A crypto tracking and compliance platform for everyone. Built by @SlowMist_Team
Web3 Security
- Tweets 2,488
- Following 230
- Followers 25,145
- Likes 2,082
Pinned Tweet
We won the Gold Award in the FinTech (RegTech: Regulatory and Risk Management) at the #HKICT Awards 2025! 🏆
1/ 🎉 On Nov 21, 2025, at the #HKICT Awards in Hong Kong, SlowMist’s blockchain AML tracking system @MistTrack_io won the Gold Award in the FinTech (RegTech: Regulatory and Risk Management)! 🏆
📸 SlowMist Partner & CPO——Keywolf joined government, regulators & industry leaders to witness this milestone.
HKICT Awards, established in 2006, is one of Hong Kong’s most recognized tech awards, organized by the Gov Digital Policy Office.🇭🇰
10
14,664
New Inferno Drainer Address: 0x3444dc2ee8404284d081e7f826af3b35bc012ac3
Are you guys consolidating so it's easier to return funds to your victims?🥹
2
16
13,327
Talk about a fast turn around
This incident happened almost an hour ago and the scammer has already converted the funds to ETH and spread it among various addresses.
Here's the scammers addresses incase any exchanges wanna add them to their blocklist:
0xCc2aF91C8CD6E476E4370e7D44DF11d745B35d44
0xd24F531fd7b834054C91A6E584256633f2Fe7a70
0xd8fcC9dEc51314320C5A11DDEf09d78B9BBe0a14
0x3Be2aAEbd6fE5Dfd5e13185B927Ea8Bc6DdD301d
2
1
7
2,545
Guys there's something called the Whitelist. It takes less than a minute and it could l LITERALLY save you thousands or more in funds.
Here's how you can add it on @MetaMask:
1. Once you login, click the 3 dots on the top right side
2. Next, you'll click on Settings
3. Then Contacts
4. Add Contact
And that's it. It's that simple. If you wanna know how to add whitelist for other wallets, leave a comment below.
If the wallet you're using doesn't have a whitelist feature, maybe it's time you switch to a new wallet. 😅
⚠️ Another 2 victims lost $90k to this scam in the past 2 hours.
🚫 Never copy the address from transfer histories.
2
4
14
3,582
📢We launched OpenAPI and #BSC on MistTrack!
To celebrate this event, we’re doing a giveaway of OAT and USDT👇
➡️galaxy.eco/SlowMist/campaign…
🎁MistTrack OAT (Powered by @ProjectGalaxyHQ)
🎁10 Lucky Winners will received $30 USDT each
Deadline: 6/27/22 13:00 (UTC)
70
573
434
Few hours later 3700 ETH and counting
Btw the original hackers address still has over 10K in ETH:
0x58d3b2fd2ce20a7149244d7e34d18b9b55448e7a
A few hours ago, the @WazirXIndia exploiter started depositing funds into @TornadoCash.
At the time of posting, 1600 ETH or equivalent of $3.85M has been deposited and the amount will mostly likely continue to climb afterwards.
The hackers address: 0x2D2906F7C8da32E87064d9E71c98f39B2cEBa968 currently has ~3400 ETH.
Follow us for more updates.
13
1,960
This is a great example of using @MistTrack_io for tracking analysis, thanks to the video maker.👍
Don’t hesitate to join us in the fight against #crypto criminals.✊
piped.video/FDV6SgU2D8o?si=MTjh…
1
1
7
2,672
A few hours ago, the @WazirXIndia exploiter started depositing funds into @TornadoCash.
At the time of posting, 1600 ETH or equivalent of $3.85M has been deposited and the amount will mostly likely continue to climb afterwards.
The hackers address: 0x2D2906F7C8da32E87064d9E71c98f39B2cEBa968 currently has ~3400 ETH.
Follow us for more updates.
8
3,166
You can’t make this up 😅
Earlier today a victim from the @eulerfinance exploit ask the attacker to return the stolen funds
And now the attacker just sent them 100 $ETH.
17
30
264
100,662
📢Hey MistTracker📢
Here’s a quick thread on how to use our Share feature on misttrack.io/
You can now collaborate your investigations with others and share your findings with victims of scams, exploits, or rugpulls.
94
169
179
In an effort to aid in the investigation of the @harmonyprotocol Bridge attack, our team has compiled 350 malicious addresses associated with this attack into a Google Sheet and a Dune dashboard, now accessible to the public.
But first, let's go over the sequence of events.
6
30
132
41,402
⚠️Given the significant amount of ETH already laundered through eXch into BTC, XMR, etc., platforms should tighten risk controls on any funds coming from there.
5
5
130
45,465
🚨Harmony Exploit Update 📰
An address suspected of being associated with the @harmonyprotocol bridge exploit is currently on the move.
Majority of funds were sent to @RAILGUN_Project, a privacy Dapp that uses ZK-SNARK to avoid detection.
dashboard.misttrack.io/addre…
9
34
120
56,173
Scamming the scammer 🤣
It seems like an address associated with the Pink Drainer fell victim to the address poisoning scam.
Pink Drainer: 0x8980ab6d185af9bcc10292d4e91ae4c0b4f14213
Real: 0xEfF0E5244d5C78Ba4DD6bc01082576280558f58A
Fake: 0xEfF0eCD2eB275C3CEE4A17D9B8f101551d58f58A
Can't say we feel bad for them tho 🤣
13
20
110
111,476
Looks like @VitalikButerin made some trades recently, selling 3000 $ETH on @Uniswap for $USDC.
Wonder if the fud is getting to him too?🙃
Btw that's like $4M, so yeah his SIZE is size 😅
11
18
97
🔥Maximize your experience with #MistTrack !
Our comprehensive tutorial video is now available to show you how to effectively utilize the platform.
Get started👉misttrack.io/
22
29
76
54,825
🚨eXch is shutting down🚨
@exchcx has announced it will shut down on May 1st, 2025. The project became the target of a transatlantic law enforcement operation over alleged "money laundering and terrorism" charges. To avoid further risks and protect both the team and the community, eXch has decided to shut down voluntarily.
🔗bitcointalk.org/index.php?to…
🚨eXch is undergoing major changes🚨
@exchcx is about to merge with a company in another jurisdiction, update ToS to warn U.S. users, delist USDT and USDC in favor of DAI, and shift to dynamic and one-time addresses for enhanced privacy.🤔
🔗bitcointalk.org/index.php?to…
1
6
22
30,852
So far more than 8000 wallets and ~$580M were stolen by the following 4 addresses.
