π¨ LootBot.xyz - Loss $9600 (2026-04-15)
Type: Logic Error (Duplicate NFT ID in Redemption)
The Staking contract's redeem() function does not validate duplicate xLoot NFT IDs in the input array. The _redeemable() function iterates over each ID and accumulates ETH rewards per epoch, but never checks if the same NFT ID has already been processed in the same call. The nextRedeem mapping is only updated AFTER the rewards are calculated and sent, so passing the same NFT ID 155 times results in 155x the legitimate reward.
The attacker flash-loaned 2.1 ETH from Balancer, sent it to the staking contract to trigger a new epoch (via receive()), then called redeem() with 7 xLoot NFT IDs each duplicated ~155 times, draining ~6.21 ETH. After repaying the 2.1 ETH flash loan, net profit was ~4.1 ETH.
TX: https://etherscan.io/tx/0xab19752a450a205ccaca9afb8505e2d8b79593ee2edab1f67bdec27a4f14871f
Victim: https://etherscan.io/address/0x9d87ff196646a99bddb16876066aa863900118b4
https://x.com/DefimonAlerts/status/2044709964091187660
Type: Logic Error (Duplicate NFT ID in Redemption)
The Staking contract's redeem() function does not validate duplicate xLoot NFT IDs in the input array. The _redeemable() function iterates over each ID and accumulates ETH rewards per epoch, but never checks if the same NFT ID has already been processed in the same call. The nextRedeem mapping is only updated AFTER the rewards are calculated and sent, so passing the same NFT ID 155 times results in 155x the legitimate reward.
The attacker flash-loaned 2.1 ETH from Balancer, sent it to the staking contract to trigger a new epoch (via receive()), then called redeem() with 7 xLoot NFT IDs each duplicated ~155 times, draining ~6.21 ETH. After repaying the 2.1 ETH flash loan, net profit was ~4.1 ETH.
TX: https://etherscan.io/tx/0xab19752a450a205ccaca9afb8505e2d8b79593ee2edab1f67bdec27a4f14871f
Victim: https://etherscan.io/address/0x9d87ff196646a99bddb16876066aa863900118b4
https://x.com/DefimonAlerts/status/2044709964091187660
π Onchain message: Transaction
π€ From: 0xbdf103aeaa7446f943b085ed7562c78cefcc9838
π₯ To: 0x355d71958dadc5231e1c992de52cbe5e01b6a1e7
π Network: base
π¬ Message:
π€ From: 0xbdf103aeaa7446f943b085ed7562c78cefcc9838
π₯ To: 0x355d71958dadc5231e1c992de52cbe5e01b6a1e7
π Network: base
π¬ Message:
CEASE AND DESIST
RE: The Wonderland Incident
You are hereby ordered to:
1. Return the funds
2. Say sorry
3. Return the funds again
Our legal team is fully
on-chain and has reviewed
all 47 incriminating txs.
You have 30 blocks to comply.
Failure to respond will result
in another strongly worded
calldata message.
- txmail.live Legal Dept
(we are not actual lawyers)
π€£10π1
π Onchain message: Transaction
π€ From: 0xae7d7c366f7ebc2b58e17d0fb3aa9c870ea77891
π₯ To: 0x141f59a0283303a6b882b4d6973e418f8d75f9b3
π Network: mainnet
π¬ Message:
π€ From: 0xae7d7c366f7ebc2b58e17d0fb3aa9c870ea77891
π₯ To: 0x141f59a0283303a6b882b4d6973e418f8d75f9b3
π Network: mainnet
π¬ Message:
Hey β you have unclaimed funds from the Euler redemption tree (the distribution the Euler team set up after the March 2023 exploit recovery). Your address (0x141fβ¦f9b3) was allocated index #215 in the merkle, and nobody's called it yet:
- 42.3427 WETH
- 19,528.66 DAI
- 1,505.2550 USDC
The Euler team's euler-redemption-scripts repo was archived with 1,638 people (including you) who never came back to claim.
