eigenlayer : In an isolated incident this morning, an email thread involving one investor’s transfer of tokens into custody was compromised by a malicious attacker.
As a result, 1,673,645 EIGEN tokens were erroneously transferred to the attacker’s address. The attacker sold these stolen EIGEN tokens via a decentralized swap platform and transferred stablecoins to centralized exchanges. We are in contact with these platforms and law enforcement. A portion of the funds have already been frozen.
The compromise has not impacted the broader ecosystem. There is no known vulnerability in the protocol or token contracts and this compromise was not related to any onchain functionality.
We continue to investigate the situation and will be posting further information once we have it. @EthSecurity1
As a result, 1,673,645 EIGEN tokens were erroneously transferred to the attacker’s address. The attacker sold these stolen EIGEN tokens via a decentralized swap platform and transferred stablecoins to centralized exchanges. We are in contact with these platforms and law enforcement. A portion of the funds have already been frozen.
The compromise has not impacted the broader ecosystem. There is no known vulnerability in the protocol or token contracts and this compromise was not related to any onchain functionality.
We continue to investigate the situation and will be posting further information once we have it. @EthSecurity1
👍2
Unverified contract lost $280k due to sandwich attack.There's a function that can be used for swapping WBNB to EGA token in victim contract. This function has no access control, anyone can call this function with only 1 wei. This is vulnerable to
https://app.blocksec.com/explorer/tx/bsc/0xece4a4ac46660618ecee43826fc6f89fe4beaef87ca5e5786f763892b48bc999
https://app.blocksec.com/explorer/tx/bsc/0xece4a4ac46660618ecee43826fc6f89fe4beaef87ca5e5786f763892b48bc999
Blocksec
0xece4a4ac46660618ec | Phalcon Explorer
Security suite for Protocols, Developers, LPs, & Traders - safeguarding your blockchain journey
🔥3
- Retrospecting Arbitrary Position Cancellation Vulnerability in Perpetual Protocol - Upgradeable Smart Contracts (USCs): Exploring The Concept And Security Risks @EthSecurity1
Medium
Retrospecting Arbitrary Position Cancellation Vulnerability in Perpetual Protocol
In July 2022, ChainLight identified and reported a vulnerability caused by lock of authorization in cancelling positions.
An unknown project lost about 85k(about 150 BNB) https://bscscan.com/address/0x3c4e4fbc17a7caa22570e54b57ba42cf053a777a @EthSecurity1
👍1
- Characterizing Cryptocurrency-themed Malicious Browser Extensions. - An Empirical Study of Smart Contract Decompilers
@EthSecurity1
@EthSecurity1
Proceedings of the ACM on Measurement and Analysis of Computing Systems
Characterizing Cryptocurrency-themed Malicious Browser Extensions | Proceedings of the ACM on Measurement and Analysis of Computing…
Due to the surging popularity of various cryptocurrencies in recent years, a large
number of browser extensions have been developed as portals to access relevant services,
such as cryptocurrency exchanges and wallets. This has stimulated a wild growth of…
number of browser extensions have been developed as portals to access relevant services,
such as cryptocurrency exchanges and wallets. This has stimulated a wild growth of…
🔥3
he claimed FBI wallets doxxed https://x.com/jconorgrogan/status/1844121150676218100 @EthSecurity1
realy exited for OZ movement : ) https://x.com/0xCygaar/status/1844188445691822136 @EthSecurity1
fwdETH phishing attack and loss 35 $million https://www.binance.com/en-TR/square/post/2024-10-11-fwdeth-price-plummets-after-35-million-theft-incident-14711617819490 @EthSecurity1
Binance Square
FwDETH Price Plummets After $35 Million Theft Incident
According to BlockBeats, earlier today, the price of fwDETH, a wrapped ETH token on the Blast chain, experienced a significant drop following a theft incident involving $35 million worth of fwDETH. Th
- A deep dive into the main components of ERC-4337: Account Abstraction Using Alt Mempool — part1, Part 2
- OWASP Smart Contract Security
@EthSecurity1
- OWASP Smart Contract Security
@EthSecurity1
Medium
A deep dive into the main components of ERC-4337: Account Abstraction Using Alt Mempool — Part 1
Account abstraction has been a highly desired feature within the Ethereum developer community for years, and it is seen by many as a…
👍3
some checklists: Beirao's Checklist
Decurity's Checklist
ETH Devs's Checklist
Hans's Checklist
Jeffrey's Checklist
Jonas's Checklist
Miguel's Checklist
Nisedo's Checklist
Owen's Checklist
Rahul's Checklist
Rajeev's Resource
Rareskill's Checklist
Roman's Checklist @EthSecurity1
Decurity's Checklist
ETH Devs's Checklist
Hans's Checklist
Jeffrey's Checklist
Jonas's Checklist
Miguel's Checklist
Nisedo's Checklist
Owen's Checklist
Rahul's Checklist
Rajeev's Resource
Rareskill's Checklist
Roman's Checklist @EthSecurity1
GitHub
audit-checklist/ref/beirao.md at main · Cyfrin/audit-checklist
Aggregated audit checklist. Contribute to Cyfrin/audit-checklist development by creating an account on GitHub.
❤7
Radiant hacked 51 $m loss
Seems private keys compromised
Exploited on BSC, ARBITRUM
Root cause: looks like the attacker just had control of 3 multisig signers allowing them to transfer ownership.
as owner, they could then call
@EthSecurity1
Seems private keys compromised
Exploited on BSC, ARBITRUM
Root cause: looks like the attacker just had control of 3 multisig signers allowing them to transfer ownership.
as owner, they could then call
setLendingPoolImpl on the addresses provider to upgrade the implementation@EthSecurity1
❤1👍1
https://www.justice.gov/usao-dc/pr/fbi-arrests-alabama-man-january-2024-sec-x-hack-spiked-value-bitcoin
@EthSecurity1
@EthSecurity1
www.justice.gov
FBI Arrests Alabama Man in the January 2024 SEC X Hack that Spiked the
WASHINGTON – Eric Council Jr., 25, of Athens, Alabama, was arrested this morning, in Athens, in connection with a January 2024 unauthorized takeover of the U.S. Securities and Exchange Commission’s (SEC) X account, formerly known as Twitter, in…
Tapioca DAO hacked
vesting contract ownership transferred to exploiter, and then all vesting tokens emergency released
https://arbiscan.io/token/0x2c650dab03a59332e2e0c0c4a7f726913e5028c1?a=0x70285a11489bed93686410ebc727057cafb8129d
@EthSecurity1
vesting contract ownership transferred to exploiter, and then all vesting tokens emergency released
https://arbiscan.io/token/0x2c650dab03a59332e2e0c0c4a7f726913e5028c1?a=0x70285a11489bed93686410ebc727057cafb8129d
@EthSecurity1
Arbitrum One (ETH) Blockchain Explorer
TapToken (TAP) Token Tracker | Arbitrum One
TapToken (TAP) Token Tracker on Arbitrum One shows the price of the Token $0.0021, total supply 47,500,000, number of holders 5,074 and updated information of the token. The token tracker page also shows the analytics and historical data.
👍5