PolyNetwork attack details by BlockSec https://docs.google.com/spreadsheets/u/1/d/1X5QF_ipMm8YnYj86Qvy8XXFvao3HwYgrEoOHBRBvZVM
Google Docs
PolyNetwork Attack Profit Statistics
[Multichain Drain/Rugpull]
Summary
Multichain MPC bridges had assets unexpectedly transferred out totaling over 100MM
Current status
Multichain team has confirmed that this was not expected and urges users to cease usage and revoke approvals. It does appear that the bridge is still processing some withdrawals successfully.
Timeline (all times UTC)
2023/07/06
4:21 PM - First suspicious transaction is sent (https://etherscan.io/tx/0xde3eed5656263b85d43a89f1d2f6af8fde0d93e49f4642053164d773507323f8)
6:33 PM - 30MM WBTC withdrawn from Multichain bridge, among others (https://etherscan.io/tx/0x448f2a6a6c071cdce254937e06305a033538e1aeb9339227d0e59e0458e6185c)
7:06 PM - PeckShield tweets (https://twitter.com/peckshield/status/1677031203772289030)
7:35 PM - LayerZero confirms that they're not directly involved
7:46 PM - Multichain Moonriver bridge begins being drained (https://etherscan.io/tx/0xf830239f39ff21b8634e28cf3fea730069982478465ee5c3ba8e8706d0cef50f)
8:05 PM - Multichain Dogechain bridge begins being drained (https://etherscan.io/tx/0x6bbc867004b4c6650f2b55131955075c4109c32138753147eb142fa431cc84c9)
11:27 PM - Multichain releases a statement stating that this was not intentional and the team is investigating (https://twitter.com/MultichainOrg/status/1677096839731097600)
2023/07/07
4:55 PM - Circle blacklists suspicious addresses (https://etherscan.io/tx/0x5a6ccaebe4e97298e27a40d8dd3fc59661935694c7a96b28c0de1165a725d3fc)
2023/07/08
7:18 AM - Tether blacklists suspicious addresses (https://etherscan.io/tx/0x9abf667f697ffccc2f2036aede9b335b7a732d9e3a9b1b94d70bbb3178c98c60)
2023/07/09
7:30 PM - Multichain MPC begins unexpectedly withdrawing anyUSDT (https://etherscan.io/tx/0x04a1ed178fce750a83878631df64592e4ff78717f1a59b51edc6a0e675c647ec)
Summary
Multichain MPC bridges had assets unexpectedly transferred out totaling over 100MM
Current status
Multichain team has confirmed that this was not expected and urges users to cease usage and revoke approvals. It does appear that the bridge is still processing some withdrawals successfully.
Timeline (all times UTC)
2023/07/06
4:21 PM - First suspicious transaction is sent (https://etherscan.io/tx/0xde3eed5656263b85d43a89f1d2f6af8fde0d93e49f4642053164d773507323f8)
6:33 PM - 30MM WBTC withdrawn from Multichain bridge, among others (https://etherscan.io/tx/0x448f2a6a6c071cdce254937e06305a033538e1aeb9339227d0e59e0458e6185c)
7:06 PM - PeckShield tweets (https://twitter.com/peckshield/status/1677031203772289030)
7:35 PM - LayerZero confirms that they're not directly involved
7:46 PM - Multichain Moonriver bridge begins being drained (https://etherscan.io/tx/0xf830239f39ff21b8634e28cf3fea730069982478465ee5c3ba8e8706d0cef50f)
8:05 PM - Multichain Dogechain bridge begins being drained (https://etherscan.io/tx/0x6bbc867004b4c6650f2b55131955075c4109c32138753147eb142fa431cc84c9)
11:27 PM - Multichain releases a statement stating that this was not intentional and the team is investigating (https://twitter.com/MultichainOrg/status/1677096839731097600)
2023/07/07
4:55 PM - Circle blacklists suspicious addresses (https://etherscan.io/tx/0x5a6ccaebe4e97298e27a40d8dd3fc59661935694c7a96b28c0de1165a725d3fc)
2023/07/08
7:18 AM - Tether blacklists suspicious addresses (https://etherscan.io/tx/0x9abf667f697ffccc2f2036aede9b335b7a732d9e3a9b1b94d70bbb3178c98c60)
2023/07/09
7:30 PM - Multichain MPC begins unexpectedly withdrawing anyUSDT (https://etherscan.io/tx/0x04a1ed178fce750a83878631df64592e4ff78717f1a59b51edc6a0e675c647ec)
Ethereum (ETH) Blockchain Explorer
Ethereum Transaction Hash (Txhash) Details | Etherscan
Ethereum (ETH) detailed transaction info for txhash 0xde3eed5656263b85d43a89f1d2f6af8fde0d93e49f4642053164d773507323f8. The transaction status, block confirmation, gas fee, Ether (ETH), and token transfer are shown.