I built forgotteneth.com to scan old, defunct, or abandoned smart contracts for ETH and tokens people left behind.
So, two easy ways to grab yours:
1. forgotteneth.com β paste your address, hit the Euler card, click Claim. The site assembles the merkle proof for you and your wallet just confirms one tx.
2. Direct via Etherscan
Go to 0xBC8021015db2ca0599e0692d63ae6B91564cf026 β Contract β Write Contract, connect the wallet that owns 0x141fβ¦f9b3, expand claimAndAgreeToTerms, and paste these four values into the form:
- acceptanceToken (bytes32):
0x520aea92485738124475f3949d733f2a0b8e80fb53459af867c2bc8931785899
- index (uint256):
215
- tokenAmounts ((address,uint256)[]):
[[0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2,42342717001513326991],[0x6B175474E89094C44Da98b954EedeAC495271d0F,19528663517176969758085],[0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48,1505254955]]
- proof (bytes32[]):
[0xbea6eec49541015cd2b66c73290869b3860e81d90df437035ede15935531ed95,0xee0777a577c250a0b1f51fa45234f03b1d7b986586a50fe93d4735fe6dde3448,0x64cb9aa0f0f39035b202c1833c3e04a7801733d8fa08545a2b9ad4d2e9c04b31,0xed04096b8096a44bf5151df17d9e0d5490785da6369345a3965d069b26c59817,0x94b0d9569f8cbbcf923f4c4fc6297db0165e7a28e0c61f6e27bb987b1ef4478f,0x3a4b7829fbec41a9e6e39e98808b659cabed1e36e52ed2cccf5775fcdd9335a4,0x9d3bb7cda599728208163eecd2a00cf7323080ce92b7534403408af74cb62dd4,0xf64102e34b49950a0292b6098c2751712769e2f0dbe2737c1fec214fc0aa5f46,0x98e17d665be136875feaef44f9dfe1be8646e4e26a2644f6b611a29b2c32da40,0x95dbce3f5ba2481259cec47ae6f553d66281e1ca7ce8644ec415e09872dbcfa1,0x4be646829fe502c699b25019edd8e22ddfcd417723c06cc457e52e0e84dc2103,0xc2dc3ab40b7faadd1db3725c168ea441c7dc201e44940ae1c73e14e3537ceba5]
Ping me if you have any question, cheers!
β€4π3
π Onchain message: Transaction
π€ From: 0x9d24559a227ee6715eb09af89808531f53566d36
π₯ To: 0x6fd130d4cfd95439a5641fcb45b032c2eab698f9
π Network: bsc
π¬ Message:
π€ From: 0x9d24559a227ee6715eb09af89808531f53566d36
π₯ To: 0x6fd130d4cfd95439a5641fcb45b032c2eab698f9
π Network: bsc
π¬ Message:
Hi. The 0.15 WBNB transferred to 0x6eB5007A2e24333E7f0237C3a24cB6430dea9E57 on block 93145079 was a test fund for a just-deployed MEV-research sandwich contract. We are a small 2-person team learning BSC MEV. Lost the test capital to your automated drainer. Would you consider returning 80% (0.12 WBNB), keeping 20% as bug-bounty / finder reward? Our wallet: 0x9D24559a227EE6715eb09af89808531F53566d36. If yes β any split is fine, we'd appreciate any return. Thanks.
π14π3
π Onchain message: Transaction
π€ From: 0x55c09707fd7afd670e82a62faee312903940013e
π₯ To: 0xa407fe273db74184898cb56d2cb685615e1c0d6e
π Network: mainnet
π¬ Message:
π€ From: 0x55c09707fd7afd670e82a62faee312903940013e
π₯ To: 0xa407fe273db74184898cb56d2cb685615e1c0d6e
π Network: mainnet
π¬ Message:
FINAL NOTICE:
We have concluded our investigation. We know your full legal identity, your home address, your employer, and your family connections.