Htp9MGP8Tig923ZFY7Qf2zzbMUmYneFRAhSp7vSg4wxV
CEzN7mqP9xoxn2HdyW6fjEJ73t7qaX9Rp2zyS6hb3iEu
5WwBYgQG6BdErM2nNNyUmQXfcUnB68b6kesxBywh1J3n
GeEccGJ9BEzVbVor1njkBCCiqXJbXVeDHaXDCrBDbmuy
13
40
84
🚨MistTrack Alert🚨
North Korean hackers are laundering funds linked to @AtomicWallet Hack.
They deployed two smart contracts about 6 hours ago:
0xe07e2153542Eb4b768B4D73081143C90d25F1d58
0x3c3ed2597b140f31241281523952e936037cbed3.
Let's take a look👇
9
18
76
71,187
After several days of careful data collection and analysis by our team, we are now making the list of hacker addresses public. docs.google.com/spreadsheets…
DEXX Incident Report (as of Nov 16, 9:00 UTC):
We’ve received 590+ reports of stolen funds from the community. After removing duplicates, over 500 unique victims have been identified, with total losses estimated at $13 million (subject to price fluctuations).
Our team is still analyzing the reports, and new submissions continue to be added.
Breakdown of Losses (so far):
• $500K–$1M: 1 victim
• $100K–$500K: 19 victims
• $10K–$100K: 178 victims
• < $10K: 302 victims
Note: This is partial data, and we’ll provide more updates as the investigation progresses.
59
18
68
177,620
🚨MistTrack Scam Alert🚨
@1inch’s discord seems to have been compromised.
‼️phishing 🔗: 1inchio[.]app/rewardsclaim/#
Stay vigilant!
12
4
17
2,875
🚨New Updates on the Harmony Bridge Hack 🚨
On June 23rd of 2022, the Harmony bridge fell victim to a devastating attack that resulted in a loss of approximately $100 million.
In an effort to aid in the investigation of the @harmonyprotocol Bridge attack, our team has compiled 350 malicious addresses associated with this attack into a Google Sheet and a Dune dashboard, now accessible to the public.
But first, let's go over the sequence of events.
2
27
53
39,442
🚨Wormhole network exploiter are also on the move, with 2.9million $USDC newly bridged to a new wallet address on Ethereum, and the initial gas fee were from a prev marked wallet address. More details can be found > dashboard.misttrack.io/addre…
The wormhole network was exploited for 120k wETH.
ETH will be added over the next hours to ensure wETH is backed 1:1. More details to come shortly.
We are working to get the network back up quickly. Thanks for your patience.
2
17
56
48,730
If you are also a victim, you can submit your stolen address to us. aml.slowmist.com/cn/recovery…
158
12
51
232,109
🤗We are thrilled to announce our strategic partnership with @TriathonLab.💫
🥳We're excited to announce our strategic partnership with #MistTrack.
@MistTrack_io is an anti-money laundering tracking system developed by @SlowMist_Team AML. It utilizes on-chain analytics to assist in tracing illicit funds.
🤝Looking forward to more of our collaboration!
2
1
21
8,183
🎁Come and join the event to get your rewards💸
🌟denet.me/m/eXz6xk
🎉Celebrating our #Triathon & @MistTrack_io
partnership with a #SecurityMonth!
🏅Users who accomplish specific tasks and utilize our tools during this period will be eligible for our rewards. Embark on a security journey with us.
📍Click denet.me/m/eXz6xk
#GEON #MistTrackVIP #airdrop
5
7,083
GM #TRON community
Wanna know how you can monitor $USDC activities such as mint or burn before it's posted on Twitter?
#MistTrack can help, we're the only blockchain analytic firm that offer tracking and monitoring services on TRON.
dashboard.misttrack.io/addre…
Sign up today
19
11
35
Wanna know how MistTrack can "demix" Tornado Cash Withdrawals?
We designed a dashboard on @DuneAnalytics to filter out potential Tornado cash withdrawals addresses, and then used our #MistTrack AML platform to validate our findings.
Here's how it works 🧵👇
9
18
46
The @AudiusProject community treasury was recently exploited, leading to the lost of ~18.5M $Audio.
The funds were swapped via @Uniswap for ~705 $ETH and remains in the scammers address at this time.
0xa0c7BD318D69424603CBf91e9969870F21B8ab4c
Hello everyone - our team is aware of reports of an unauthorized transfer of AUDIO tokens from the community treasury. We are actively investigating and will report back as soon as we know more.
If you'd like to help our response team, please reach out.
5
25
47
🚨Balancer Hack Update🚨
So far, we have the following findings about the @Balancer exploiter:
1/ The attacker’s fee came from the phishing group #AngelDrainer. In other words, after the attacker (AngelDrainer) attacked the website via BGP hijacking, then induced users to “approve” and transferred funds via “transferFrom” to the Balancer exploiter.👇
nitter.app/SlowMist_Team/st…
2/ The attacker made deposits and withdrawals via some platforms.
3/ The attacker bridged $ETH to the $BTC addresses via @THORChain, and then bridged back to Ethereum.
4/ Based on relevant intelligence we have collected, the attacker may be related to #Russia.
We will continue to follow up on this incident.
🚨Balancer Hack🚨
1/ Stolen funds have been directed to address 0x645710af050e26bb96e295bdfb75b4a878088d7e.
2/The stolen amount is ~ $238,000.
3/ On the @avax , the hacker transferred 15.3921 $WETH.e to address 0xf99...9d6.
Stay vigilant!
dashboard.misttrack.io/addre…
4
14
44
72,386
DEXX Incident Report (as of Nov 16, 9:00 UTC):
We’ve received 590+ reports of stolen funds from the community. After removing duplicates, over 500 unique victims have been identified, with total losses estimated at $13 million (subject to price fluctuations).
Our team is still analyzing the reports, and new submissions continue to be added.
Breakdown of Losses (so far):
• $500K–$1M: 1 victim
• $100K–$500K: 19 victims
• $10K–$100K: 178 victims
• < $10K: 302 victims
Note: This is partial data, and we’ll provide more updates as the investigation progresses.
