Velocore Incident Post-Mortem 7 m$ loss
https://velocorexyz.medium.com/velocore-incident-post-mortem-6197020ec3e9 @EthSecurity1

An OKX user disclosed today that hackers purchased his personal information and used AI to create fake videos. Hackers used these to change the victim's OKX passwords and even 2FA. More than $2 million US were stolen. Be wary of Deepfakes and personal data leaks. — link

$1.5M was hacked from the liquidity pool of yolo on blast.
90% funds returned @EthSecurity1

seems certik(The blackhat team) will going to jail. some people think they are same Lazarus.

Post the @krakenfx breach, have detected similar activity on @base, @BNBCHAIN, @Optimism, @arbitrum, @avax, @LineaBuild and @0xPolygon trying to target @okx, @BingXOfficial, @gate_io, and @binance and others and some unknown addresses.


Here is poc: https://x.com/danielvf/status/1803780167027871878?s=61
@Ethsecurity1

THREAD: How are Thefts from Mt. Gox, the Blockchain Bandit, Ethereum Foundation all tied to one another?

https://x.com/BoringSleuth/status/1800407010611003903
@EthSecurity1

Two blazing web3sec repos

https://github.com/immunefi-team/Bounty_Boosts

https://github.com/SunWeb3Sec/DeFi-Security-Breach-RCA
@Ethsecurity1

Guest Spotlight Article: How to analyze reports and become a great auditor

https://hatsfinance.medium.com/guest-spotlight-article-how-to-analyze-reports-and-become-a-great-auditor-8429e20df2c2

Concentrated liquidity Managers vulners

https://dacian.me/concentrated-liquidity-manager-vulnerabilities @ethsecurity1

When call and delegatecall return false

A crucial point to understand is when the success value will be true or false. Essentially, it depends on whether the function being executed will revert or not. There are three ways an execution can revert:

• if it encounters a REVERT opcode,
• if it runs out of gas,
• if it attempts something prohibited, such as dividing by zero.

If the function being executed via delegatecall (or call) encounters any of these conditions, it will revert, and the return value of the delegatecall will be false



A question that often confuses developers is why a delegatecall for a non-existent contract doesn't revert and still reports that the execution was successful. an empty address will never meet one of the three conditions for reverting, so it will never revert.
@EthSecurity1

in Solidity if you make a delegate call to an Externally Owned Account the return value is always true @Ethsecurity1

scroll token hacked in may, Root cause was underflow beside using solidity 0.8.19. anybody knows why this happend? POC: https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/src/test/2024-05/SCROLL_exp.sol Attacker : 0x55Db954F0121E09ec838a20c216eABf35Ca32cDD
// Attack Contract : 0x55f5aac4466eb9b7bbeee8c05b365e5b18b5afcc
// Vulnerable Contract : 0xe51D3dE9b81916D383eF97855C271250852eC7B7
// Attack Tx : https://etherscan.io/tx/0x661505c39efe1174da44e0548158db95e8e71ce867d5b7190b9eabc9f314fe91

// Vulnerable Contract Code : https://etherscan.io/address/0xe51D3dE9b81916D383eF97855C271250852eC7B7#code @EthSecurity1

Bittensor TAO HACK POST-MORTEM 8 m$ https://blog.bittensor.com/bittnesor-community-update-july-3-2024-45661b1d542d
@Ethsecurity1

DefiPlaza hacked for 200 $K. original attack front-runned by MEV bot. Root cause was miscalculation in OutputAmount . @EthSecurity1

Please don't interact with the Compound Finance website for now. It seems to be hijacked.

Standard abstract contracts written by 0x52 https://github.com/IAm0x52/AuditNoteSharing/tree/main

An alias bug in Circom (or any ZK circuit language)
https://www.rareskills.io/post/circom-aliascheck

@EthSecurity1

Minterest hacked $1.4M loss.

Attackers can lend tokens inside flashloan callbacks and then redeem more tokens after the flashloan.

https://mantlescan.xyz/tx/0xb3c4c313a8d3e2843c9e6e313b199d7339211cdc70c2eca9f4d88b1e155fd6bd

@EthSecurity1

Parser bug https://x.com/danielvf/status/1808153951574937900 @EthSecurity1

Please revoke approval to 0x1231deb6f5749ef6ce6943a275a1d3e7486f4eae (LI.FI: LiFi Diamond) asap!
@EthSecurity1

Seems jumper exchange hacked
https://x.com/jumperexchange/status/1813196813333094526?s=46
@EthSecurity1

A critical vulnerability was identified and reported by a whitehat. in the Raydium protocol .A bounty of $505,000 https://medium.com/immunefi/raydium-tick-manipulation-bugfix-review-c6aae4527ed6 @EthSecurity1