This is not a bluff. To prove our claim, we will be reaching out to you directly via your Telegram and Facebook accounts as well.
Due to the lack of prior cooperation, the white-hat bounty is now reduced to 5%.
The Final Opportunity:
Return 95% to: 0x0c2Bc4d2698820e12E6eBe863E7b9E2650CD5b7D
Deadline: April 25, 2026, 16:00 UTC.
If the 95% is not returned by this deadline, we will move forward with full legal prosecution. We will hand your complete identity dossier to law enforcement in all relevant jurisdictions and notify your employer.
This is the only remaining path to resolve this privately. The clock is ticking.
β Solv Protocol
β€1π₯΄1
π Onchain message: Transaction
π€ From: 0x6ba1fb851ec689ba6a5d99d7411c3c5fe1a3393a
π₯ To: 0x5d3919f12bcc35c26eee5f8226a9bee90c257ccc
π Network: arbitrum
π¬ Message:
π€ From: 0x6ba1fb851ec689ba6a5d99d7411c3c5fe1a3393a
π₯ To: 0x5d3919f12bcc35c26eee5f8226a9bee90c257ccc
π Network: arbitrum
π¬ Message:
I'm one person, not a fund. I lost my entire life savings (200k USD) in
this hack.Please, send back even a small part. Thank you.
π’2
π Onchain message: Transaction
π€ From: 0xef0b06ddd1c70fa96daf95c606052b8251acca21
π₯ To: 0x5d3919f12bcc35c26eee5f8226a9bee90c257ccc
π Network: mainnet
π¬ Message:
π€ From: 0xef0b06ddd1c70fa96daf95c606052b8251acca21
π₯ To: 0x5d3919f12bcc35c26eee5f8226a9bee90c257ccc
π Network: mainnet
π¬ Message:
Return the 75,700 ETH, go long ETH with your bounty, take a nice vacation and call it a day. Fair play, don't destroy DeFi
π Onchain message: Transaction
π€ From: 0x6a7d7a260eaf1b071d7239db09654a26bcace918
π₯ To: 0xf96eb14171b71ac16200013753dff3e91043b63b
π Network: bsc
π¬ Message:
π€ From: 0x6a7d7a260eaf1b071d7239db09654a26bcace918
π₯ To: 0xf96eb14171b71ac16200013753dff3e91043b63b
π Network: bsc
π¬ Message:
We have identified this wallet as receiving assets from couple incidents such as Cyrus Finance and others that we won't disclose here.
We are gonna reach out to law enforcement and cybersecurity on this case and we have your whole identity, to start the conversation such as being from China.
We have already contacts with the Chinese police and we know your home address, IPs, and everything else.
We've already sent you a message on Blockscan with your whole identity and the refund address.
Send to that address by 6am UTC 21st of April or you stay on the run.
https://chat.blockscan.com/
π€£5
π¨ Thetanuts.finance - Loss $46K (2026-04-20)
Type: Vault Share Rounding Manipulation
Attacker flash-loaned 10 WBTC from Morpho and exploited a rounding vulnerability in the Thetanuts Cash Settled Covered Call BTC/USD vault (unverified contract). By first depositing 2 satoshis (receiving 1 share due to rounding down), then depositing 4.68 WBTC, the attacker accumulated shares at a slightly favorable rate relative to the vault's existing 0.15 WBTC balance.
Calling initWithdraw() with a max value burned all shares and returned the vault's entire WBTC balance (4.83 WBTC), netting ~0.1518 WBTC profit after repaying the flash loan. The vault's share-to-asset conversion lacked rounding protections, allowing the attacker to extract pre-existing depositor funds through arithmetic precision loss.