If you are also a victim, you can submit your stolen address to us. aml.slowmist.com/cn/recovery…
17
11
41
123,872
The @zkLend explioter mistakenly clicked on a phishing site while attempting to use Tornado Cash, resulting in the loss of 2,930 ETH.🤣
❌ Fake: tornadoeth[.]cash
✅ Real: @TornadoCash
It seems that the 2,930 ETH stolen from @zkLend was deposited into Phishing website imitating TornadoCash and was immediately taken away by the phishing website’s operators.
H/T @TornadoCashBot
2
10
44
24,690
🚀 Exciting news! We are thrilled to announce that MistTrack now supports 17 blockchain networks, including Bitcoin, Ethereum, BNB Smart Chain, TRON, Polygon, IoTeX, Avalanche-C, Arbitrum One, OP Mainnet, Base, zkSync Era, Merlin Chain, Toncoin, Litecoin, Dogecoin, Bitcoin Cash, and Solana.
Since its launch in 2022, MistTrack has earned widespread recognition in the blockchain security space for:
🔸Accurate address labels
🔸In-depth transaction behavior analysis
🔸Robust fund-tracking capabilities
📊Key Stats:
🌐 100K+ users (including tens of thousands of paid users)
🏢 1K+ entities
🏷️ 300M+ address labels
⚠️ 90M+ risky addresses
❗500K+ threat intelligence addresses
Here are the Key Features of MistTrack⬇️
8
8
36
35,414
We're currently assisting @Era_Lend track down the stolen funds. Here's what we found so far.
Two suspicious transactions flagged:
🔗explorer.zksync.io/tx/0x99ef…
🔗explorer.zksync.io/tx/0x7ac4…
Total amount loss: Total amount loss: 2.76M $USDC
Hackers Address: explorer.zksync.io/address/0…
Platforms used:
-XY Finance
-rhinumberfi
-Mexc
-OKX
-Orbiter Finance
-ZK Bridge
We'll continue to monitor all address involved and provide updates in a timely manner!
🚨Security Update: We've experienced a security incident on our platform today. The threat has been contained. We've suspended all borrowing operations for now and advise against depositing USDC. We're working with partners and cybersecurity firms to address this.
More updates to follow.
7
9
37
27,135
⚠️DEXX Incident Update:
1⃣The DEXX hacker collected the funds on Solana to the following addresses:
4smi8TTEDHmortFLYKK7Hg3MLHbU2TnxTitLkcb1CHLd
GPuNX8BkN2u9GxFMci5RSdLzqQBYEkA9JSJnE7SpRKgt
5YjeiCb9YAbBma8Y2QSVUUsdj8eSbwGqDrPFnQmv3CNG
2⃣The DEXX hacker swapped for $WETH and bridged to the following Ethereum addresses via #Wormhole:
0xFFFa5823f73a3F43B75c2E586DFB05b51e7B7BeA
0xFFf2bA23bAc8d59951a3Bc7Ce8462667B5caf595
0xffEC33F5FDED28c367a8d263BF8B243B6 63cE874 0xffE3eDA09199CfbD7a83526a7DD615C43d024216 0xfFe65aa73Eb599f99faf6549e0FCda44959f79A8 0xFFE5608E663c41D5fC038Aa41E7c58af5CB661F7 0xffe224E9D49f882 dc7aC58e8A74Eff6DcB91cCDb 0xFFfAd7f1B755A129837952AD4b3D0E92875BA174 0xfffdFE9D9D6Dda6e829058a49d4b0f299bEAb5a6 0xfFFAE86530e77991A40D0F0c0b2067D9b4777D4B
0xE7aC21C32192025b691E6FF4A7f8285983e522E5
0x94De739F97654e6FF1FF54dA10414E1B08C8A5b1
0x2292c7677616cE4A6d0D33eE7a247f43270067B9
3⃣Currently,
1) the above Ethereum addresses have a total balance of 4,400.74 $ETH (~ $17.25 million),
2) the Solana address 4smi8TTEDHmortFLYKK7Hg3MLHbU2TnxTitLkcb1CHLd has a balance of $1.46 million,
3) the Solana address GPuNX8BkN2u9GxFMci5RSdLzqQBYEkA9JSJnE7SpRKgt has a balance of $54,000.
We will continue to monitor funds.
跨链到 Ethereum 的黑客地址列表:
0xFFFa5823f73a3F43B75c2E586DFB05b51e7B7BeA
0xFFf2bA23bAc8d59951a3Bc7Ce8462667B5caf595
0xffEC33F5FDED28c367a8d263BF8B243B663cE874
0xFFE5608E663c41D5fC038Aa41E7c58af5CB661F7
0xffE3eDA09199CfbD7a83526a7DD615C43d024216
0xffe224E9D49f882dc7aC58e8A74Eff6DcB91cCDb
0xfFe65aa73Eb599f99faf6549e0FCda44959f79A8
0xe114276490F6971df91e4C7F0952407Ed987A9a0
0xFFfAd7f1B755A129837952AD4b3D0E92875BA174
0xfFFAE86530e77991A40D0F0c0b2067D9b4777D4B
0xfffdFE9D9D6Dda6e829058a49d4b0f299bEAb5a6
…
3
12
39
32,442
📢Hello MistTrackers 🕵️
For the next 3 weeks, we will be holding a weekly competition to help trace stolen funds in the Web3 space.
Each week, we will select one winner to receive 100 $USDT based on the most comprehensive report on any web3 attack/exploit/scam.
1
5
36
Guys really, who are we gonna pick on next, leave a comment below.
Anyways, I love how casual they make it sound like they didn’t just rob people of their funds.
Not sure why we keep getting alerts for you but it seems like you're the most active of all drainers: incomesharks.eth AKA PinkDrainer.
They've been converting the stolen funds to DAI.
There's two addresses they love to transfer them to:
0x6337f2366e6f47fb26ec08293867a607bcc7a0db
0xa5e4b451d0a3c3d05fc3a8076fda45952b8f4f83
But it seems like @MakerDAO is their favorite to send those funds for now. As of right now, in these two addresses alone. There's about $20M in $DAI.
I guess why not have it earn interest while you figure out how to launder it, but in the mean time, we'll make sure everyone knows exactly where your funds are going.
6
5
37
40,145
If you were the victim of this scam, or know the victim of this scam.
