Web3 Security Alerts
3.68K subscribers
1 photo
11 links
A channel for various Web3 security people to share alerts as an alternative to Twitter
Download Telegram
Channel created
๐Ÿ‘8โค2๐Ÿ˜ฑ2๐Ÿ‘Œ1
โค8๐Ÿ‘Œ5๐Ÿค4
[Multichain Drain/Rugpull]

Summary
Multichain MPC bridges had assets unexpectedly transferred out totaling over 100MM

Current status
Multichain team has confirmed that this was not expected and urges users to cease usage and revoke approvals. It does appear that the bridge is still processing some withdrawals successfully.

Timeline (all times UTC)
2023/07/06
4:21 PM - First suspicious transaction is sent (https://etherscan.io/tx/0xde3eed5656263b85d43a89f1d2f6af8fde0d93e49f4642053164d773507323f8)
6:33 PM - 30MM WBTC withdrawn from Multichain bridge, among others (https://etherscan.io/tx/0x448f2a6a6c071cdce254937e06305a033538e1aeb9339227d0e59e0458e6185c)
7:06 PM - PeckShield tweets (https://twitter.com/peckshield/status/1677031203772289030)
7:35 PM - LayerZero confirms that they're not directly involved
7:46 PM - Multichain Moonriver bridge begins being drained (https://etherscan.io/tx/0xf830239f39ff21b8634e28cf3fea730069982478465ee5c3ba8e8706d0cef50f)
8:05 PM - Multichain Dogechain bridge begins being drained (https://etherscan.io/tx/0x6bbc867004b4c6650f2b55131955075c4109c32138753147eb142fa431cc84c9)
11:27 PM - Multichain releases a statement stating that this was not intentional and the team is investigating (https://twitter.com/MultichainOrg/status/1677096839731097600)
2023/07/07
4:55 PM - Circle blacklists suspicious addresses (https://etherscan.io/tx/0x5a6ccaebe4e97298e27a40d8dd3fc59661935694c7a96b28c0de1165a725d3fc)
2023/07/08
7:18 AM - Tether blacklists suspicious addresses (https://etherscan.io/tx/0x9abf667f697ffccc2f2036aede9b335b7a732d9e3a9b1b94d70bbb3178c98c60)
2023/07/09
7:30 PM - Multichain MPC begins unexpectedly withdrawing anyUSDT (https://etherscan.io/tx/0x04a1ed178fce750a83878631df64592e4ff78717f1a59b51edc6a0e675c647ec)
โค24๐Ÿ‘Œ7๐ŸŒš5๐Ÿ‘พ5๐Ÿ—ฟ3โšก1
[Aptos Twitter Hack]

Summary
@Aptos_Network and @moshaikhs Twitter accounts were compromised

Current status
Accounts have been recovered

Timeline
2023/07/06
7:52 PM UTC - @Aptos_Network tweets phishing link
8:04 PM UTC - Phishing URL merged into Metamask blocklist
8:13 PM UTC - Phantom is now blocking the phishing URL
~11:00 PM UTC - The accounts seem to have been recovered
๐Ÿคฃ20๐Ÿ˜ญ6๐Ÿ‘พ3๐Ÿ‘1๐Ÿ‘Œ1๐Ÿคจ1
Two tokens "9419" and "6827" deployed on BSC were just hacked for around $150k using a flashloan:

https://twitter.com/DecurityHQ/status/1680544938725892096

An attacker did a few mistakes before pulling off a successful tx: https://bscscan.com/address/0x6b7112097404e3d956195f04f75d0e48eb5a9858
๐Ÿ‘9๐Ÿฅด7
[Hayden Twitter Hack]

Summary
@haydenzadams Twitter account was compromised

Current Status
Account has been recovered

Timeline
2023/07/20
8:08 PM - Initial report
8:16 PM - Blocked in Metamask
8:26 PM - Blocked in Coinbase Wallet
8:36 PM - New phishing link tweeted
8:38 PM - Blocked in Coinbase Wallet
8:42 PM - New phishing link
8:43 PM - Blocked in Coinbase Wallet
8:50 PM - Blocked in Metamask
2023/07/21
12:17 AM - Account recovered
๐Ÿฅด30๐Ÿฆ„27๐Ÿ‘พ4๐Ÿ‘Œ3โค2
[Conic Finance Hacked]

Summary
Conic Finance was hacked for ~3MM

Current Status
Triaging

Timeline
10:35 AM - Hack tx (https://etherscan.io/tx/0x8b74995d1d61d3d7547575649136b8765acb22882960f0636941c44ec7bbe146)
๐Ÿซก12๐Ÿ˜ฑ6โค2๐Ÿ”ฅ2๐Ÿ‘พ2๐Ÿ‘1๐Ÿ‘1
JPEGd pETH has just been hacked due to a reentrancy in a Curve pool for 11 million USD.

https://twitter.com/DecurityHQ/status/1685646377198505985

The attacker was frontrunned by a MEV bot: https://etherscan.io/tx/0xa84aa065ce61dbb1eb50ab6ae67fc31a9da50dd2c74eefd561661bfce2f1620c
๐Ÿ˜ฑ14๐Ÿคทโ€โ™‚6๐Ÿฅด6โค1๐Ÿ‘1
Alchemix and Metronome DAO also been hacked due to a missing reentrancy locks on remove_liquidity and add_liquidity possibly due to a bug on an old Vyper compilers: https://twitter.com/hexagate_/status/1685677801813217280
๐Ÿคฏ23๐Ÿคฃ7๐Ÿ‘1
Uwerx network (https://www.uwerx.network/) compromised (or rugged?) a few minutes ago: https://twitter.com/hexagate_/status/1686660090072379392
๐Ÿคฃ7๐Ÿ˜ฑ5๐Ÿ‘3โค1๐Ÿ˜1๐Ÿ˜ข1