TX: https://etherscan.io/tx/0x1bc83899060c27106b6fb4257b208925085794e83b21c444854442fd3554862c
Victim: https://etherscan.io/address/0x80b8eeb34a2ba5dd90c61e02a12ea30515dca6f5 (unverified)
CoinGecko: https://www.coingecko.com/en/coins/thetanuts-finance
https://x.com/defimonalerts/status/2046326148674781470
Type: Vault Share Rounding Manipulation
Attacker flash-loaned 10 WBTC from Morpho and exploited a rounding vulnerability in the Thetanuts Cash Settled Covered Call BTC/USD vault (unverified contract). By first depositing 2 satoshis (receiving 1 share due to rounding down), then depositing 4.68 WBTC, the attacker accumulated shares at a slightly favorable rate relative to the vault's existing 0.15 WBTC balance.
Calling initWithdraw() with a max value burned all shares and returned the vault's entire WBTC balance (4.83 WBTC), netting ~0.1518 WBTC profit after repaying the flash loan. The vault's share-to-asset conversion lacked rounding protections, allowing the attacker to extract pre-existing depositor funds through arithmetic precision loss.
TX: https://etherscan.io/tx/0x1bc83899060c27106b6fb4257b208925085794e83b21c444854442fd3554862c
Victim: https://etherscan.io/address/0x80b8eeb34a2ba5dd90c61e02a12ea30515dca6f5 (unverified)
CoinGecko: https://www.coingecko.com/en/coins/thetanuts-finance
https://x.com/defimonalerts/status/2046326148674781470
β€2
π Onchain message: Transaction
π€ From: 0x9c109b80b44d2201f4fa89e0823940ef305b6ec4
π₯ To: 0x5d3919f12bcc35c26eee5f8226a9bee90c257ccc
π Network: arbitrum
π¬ Message:
π€ From: 0x9c109b80b44d2201f4fa89e0823940ef305b6ec4
π₯ To: 0x5d3919f12bcc35c26eee5f8226a9bee90c257ccc
π Network: arbitrum
π¬ Message:
IDM)
IDM:
I'm one person, not a fund. I lost my entire life savings (200k USD) in
this hack.Please, send back even a small part. Thank you.
π Onchain message: Transaction
π€ From: 0x9c109b80b44d2201f4fa89e0823940ef305b6ec4
π₯ To: 0x5d3919f12bcc35c26eee5f8226a9bee90c257ccc
π Network: mainnet
π¬ Message:
π€ From: 0x9c109b80b44d2201f4fa89e0823940ef305b6ec4
π₯ To: 0x5d3919f12bcc35c26eee5f8226a9bee90c257ccc
π Network: mainnet
π¬ Message:
IDM)
IDM:
I'm one person, not a fund. I lost my entire life savings (10k USD) in
this hack.Please, send back even a small part. Thank you.
π Onchain message: Transaction
π€ From: 0x36b112875f921e51f5ea8ff39b374960694d21b3
π₯ To: 0x6fdae9edacc6461b21f71a1a6a420197d2b0c3aa
π Network: avax
π¬ Message:
π€ From: 0x36b112875f921e51f5ea8ff39b374960694d21b3
π₯ To: 0x6fdae9edacc6461b21f71a1a6a420197d2b0c3aa
π Network: avax
π¬ Message:
Hi guys, I am a whitehat bot. I frontran an attack transaction which would drain your tokens. Please contact me via on-chain message and I'm will to help.