Please have them check their Blockscan Chat and fill out this form for help in recovery.
aml.slowmist.com/en/recovery……
Additional verification will be needed to prove they’re the victim. Once verified we can provide some information regarding the scammer.
insane! someone lost $24.23m worth of stETH and rETH to crypto phishing 8 hours ago!
etherscan.io/tx/0xcbe7b32e62…
5
13
33
31,907
🤩To celebrate the launch of $IOTX on MistTrack, we're hosting an AMA with @iotex_io on 09/02/22 @ 8PM SGT.
🎁10 Lucky Winners will receive $10 USDT each
🎁OAT
1⃣Follow @MistTrack_io, @iotex_io and RT
2⃣Ask questions about IoTeX in the #ama channel on discord.com/invite/2geemSyev…
5
28
31
These scammers are getting better and better. Almost fell for this, but always remember to check the senders email.
7
6
35
10,056
🧐1155 WBTC Phishing Scam Update⬇️
The hacker has swapped all 1,155 $WBTC to ~22,955 $ETH and transferred them to the following ten addresses:
Looks like most of these were converted to ETH already.
0x3c2b0bb26F05Ce8db44b01F04aeBE64f19133665
~2436 ETH
0xEf369D0263E291bA282E9992bd32Daad12Fd9fdB
~3708 ETH
0x8ac261E8AD0cC74bB5694ABfc2b5480FE16FD6Cb
~3533 ETH
0xF2C1d996c565095061079b795311F64e4A301dbC
~3068 ETH
0x3fEE795B4c694c7390AB0Ba4CA1188aDA3BF0631
~2639 ETH
0xf2effaf13665a55c7456978b9deaec53b40eb21d
~2235 ETH
0xe68b9aea23b2935c9f9be951169ff0dbf2f60807
~1190 ETH
0xc7FF3787e9AC170db4d6E2708C068C7B719D768b
~1427 ETH
Too many photos to upload, but you get the point
Side note, for the scammer
How do you plan on laundering these funds if you're not a major criminal organization? This is huge amount and you're most likely gonna get caught. You pretty much got everyone watching every move you make right now. It's probably better to return the funds now, cause there's no way you're gonna be able to spend all of it.
8
6
34
29,435
The @FTX_Official account drainer recently moved 50,000 $ETH to another address, convert it for 3517 $renBTC via @1inch and then bridged it to the $BTC network.
That's $58 Millions dollars, it be cool you can return it so ppl can access their funds.
6
10
37
Guys scams are only gonna get more and more sophisticated. Just assume that scammers already have access to your email.
🕵️♂️ Tip 1: Always verify the sender’s address, even if it says “Coinbase.” Click to reveal the real sender—if it’s different, it’s most likely a scam
🚫 Tip 2: Make it a habit not to click on email links (unless you’re expecting them). Even if the message is legit, go directly to the website instead.
As always, stay vigilant!
1
7
38
3,785
After days of inactivity, the hackers behind the DEXX incident have finally begun laundering the stolen funds.
Currently, they are converting the altcoins into SOL in larges quantities.
Stay tuned for the latest updates on this incident.
5
13
36
13,817
⚠️DEXX Incident Update
As of right now:
1⃣The DEXX hacker has laundered most of the funds, with a total of 6,432.4 $ETH transferred to Tornado Cash.
2⃣ The balance of the main EVM consolidated address 0xFFB9926310b291E17D7Df846cdED66cDA2C68228 is
$19,446, distributed in #Ethereum, #BSC and #BASE chains.
3⃣The Solana address 4smi8TTEDHmortFLYKK7Hg3MLHbU2TnxTitLkcb1CHLd has a balance of $59,540, the Solana address GPuNX8BkN2u9GxFMci5RSdLzqQBYEkA9JSJnE7SpRKgt has a balance of $2200.
4⃣Since November 16, we have received multiple reports of stolen funds from the community, with a total loss estimated at $23 million (subject to price fluctuations), which is close to our initial forecast.
5⃣We have been assisting with this incident for a month and it is coming to an end. We will continue to analyze but will not update frequently. Please refer to the official announcement of @DEXXai_EN and @DEXXai_CN for more information.
⚠️DEXX Incident Update
The main EVM consolidated address 0xFFB9926310b291E17D7Df846cdED66cDA2C68228 continuously swapped assets and bridged to Ethereum:
As of right now:
1⃣The address 0xFFB9 still has a balance of $620,000, distributed in #Ethereum, #BSC and #BASE chains.
2⃣The address 0xFFB9 transferred 300 $ETH to the Ethereum address 0x2292c7677616ce4a6d0d33ee7a247f43270067b9 and then to Tornado Cash.
3⃣The DEXX hacker has transferred 6212.4 $ETH to Tornado Cash.
We will continue to monitor funds.
1
9
30
288,428
🚨MistTrack Security Alert🚨
@Stake seems to be exploited. The address 0x313...d3C received 6,001 $ETH, 3,900,000 $USDT, 1,100,000 $USDC, and 899,999.999 $DAI from the stake wallet address. USDT, USDC and DAI have all been swapped for ETH. All funds (~ 9615.29 ETH) currently stay on 4 addresses.
dashboard.misttrack.io/addre…
3
11
31
66,822
🚨 The official driver provided by this printer carries a backdoor program. It will hijack the wallet address in the user's clipboard and replace it with the attacker's address: 1BQZKqdp2CV3QV5nUEsqSg1ygegLmqRygj
🕵️ According to @MistTrack_io, the attacker has stolen 9.3086 $BTC. Active since Apr 22, 2016, last seen Mar 14, 2024, with links to multiple exchanges.
🔗light.misttrack.io/address/B…
中国深圳打印机公司天生 (#Procolored) 被发现提供的官方驱动程序携带后门程序用来盗取加密货币,数据显示黑客盗取的比特币数量达 9.3 个。
至于感染原因则是天生使用 U 盘传输这些驱动程序,被感染后门程序后天生又将其上传到网盘供全球用户下载。
查看全文:ourl.co/108992
3
13
31
24,510
Not sure why we keep getting alerts for you but it seems like you're the most active of all drainers: incomesharks.eth AKA PinkDrainer.
They've been converting the stolen funds to DAI.
There's two addresses they love to transfer them to:
0x6337f2366e6f47fb26ec08293867a607bcc7a0db
0xa5e4b451d0a3c3d05fc3a8076fda45952b8f4f83
But it seems like @MakerDAO is their favorite to send those funds for now. As of right now, in these two addresses alone. There's about $20M in $DAI.
