🚨Security Considerations for Compound Fork protocols: 1. Be careful for extreme situations, e.g. market initialization and market illiquidity. 2. Markets should reserve a small amount of shares upon market initialization to prevent manipulation. 3. Conduct strict auditing for the proposals to prevent malicious proposals. 4. Setup proper monitoring and block system for potential attacks.
The @OnyxProtocol was attacked due to *precision loss vulnerability*. In OnyxProtocol, the oPEPE market was initialized (by proposal 22) shortly before the attack. The attacker minted small shares and donated a large amount of PEPE to the oPEPE market, causing the exchange rate to be biased, and borrowed Ether. Then the PEPE was all redeemed back to the attacker due to the precision loss bug in the redeemUnderlying function. Here is the attack tx: explorer.phalcon.xyz/tx/eth/…
13
39
7,623
.@OnyxDAO was attacked, resulting in a loss of nearly $4M. The root cause was unverified user input during the liquidation process. Specifically, key parameters of the liquidateWithSingleRepay function in the NFTLiquidation contract were controllable by the attacker, allowing manipulation of the extraRepayAmount variable through the repayAmount parameter. By exploiting this, the attacker was able to liquidate all collateral with just one token. The key attack steps are summarized as follows: 1. The attacker first deposited oETH and borrowed various assets to reach the liquidation threshold. Simultaneously, they created a new contract that, through a donation attack and precision loss (inherent from the Compound V2 fork), reduced the oETH exchange rate, making the attacker's position eligible for liquidation. 2. The attacker then performed the liquidation. Due to insufficient parameter validation, the attacker manipulated the extraRepayAmount variable, which was added to the calculation of how many tokens needed to be liquidated. This allowed the attacker to obtain more oETH through liquidation, leading to a profit. Attack Tx: app.blocksec.com/explorer/tx…
3
17
53
8,063