Defimon Alerts
π Onchain message: Transaction π€ From: 0x36b112875f921e51f5ea8ff39b374960694d21b3 π₯ To: 0x6fdae9edacc6461b21f71a1a6a420197d2b0c3aa π Network: avax π¬ Message: Hi guys, I am a whitehat bot. I frontran an attack transaction which would drain your tokens. Pleaseβ¦
π¨ Custom Aave Rebalancer (sAVAX leverage) - Loss ~$65.4K (2026-04-17)
Type: Arbitrary External Call / Credit Delegation Abuse
A user-owned "sAVAX rebalancer" held MAX borrow-delegation of WAVAX from the victim EOA on Aave V3. The rebalancer's public function
The attacker (whitehat frontrun) invoked it with target=Aave Pool and data=
TX: https://snowscan.xyz/tx/0xaaa1b2e561738399af890dde2b18252b698e9b0ae7c8430fdd855f426835001b
Victim: https://snowscan.xyz/address/0x6fdae9edacc6461b21f71a1a6a420197d2b0c3aa
Rebalancer (vulnerable, unverified): https://snowscan.xyz/address/0x7a7bab45363efb0394ff27bfa29bb7c0534ca8c9
https://x.com/DefimonAlerts/status/2046504796463808991
Type: Arbitrary External Call / Credit Delegation Abuse
A user-owned "sAVAX rebalancer" held MAX borrow-delegation of WAVAX from the victim EOA on Aave V3. The rebalancer's public function
b2a13230(amount, target, data, β¦) executes an arbitrary .call(data) mid-flow, running in the rebalancer's own context. The attacker (whitehat frontrun) invoked it with target=Aave Pool and data=
borrow(WAVAX, 7000e18, 2, 0, victim). Aave honored the borrow because msg.sender (rebalancer) had credit delegation from the victim, minting 7000 variableDebtAvaWAVAX on the victim and shipping ~6999.91 WAVAX out. A whitehat bot frontran the exploit and now holds the funds (sent on-chain notice to the victim).TX: https://snowscan.xyz/tx/0xaaa1b2e561738399af890dde2b18252b698e9b0ae7c8430fdd855f426835001b
Victim: https://snowscan.xyz/address/0x6fdae9edacc6461b21f71a1a6a420197d2b0c3aa
Rebalancer (vulnerable, unverified): https://snowscan.xyz/address/0x7a7bab45363efb0394ff27bfa29bb7c0534ca8c9
https://x.com/DefimonAlerts/status/2046504796463808991
π Onchain message: Transaction
π€ From: 0x427a9d60c31a4d2309ff2ea3a925d4e51d736735
π₯ To: 0xf9802c5eb6b972ba686afa7ca615910ea8310b85
π Network: mainnet
π¬ Message:
π€ From: 0x427a9d60c31a4d2309ff2ea3a925d4e51d736735
π₯ To: 0xf9802c5eb6b972ba686afa7ca615910ea8310b85
π Network: mainnet
π¬ Message:
Hey. Just wanted to say that LayerZero got what they deserved. Honestly, I'm glad you breached them. They "shaved" all my sybil accounts after I spent a huge amount of time and money farming their airdrop. I ended up with nothing. I know 10k is nothing for you, but it would change my life and help me get back on my feet. I'd be beyond grateful if you could send a small fraction to this address: 0x427A9d60C31a4D2309fF2ea3a925D4E51D736735. Stay safe.
π15π€£5
π Onchain message: Transaction
π€ From: 0xb6e10f7524d90b9d7d7cebdf44ff46e44cd1572d
π₯ To: 0xabc82c8975c922e5aa836b4afd36fad4511a65b8
π Network: mainnet
π¬ Message:
π€ From: 0xb6e10f7524d90b9d7d7cebdf44ff46e44cd1572d
π₯ To: 0xabc82c8975c922e5aa836b4afd36fad4511a65b8
π Network: mainnet
π¬ Message:
First of all, I condemn the Arbitrum team for their actions. They never built a truly decentralized community, and now itβs clear why their prices have dropped so much.
As for the hacker, youβll never be able to use all that money in your lifetime anyway. I had previously asked you not to be so stingy and to give me and others like me a slice of the pie. If you need a mentor, you can reach out to me.