I guess why not have it earn interest while you figure out how to launder it, but in the mean time, we'll make sure everyone knows exactly where your funds are going.
5
9
30
14,861
🚨MistTrack Alert🚨
.@DoodiPals has been compromised — the hacker swapped $DOODi tokens for $SOL, making a profit of 917 SOL so far.
The stolen funds have since been transferred to multiple FixedFloat addresses.
MistTrack is monitoring the flow.
4
4
36
9,366
Credits to @zachxbt
Another $2.1 M lost to a drainer 😥.
Drainer: 0xFC4EAA4ac84D00f1C5854113581F881b42b4A745
(Funds untouched)
Scammer: 0x41671a8219fF70b19e0D523C7d0C711c1AfCBB7e
(Funds already converted to ETH)
Based on the information from our MistTrack platform, it seems like it could be related to the Inferno Drainer.
Guys if it's too good to be true, it probably is. Twitter accounts are getting hacked all the time. Please stay safe out there.
14
5
31
41,169
🚨MistTrack Security Alert🚨
It is suspected that @MIM_Spell related contracts were exploited.
- Estimated loss: 6,262 $ETH (~$13M)
- The hacker has bridged 6,262 ETH to #Ethereum.
- Initial funds sourced from #TornadoCash, withdrawing 10 ETH in 10 transactions (1 ETH each).
Attack TX: arbiscan.io/tx/0xed17089aa6c…
Important security notice:
There appears to have been an exploit related to Abracadabra/Spell's cauldrons that utilise GM tokens, as noted by PeckShield and other security specialists monitoring the blockchain.
To clarify, no issues have been identified with GMX contracts, and they are not affected by this unfortunate situation.
We believe the issue relates solely to the Abracadabra/Spell cauldrons. These cauldrons allow for borrowing against specific GM liquidity tokens.
The contributors from Spell, GMX, and security researchers are currently investigating the cause of the issue.
2
7
32
28,251
Thanks to the efforts of our team members, we were able to "Demix" the funds and trace them to the following address: dashboard.misttrack.io/addre…
The attacker created various transactions and deposited the funds to exchanges such as @HuobiGlobal, @binance, and @okx.
5
11
35
9,330
It's great to see positive changes in the community, especially with projects like @RAILGUN_Project 👏 actively working to block malicious actors from using the Railgun contracts.
Earlier today, suspected funds from a hack were sent to Railgun. However, Thanks to their proactive measures, this hacker could not gain any privacy from Railgun and ultimately was forced to revert to the origin address.
Although funds cannot be frozen due to Railgun's self-custody model, we're still pleased to see that there's one less option for malicious actors.🥰
3
8
30
6,205
Hey Angel Drainer, did you really think just because you're using an aggregator we wouldn't be able to track you?
It doesn't matter where you go, we can still find you.
Anyways here are some of the addresses:
0xCA172b0356A553D60b04f89cF0515c96EE7718c6
0xd3F2f5c504b5fe8aD96D6A2755011B7d79BB10Ff
0x9A5d1D37b93ACA0A3f6a04385D14f9010D0209b8
2
3
29
7,511
A new withdraw address from the DEXX incident was seen depositing funds into Tornadocash. Not a lot, most likely a test to see what they can get away with.
0xDF02d6d9ca037837124903E96Df26ec09eE4c6aE
Don’t worry we’re always watching 😗
⚠️DEXX Incident Update:
1⃣The DEXX hacker collected the funds on Solana to the following addresses:
4smi8TTEDHmortFLYKK7Hg3MLHbU2TnxTitLkcb1CHLd
GPuNX8BkN2u9GxFMci5RSdLzqQBYEkA9JSJnE7SpRKgt
5YjeiCb9YAbBma8Y2QSVUUsdj8eSbwGqDrPFnQmv3CNG
2⃣The DEXX hacker swapped for $WETH and bridged to the following Ethereum addresses via #Wormhole:
0xFFFa5823f73a3F43B75c2E586DFB05b51e7B7BeA
0xFFf2bA23bAc8d59951a3Bc7Ce8462667B5caf595
0xffEC33F5FDED28c367a8d263BF8B243B6 63cE874 0xffE3eDA09199CfbD7a83526a7DD615C43d024216 0xfFe65aa73Eb599f99faf6549e0FCda44959f79A8 0xFFE5608E663c41D5fC038Aa41E7c58af5CB661F7 0xffe224E9D49f882 dc7aC58e8A74Eff6DcB91cCDb 0xFFfAd7f1B755A129837952AD4b3D0E92875BA174 0xfffdFE9D9D6Dda6e829058a49d4b0f299bEAb5a6 0xfFFAE86530e77991A40D0F0c0b2067D9b4777D4B
0xE7aC21C32192025b691E6FF4A7f8285983e522E5
0x94De739F97654e6FF1FF54dA10414E1B08C8A5b1
0x2292c7677616cE4A6d0D33eE7a247f43270067B9
3⃣Currently,
1) the above Ethereum addresses have a total balance of 4,400.74 $ETH (~ $17.25 million),
2) the Solana address 4smi8TTEDHmortFLYKK7Hg3MLHbU2TnxTitLkcb1CHLd has a balance of $1.46 million,
3) the Solana address GPuNX8BkN2u9GxFMci5RSdLzqQBYEkA9JSJnE7SpRKgt has a balance of $54,000.
We will continue to monitor funds.
2
9
29
22,758
🚨The #Bybit exploiter just used #Chainflip to bridge assets, swapping ETH for BTC.
📌 Destination address: bc1qlu4a33zjspefa3tnq566xszcr0fvwz05ewhqfq.
scan.chainflip.io/swaps/3311…
2
6
32
15,605
🚨According to MistTrack’s analysis🔎, there appears to be a connection between the #Indodax Hacker and #BingX Hacker.🤔
They used the same address (0x0c74c11443e60e011f884f547729127380ca1992) for money laundering. Indodax Hacker was on #Polygon, while the BingX Hacker operated on #BSC.
🔗Indodax Hacker: misttrack.io/s/sCgRq
🔗BingX Hacker: misttrack.io/s/0rVwH
1
6
32
27,440
Once again great work by @zachxbt.
Took me a while to understand the complexity behind this, so let me ELI5 on how they were able to come to these conclusions.
🤫 If your curious about which exchange was used, we'll tell how you can find out at the end as well.