[Aptos Twitter Hack]
Summary
@Aptos_Network and @moshaikhs Twitter accounts were compromised
Current status
Accounts have been recovered
Timeline
2023/07/06
7:52 PM UTC - @Aptos_Network tweets phishing link
8:04 PM UTC - Phishing URL merged into Metamask blocklist
8:13 PM UTC - Phantom is now blocking the phishing URL
~11:00 PM UTC - The accounts seem to have been recovered
Summary
@Aptos_Network and @moshaikhs Twitter accounts were compromised
Current status
Accounts have been recovered
Timeline
2023/07/06
7:52 PM UTC - @Aptos_Network tweets phishing link
8:04 PM UTC - Phishing URL merged into Metamask blocklist
8:13 PM UTC - Phantom is now blocking the phishing URL
~11:00 PM UTC - The accounts seem to have been recovered
Someone found a low hanging fruit on the mainnet:
https://twitter.com/DecurityHQ/status/1680117291013267456
https://etherscan.io/tx/0xfc872bf5ca8f04b18b82041ec563e4abf2e31e1fc27d1ea5dee39bc8a79d2d06
https://twitter.com/DecurityHQ/status/1680117291013267456
https://etherscan.io/tx/0xfc872bf5ca8f04b18b82041ec563e4abf2e31e1fc27d1ea5dee39bc8a79d2d06
Ethereum (ETH) Blockchain Explorer
Ethereum Transaction Hash (Txhash) Details | Etherscan
Ethereum (ETH) detailed transaction info for txhash 0xfc872bf5ca8f04b18b82041ec563e4abf2e31e1fc27d1ea5dee39bc8a79d2d06. The transaction status, block confirmation, gas fee, Ether (ETH), and token transfer are shown.
Two tokens "9419" and "6827" deployed on BSC were just hacked for around $150k using a flashloan:
https://twitter.com/DecurityHQ/status/1680544938725892096
An attacker did a few mistakes before pulling off a successful tx: https://bscscan.com/address/0x6b7112097404e3d956195f04f75d0e48eb5a9858
https://twitter.com/DecurityHQ/status/1680544938725892096
An attacker did a few mistakes before pulling off a successful tx: https://bscscan.com/address/0x6b7112097404e3d956195f04f75d0e48eb5a9858
BNB Smart Chain Explorer
Address 0x6b7112097404e3d956195f04f75d0e48eb5a9858 | BscScan
The Address 0x6b7112097404e3d956195f04f75d0e48eb5a9858 page allows users to view transactions, balances, token holdings and transfers of BEP-20, BEP-721 and BEP-1155 (NFT) tokens, and analytics.
[Hayden Twitter Hack]
Summary
@haydenzadams Twitter account was compromised
Current Status
Account has been recovered
Timeline
2023/07/20
8:08 PM - Initial report
8:16 PM - Blocked in Metamask
8:26 PM - Blocked in Coinbase Wallet
8:36 PM - New phishing link tweeted
8:38 PM - Blocked in Coinbase Wallet
8:42 PM - New phishing link
8:43 PM - Blocked in Coinbase Wallet
8:50 PM - Blocked in Metamask
2023/07/21
12:17 AM - Account recovered
Summary
@haydenzadams Twitter account was compromised
Current Status
Account has been recovered
Timeline
2023/07/20
8:08 PM - Initial report
8:16 PM - Blocked in Metamask
8:26 PM - Blocked in Coinbase Wallet
8:36 PM - New phishing link tweeted
8:38 PM - Blocked in Coinbase Wallet
8:42 PM - New phishing link
8:43 PM - Blocked in Coinbase Wallet
8:50 PM - Blocked in Metamask
2023/07/21
12:17 AM - Account recovered
[Conic Finance Hacked]
Summary
Conic Finance was hacked for ~3MM
Current Status
Triaging
Timeline
10:35 AM - Hack tx (https://etherscan.io/tx/0x8b74995d1d61d3d7547575649136b8765acb22882960f0636941c44ec7bbe146)
Summary
Conic Finance was hacked for ~3MM
Current Status
Triaging
Timeline
10:35 AM - Hack tx (https://etherscan.io/tx/0x8b74995d1d61d3d7547575649136b8765acb22882960f0636941c44ec7bbe146)
JPEGd pETH has just been hacked due to a reentrancy in a Curve pool for 11 million USD.
https://twitter.com/DecurityHQ/status/1685646377198505985
The attacker was frontrunned by a MEV bot: https://etherscan.io/tx/0xa84aa065ce61dbb1eb50ab6ae67fc31a9da50dd2c74eefd561661bfce2f1620c
https://twitter.com/DecurityHQ/status/1685646377198505985
The attacker was frontrunned by a MEV bot: https://etherscan.io/tx/0xa84aa065ce61dbb1eb50ab6ae67fc31a9da50dd2c74eefd561661bfce2f1620c
Alchemix and Metronome DAO also been hacked due to a missing reentrancy locks on remove_liquidity and add_liquidity possibly due to a bug on an old Vyper compilers: https://twitter.com/hexagate_/status/1685677801813217280
Uwerx network (https://www.uwerx.network/) compromised (or rugged?) a few minutes ago: https://twitter.com/hexagate_/status/1686660090072379392