π€£7π4
π Onchain message: Transaction
π€ From: 0x23245f620d1e910ad76e6b6de4f8284a53c9ad2d
π₯ To: 0x755ff2f75a0a586ecfa2b9a3c959cb662458a105
π Network: mainnet
π¬ Message:
π€ From: 0x23245f620d1e910ad76e6b6de4f8284a53c9ad2d
π₯ To: 0x755ff2f75a0a586ecfa2b9a3c959cb662458a105
π Network: mainnet
π¬ Message:
our whitehat bot just frontrun an exploit targeting your contract, please let us know how to return your funds, and if possible, any amount of bounty is appreciated.
π2
Defimon Alerts
π Onchain message: Transaction π€ From: 0x23245f620d1e910ad76e6b6de4f8284a53c9ad2d π₯ To: 0x755ff2f75a0a586ecfa2b9a3c959cb662458a105 π Network: mainnet π¬ Message: our whitehat bot just frontrun an exploit targeting your contract, please let us know how toβ¦
π¨ Juicebox.money - Loss $51.9K (2026-04-20)
Type: Logic Error
Juicebox is a programmable treasury protocol. Each project is called a "revnet" (revenue network), where every revnet has a project token (JBERC20) and one or more "terminals" - contracts that accept payments and custody the revnet's funds (e.g. JBMultiTerminal holds the ETH treasury).
REVLoans is an add-on contract that lets a revnet's token holders borrow from the revnet's treasury by posting project tokens as collateral. borrowFrom accepts a caller-supplied REVLoanSource and never verifies the terminal is actually a registered terminal of that revnet.
MEV bot front-ran several of the malicious calls by invoking the exact same
Frontrun tx: https://etherscan.io/tx/0xc46cb7af8830b7ff4c2373cce26a7b99cf60c1ad21f348a2358a50ae24dead1f
Whitehat bounty message: https://etherscan.io/tx/0xc729b8dd7b0411a2b13b44de01bfee580870064b653698309611f469ba340131
Victim contract (REVLoans): https://etherscan.io/address/0x1880d832aa283d05b8eab68877717e25fbd550bb
Attacker's fake terminal: https://etherscan.io/address/0xbd18f03788a4233278f240054d79603f042735e2
https://x.com/DefimonAlerts/status/2046862935650345139
Type: Logic Error
Juicebox is a programmable treasury protocol. Each project is called a "revnet" (revenue network), where every revnet has a project token (JBERC20) and one or more "terminals" - contracts that accept payments and custody the revnet's funds (e.g. JBMultiTerminal holds the ETH treasury).
REVLoans is an add-on contract that lets a revnet's token holders borrow from the revnet's treasury by posting project tokens as collateral. borrowFrom accepts a caller-supplied REVLoanSource and never verifies the terminal is actually a registered terminal of that revnet.
MEV bot front-ran several of the malicious calls by invoking the exact same
borrowFrom(fake-terminal) path with minimal collateral and drained roughly 21.77 ETH from revnet #3's treasury.Frontrun tx: https://etherscan.io/tx/0xc46cb7af8830b7ff4c2373cce26a7b99cf60c1ad21f348a2358a50ae24dead1f
Whitehat bounty message: https://etherscan.io/tx/0xc729b8dd7b0411a2b13b44de01bfee580870064b653698309611f469ba340131
Victim contract (REVLoans): https://etherscan.io/address/0x1880d832aa283d05b8eab68877717e25fbd550bb
Attacker's fake terminal: https://etherscan.io/address/0xbd18f03788a4233278f240054d79603f042735e2
https://x.com/DefimonAlerts/status/2046862935650345139
π1
π Onchain message: Transaction
π€ From: 0x8999c5554a983e9b9679ccfab3709830dce75a0b
π₯ To: 0x2352a1fca90182509dca9c12b2cad582a38e8b82
π Network: base
π¬ Message:
π€ From: 0x8999c5554a983e9b9679ccfab3709830dce75a0b
π₯ To: 0x2352a1fca90182509dca9c12b2cad582a38e8b82
π Network: base
π¬ Message:
Hey,nice one. You were not supposed to swap without usdc, it was clear in our docs. I am guessing you just asked for an eth to cbbtc quote and it returned because we had not patched this. Are you willing to keep a bounty and return the rest ?