1/ So I began tracing the $230M+ WazirX hack back from the original exploiter address and was able to make some interesting observations.
2
4
32
13,134
🚨MistTrack Security Alert🚨
@PolyNetwork2 has been hacked again.
1/ The main hacker profit address is 0xe0af…a599. The Hacker has cashed in over $4.39 million in mainstream assets.
2
13
33
46,775
Trying to think like a scammer😆
But why would the Inferno Drainer create a contract to lock their funds???
Contract Address:
0x0fa968de55e4b861d6ec3514781e1ca2263b1e1b
Anyone got a clue???
10
6
29
62,052
This is to the ~$68M Phishing scammer.
How exactly do you plan on laundering those funds? You're talking about almost $70M in crypto and the longer you hold it, the higher it's gonna go and draw more attention.
Moving funds like that is gonna trigger an alert anywhere. And if exchanges didn't know before, they do now:
0x3c2b0bb26f05ce8db44b01f04aebe64f19133665- 2436.967 ETH
0x74c55e1b92c8c69dad85cc552f42731a45c8111a - 3707.327 ETH
0x943706835942d3f0e9a2bc9ace9daf6973722eb0 - 3534.217 ETH
0xf34527c397bd1d151908e8b1fb51ce4405f61afe - 3069.176 ETH
0x31c43429cd5f918f19c05287e0bf7588dfce592e - 2640.035 ETH
0x02e5ad70386aec6ea2aad0ccd32a9ae6e3a4c86a - 2235.955 ETH
0x20cc20715954e0097f402e466067b3af40b6df6f - 1190.014 ETH
0xf14a5e70190d694dd1c25f13b21639b33192a774 - 1427.287 ETH
0x68414dbe49ae09db49f59db44299a3642273e7c7 - 1066.081 ETH
🧐1155 WBTC Phishing Scam Update⬇️
The hacker has swapped all 1,155 $WBTC to ~22,955 $ETH and transferred them to the following ten addresses:
6
5
32
9,406
So here's the lengthy process some scammer goes through to launder funds.
1. Bridge fund via stargate to ARB network
2. Bridge it again to Base via Across Protocol
3. From Base they then spilt between Hop and Rhino.
BTW this isn't the end, they're still bridging while I type this up. Let's also not forget all the effort they put in to obtain the funds in the first place by scamming people.
Imagine how much good they can do if they spent the same time and energy making society better.
Anyways, here's the scammers address incase some exchanges want to add it to your blocklist.
0xf672775e124e66f8cc3fb584ed739120d32bbaad
We know they'll probably send it to the a new address to launder, but at least try to block some funds.
1
3
28
16,722
Upon receiving the victim's report, we immediately collaborated with @FixedFloat. Thanks to their rapid response, we were able to freeze approximately 43 ETH, significantly reducing the overall loss. Currently, about 6.5 BNB remains with the hacker, which means that we have successfully secured nearly 98% of the assets.
While not all funds were recovered, this was still a significant achievement and was the result of a collaborative effort among all involved parties.
情况基本搞清楚了,我的情况和这个老哥相同,刚开始玩FT的时候连过这个三方bot @FriendSniperTch,虽然很快就换成自己bot了,但是私钥泄露,现在钱多了被清。
前几天看到 @CJCJCJCJ_ 被盗就想过清仓换号,但是由于有锁仓的key换起来比较麻烦,再加上当时自己钱包没出问题,就抱着侥幸心理觉得CJ老哥可能是自己rug的。
我这边现在有其他多个钱包是在同同时操作的,现在都没有问题,所以不存在操作环境的问题。
结论就是被 @FriendSniperTch 盗了,私钥泄露。
这也是我入圈以来第一次被盗,金额不算大,惨痛的是损失了大家的信任。
对所有受到影响的朋友们实在抱歉,只能用自己的错误让大家引以为戒;大家连接过第三方软件的不要嫌麻烦,安全第一,赶紧清仓换号。
4
6
29
94,444
1/ Congratulations to @MerlinSwap on the end of the $MP token IDO. 🤩
🤗Another exciting news for you - MistTrack now supports searching and tracking for @MerlinLayer2!
Same as previous operations for other currencies, just select Merlin and enter the address you want to search to get the details of the address.
nitter.app/merlinswap/statu…
2
4
28
71,992
🚨MistTrack Alert🚨
⚠️@safetrade is suspected of a rug pull.⚠️
We are following up on this incident and will update as we gather more information.
10
5
28
63,743
Ribbon Finance suffered a DNS hijacking attack. On-chain analysis showed that it was the same attacker as Convex. One victim lost 16.5 WBTC. Transaction details etherscan.io/tx/0xd09057f1fd…
We are aware of a DNS attack on app.ribbon.finance and have immediately remedied the issue.
The takeover prompted 2 users to approve malicious contracts for vault deposits.
All funds on the vault contract are unaffected.
4
19
31
🚨The total loss is ~$1.5B. The hacker is laundering the funds and we will keep monitoring.
🚨SlowMist Security Alert🚨
@Bybit_Official has been exploited, we are following up, please stay tuned.
Hacker’s addresses:
0xdd90071d52f20e85c89802e5dc1ec0a7b6475f92
0x0fa09c3a328792253f8dee7116848723b72a6d2e
0xe8b36709dd86893bf7bb78a7f9746b826f0e8c84
0x47666Fab8bd0Ac7003bce3f5C3585383F09486E2
0xa4b2fd68593b6f34e51cb9edb66e71c1b4ab449e
0x1542368a03ad1f03d96D51B414f4738961Cf4443
0x36ed3c0213565530c35115d93a80f9c04d94e4cb
3
5
32
7,765
Hey DEXX hacker,
Do you think we wouldn't notice all the recent deposits you've made in Tornado Cash, don't worry we see everything 👀👀👀
So far, you've sent sent over 4700 ETH into TC already.
Btw, what's the point of sending 58 ETH to 0xFFB9926310b291E17D7Df846cdED66cDA2C68228 if you were just gonna 1300 ETH back 😅
⚠️DEXX Incident Update
As of right now:
1⃣The DEXX hacker has transferred 1,512.4 $ETH to Tornado Cash
2⃣There are still a total of 3,149.55 $ETH remaining in the following Ethereum addresses:
0xFFFa5823f73a3F43B75c2E586DFB05b51e7B7BeA
0xFFf2bA23bAc8d59951a3Bc7Ce8462667B5caf595
0xffEC33F5FDED28c367a8d263BF8B243B663cE874
0xffe224E9D49f882dc7aC58e8A74Eff6DcB91cCDb
0xFFfAd7f1B755A129837952AD4b3D0E92875BA174
0xfFFAE86530e77991A40D0F0c0b2067D9b4777D4B
0xE7aC21C32192025b691E6FF4A7f8285983e522E5
0x94De739F97654e6FF1FF54dA10414E1B08C8A5b1
0x2292c7677616cE4A6d0D33eE7a247f43270067B9
0xa70fec6bf1bbfb69e5aacf3d2bdc2e70d25898fa
3⃣It is worth noting that the main EVM consolidated address 0xFFB9926310b291E17D7Df846cdED66cDA2C68228 currently has a balance of 1,253.83 $ETH and tokens worth $130,000.
4⃣The Solana address 4smi8TTEDHmortFLYKK7Hg3MLHbU2TnxTitLkcb1CHLd has a balance of $96,417, the Solana address GPuNX8BkN2u9GxFMci5RSdLzqQBYEkA9JSJnE7SpRKgt has a balance of $2200.
We will continue to monitor funds.
1
5
29
136,449
Exciting New Toolkit Announcement! 🤗
Our highly requested Wallet Risk Assessment Tool (Beta Version) is now live! ✨
✅ Try it here→misttrack.io/aml_risks/
So what can you do with this tool?👇
1. Check Risk Scores: Assess the risk score and funds of USDT on three major chains: TRON, ETH, and BSC.
2. Make Informed Decisions: Use the risk score to decide whether to interact with a specific wallet address.
3. Deep Analysis: Click "Deep Analysis" for more detailed information to track and monitor addresses.
4. Share Results: Easily share the risk status of addresses with friends and colleagues by clicking "Share."
4
11
27
134,566
1⃣Follow @MistTrack_io & @SlowMist_Team, RT the first tweet
2⃣Sign up at MistTrack (dashboard.misttrack.io)
3⃣Use the Share feature to share your investigations on Twitter under the tag #MistTrack
4⃣Fill out forms.gle/VqhxPybVy4tzktSe9
How to Share⬇️
📢Hey MistTracker📢
Here’s a quick thread on how to use our Share feature on misttrack.io/
You can now collaborate your investigations with others and share your findings with victims of scams, exploits, or rugpulls.
5
21
23
🚨 Update on @BingXOfficial Exploiter Activity 🚨
After hours of relentless consolidation, it appears the exploiter has taken a temporary pause.
Currently most of the funds are residing in the following addresses.
0x1dd7daf089c16856155fefd7e2170966bb6b3aee-
~$16.5M
0xf26e64ef4300ca027d2ffedd7d765d7a3906091c-
~$24M
TWYDPSCK4vfuMCmJYJvPcvWeUDtyT42mZB-
~$1.12M
0xf7e8033366166f92eb477b7b38e0d47d47b43326
~$2M
0xf36dd342a1d1c63aaddf9a95226349e527917ff3
~$850K
There are additional smaller addresses, but we're not gonna list them all here.
If you wanna know every address involved and receive alerts on fund movements, join our free Telegram channel: t.me/+C2tKWF6lqWViNWRl
Note: We believe consolidation isn’t over yet—they’re likely just taking a break, so expect alerts to surge soon.
Anyways, back down the🐇🕳️.
🚨SlowMist Security Alert🚨
1/ At 4 AM (SGT) on Sept 20, the crypto exchange @BingXOfficial is suspected to have been attacked.
🔎We are assisting BingX in investigating this incident. Any new updates will be promptly shared.
❄️As of now, with the help of the SlowMist Team, approximately $1M in stolen funds has been frozen.❄️
10
29
3,090
Earlier today, Tether froze multiple addresses holding a total of $1.82M $USDT:
TNj4y6nnTXQ4kCc8StrZYTd4NMubFw5usu: 674,739 USDT
TAJ6BpoCvPZecnNnprTQJXszLoiNEQztxr: 100,000 USDT
TEsgp2cSHsNCNSWS4C87UxRtBSk4cnVx4g: 200,000 USDT
TAnsQrz7xRV4N3EcqPHRsJeiiEdB93nvZJ: 300,000 USDT
THQfmXKhoqBbukQa386h9UxzSNg9zpWA7R: 250,000 USDT
TVsC1SSk4AiTawhTMjLZLjHWMvMVkctG3o: 300,000 USDT
AML efforts in crypto are accelerating. From 2018 to 2023, around 1,250 addresses were frozen. In 2024 alone, that number is nearing 2,000—a clear sign of strengthened enforcement and accountability.
As crypto evolves, stronger safeguards are crucial, and it’s encouraging to see progress in the fight against illicit activities.🫡
1
4
28
4,380
DEXX Incident Report (as of Nov 18, 00:00 UTC+8):
We’ve received 1100+ reports of stolen funds from the community. After removing duplicates, over 900 unique victims have been identified, with total losses estimated at $21 million (subject to price fluctuations).
Our team is still analyzing the reports, and new submissions continue to be added.
Breakdown of Losses (so far):
• > $1M: 1 victim
• $500K–$1M: 2 victims
• $100K–$500K: 33 victims
• $10K–$100K: 292 victims
• < $10K: 656 victims
Note: This is partial data, and we’ll provide more updates as the investigation progresses.
If you are also a victim, you can submit your stolen address to us. aml.slowmist.com/cn/recovery…
2
8
26
67,366
🚨eXch had 34M euros and infrastructure for the platform seized by law enforcement🚨
📅On April 30, the Frankfurt am Main Public Prosecutor's Office - Central Office for Combating Internet Crime (ZIT) - and the Federal Criminal Police Office (BKA) seized the German server infrastructure of the crypto swapping service "eXch" and shut down the platform. The service was accessible under the domain eXch[.]cx and various other internet addresses. In addition to extensive data of over eight terabytes, the crypto assets #Bitcoin, #ETH, #Litecoin, and #Dash, currently valued at approximately 💶€34 million, were seized. This is the third-largest seizure of crypto assets in the history of the BKA.
📡The operators of @exchcx are suspected of engaging in commercial money laundering and operating a criminal online trading platform. The operators had initially announced at short notice that they would discontinue their service on May 1, 2025..