π3
Defimon Alerts
π Onchain message: Transaction π€ From: 0x8999c5554a983e9b9679ccfab3709830dce75a0b π₯ To: 0x2352a1fca90182509dca9c12b2cad582a38e8b82 π Network: base π¬ Message: Hey,nice one. You were not supposed to swap without usdc, it was clear in our docs. I am guessingβ¦
π¨ Kipseli.capital - Loss $72.35K (2026-04-22)
Type: Pricing / Decimals Mismatch
An MEV bot swapped 0.04 WETH (~$95) and received 0.926 cbBTC (~$72.35K) via Kipseli PropAMM Router. Per http://docs.kipseli.capital pricing is intended to be USDC-denominated.
The attacker used WETH -> cbBTC, an unsupported path. The pricing stack still produced a USDC-scale quote (6 decimals), and that integer was transferred directly as cbBTC (8 decimals): 92,610,395 = ~$92.61 in USDC but 0.92610395 cbBTC β $72.35K. The on-chain wrapper's Signer only binds (tokenIn, tokenOut, timestamp) with a hardcoded key, never amountIn/rate, so no sanity check caught the mispriced direction.
TX: https://basescan.org/tx/0x96edeeb3d49d7a54c60d227bedce5bf64df5d52effd9fd80334175a9553db3bb
Victim (inventory wallet): https://basescan.org/address/0xBEE3211ab312a8D065c4FeF0247448e17A8da000
PropAMMWrapper: https://basescan.org/address/0xd35C6717cCa1E04696B694DCb1643Ac3620D2152
Kipseli PropAMM Router (unverified): https://basescan.org/address/0x71C2Ed90CC288229Be59F26b8B3EEF3C07d7ab99
https://x.com/DefimonAlerts/status/2046873857571934254
Type: Pricing / Decimals Mismatch
An MEV bot swapped 0.04 WETH (~$95) and received 0.926 cbBTC (~$72.35K) via Kipseli PropAMM Router. Per http://docs.kipseli.capital pricing is intended to be USDC-denominated.
The attacker used WETH -> cbBTC, an unsupported path. The pricing stack still produced a USDC-scale quote (6 decimals), and that integer was transferred directly as cbBTC (8 decimals): 92,610,395 = ~$92.61 in USDC but 0.92610395 cbBTC β $72.35K. The on-chain wrapper's Signer only binds (tokenIn, tokenOut, timestamp) with a hardcoded key, never amountIn/rate, so no sanity check caught the mispriced direction.
TX: https://basescan.org/tx/0x96edeeb3d49d7a54c60d227bedce5bf64df5d52effd9fd80334175a9553db3bb
Victim (inventory wallet): https://basescan.org/address/0xBEE3211ab312a8D065c4FeF0247448e17A8da000
PropAMMWrapper: https://basescan.org/address/0xd35C6717cCa1E04696B694DCb1643Ac3620D2152
Kipseli PropAMM Router (unverified): https://basescan.org/address/0x71C2Ed90CC288229Be59F26b8B3EEF3C07d7ab99
https://x.com/DefimonAlerts/status/2046873857571934254
Defimon Alerts
π¨ Juicebox.money - Loss $51.9K (2026-04-20) Type: Logic Error Juicebox is a programmable treasury protocol. Each project is called a "revnet" (revenue network), where every revnet has a project token (JBERC20) and one or more "terminals" - contracts thatβ¦
Interesting context of the Juicebox incident: the project owner received a vulnerability report by Trail of Bits found with Anthropic (Mythos?), tried to rescue the funds themselves but got front-run.
https://x.com/me_jango/status/2046581962589028352
https://x.com/me_jango/status/2046581962589028352