🔗presseportal.de/blaulicht/pm…
🚨eXch is shutting down🚨
@exchcx has announced it will shut down on May 1st, 2025. The project became the target of a transatlantic law enforcement operation over alleged "money laundering and terrorism" charges. To avoid further risks and protect both the team and the community, eXch has decided to shut down voluntarily.
🔗bitcointalk.org/index.php?to…
1
13
23
40,064
Another great job by the @RAILGUN_Project team here.
Their system quickly picked up the funds came from a malicious source, so the scammer couldn't do anything besides withdraw. Which they then turned around and sent the funds to Changenow.
🚨💔 49 minutes ago, another victim lost $64,250 by copying the wrong address from a contaminated transfer history.
1
4
26
20,977
If you're an exchange or service please help us block this address: bc1qd8rmx0nuxn3safxq6d55hdku6lfv8veegpc6ny
Inferno Drainer is currently swapping ETH to BTC via Thorchain.
2
2
29
3,956
Currently doing some research into the 660 ETH that was moved into Railgun by the Pink Drainer and two things came to to mind.
1. Why are you called the Pink Drainer? Are you raising awareness for breast cancer and if so I think there's better ways.
2. Why does a privacy tool have tax integration? And do people actually use?
3. Also if anyone knows how to go about unobscuring the funds, let us know.
7
4
25
7,151
Uhhhh, not even sure how do you even explain this your boss, but starting a thread on this so be sure to follow for updates:
So far the scammers has moved the funds to the following addresses:
0x3c2b0bb26F05Ce8db44b01F04aeBE64f19133665
0xEf369D0263E291bA282E9992bd32Daad12Fd9fdB
0x8ac261E8AD0cC74bB5694ABfc2b5480FE16FD6Cb
0xF2C1d996c565095061079b795311F64e4A301dbC
0x3fEE795B4c694c7390AB0Ba4CA1188aDA3BF0631
0x1cCB672909554A2F3D4097E5FE2AFbfE1F804b5A
0xBA4E8123a50A3001856a2559d0495C197B0EF8b7
0xc7FF3787e9AC170db4d6E2708C068C7B719D768b
🚨💔 2 hours ago, another victim lost $68 million by copying the wrong address from a contaminated transfer history.
2
3
21
14,319
Not sure if we wanna cry or laugh or maybe both🥲
Earlier today #tether froze 23 addresses for a total of ~$15.5K in USDT. At first glance we thought maybe they were just slow in the response so some of the funds might have been transferred out already. But......
All these funds been sitting there for almost 2 years 🤣
Anyways back to tracking magic internet money.🧐
2
6
28
7,438
We love it when we see things like this. Here's what happened.
Scammer: 0xf26b9dd6fabb7379c1c76ec417d4741ae607fea9 sends 100k in DAI and converts it to ETH and bridge to ARB via Stargate.
Then from ARB network, they move it around a couple times and sent it back to ETH. Finally having it sent to Railgun.
Good thing the @RAILGUN_Project was prepared, leaving the scammer with no other choice but to withdraw the funds.
While we can't completely eliminate scammers, we should make it as difficult as possible for them to access these protocols. Now if only other project would follow suit, that be great!!!!!😅
🚨💔 2 minutes ago, someone lost $400,000 by copying the wrong address from a contaminated transfer history.
⚠️ Never copy the address from transfer histories.
3
22
2,656
Guys, this is why compliance laws are in place.
Lately, we've seen a lot of reports from people whose USDT was unexpectedly frozen. These folks, new to the cryptocurrency scene, thought it would be safe to receive USDT via OTC or P2P markets. However, they found out too late that the USDT they received was tied to a pig-butchering scam and had been frozen by law enforcement. This issue often only comes to light when they try to transfer the funds, leaving them stuck.
Unknowingly, these individuals became part of a money laundering ring, despite believing that decentralized and censorship-resistant cryptocurrencies couldn't be frozen. Criminals exploit this to complicate on-chain tracking efforts. While the instigators remain at large, the victims suffer the consequences.
We're not saying you shouldn't use P2P or OTC markets, but always stay cautious. There are various tools available to check if the addresses you're dealing with are linked to malicious activities. We offer a free 30-day trial at Misttrack.io, no payment info needed. If you have questions about an address, send us a DM. We're happy to help, but it might take a bit for us to respond. 😅
4
27
6,229
~1200 ETH or $4M has been moved from an address related to the Inferno drainer to 0x7f99a81c03359ce2e7e744372e1291ecae72af5a.
That $4MILLIONNNNNNNN 🤮, someone stop these people. Can exchanges please start taking these cases seriously. You can easily tell if funds came from a drainer service. Please freeze them so they don't have the incentive to continue doing this.
4
10
25
2,880
A little late to post this, but better late than never.
Yes, that's 433 ETH from Pink Drainer to Railgun, or ~$1.3 M. Not bad for just one account. So victims will never recover from this.
Guys I think you forgot to put help scammers launder funds here.
3
4
26
8,595
Gonna go off on a little rant here.😅
It's great that there was a happy ending to this case, but all know that's not the case for most victims.
The reason this case got so much attention is because this was one of the largest phishing incidents ever. Everyone was looking into it and look what we were able to accomplish.
However, many smaller-scale scams(These are still large, but just seem small compared to this case), which collectively harm hundreds or even thousands of victims, typically go unnoticed. The reason is simple: smaller individual losses might seem trivial to the broader public and media, making it harder for those victims to get the attention they desperately need.
At Misttrack.io, we believe every victim matters, and every scam deserves attention, no matter the scale. While we can't conduct a full investigation for every case reported to us, we created a platform that was easy to use, so even novice in crypto is able track down stolen funds.
Your voices deserve to be heard. It's time to fight back against scammers.
3
5
26
5,095
For someone that's retired, you're still pretty active.
Since you guys like to move funds around so much, why don't you try moving these stolen funds back into your victims accounts.
I know you guys are retired but it doesn't we stop following:
Incase anyone wanna know to track these bridge transactions:
1. Open the transactions, click show more and then click on Decode Input data:
etherscan.io/tx/0x0e02765974…
2. Click on recipient address and in this case a simple google of the destinationChain ID 42161 is the ARB network:
3. Monitor and Repeat
3
29
3,711
However, rest assured that this is not the final stage of our investigation and we will provide updates as more information becomes available.
For more information, please visit our Dune Analytics dashboard at dune.com/misttrack/harmony-b….
1
5
30
1,962