PolyNetwork attack details by BlockSec https://docs.google.com/spreadsheets/u/1/d/1X5QF_ipMm8YnYj86Qvy8XXFvao3HwYgrEoOHBRBvZVM

[Multichain Drain/Rugpull]

Summary
Multichain MPC bridges had assets unexpectedly transferred out totaling over 100MM

Current status
Multichain team has confirmed that this was not expected and urges users to cease usage and revoke approvals. It does appear that the bridge is still processing some withdrawals successfully.

Timeline (all times UTC)
2023/07/06
4:21 PM - First suspicious transaction is sent (https://etherscan.io/tx/0xde3eed5656263b85d43a89f1d2f6af8fde0d93e49f4642053164d773507323f8)
6:33 PM - 30MM WBTC withdrawn from Multichain bridge, among others (https://etherscan.io/tx/0x448f2a6a6c071cdce254937e06305a033538e1aeb9339227d0e59e0458e6185c)
7:06 PM - PeckShield tweets (https://twitter.com/peckshield/status/1677031203772289030)
7:35 PM - LayerZero confirms that they're not directly involved
7:46 PM - Multichain Moonriver bridge begins being drained (https://etherscan.io/tx/0xf830239f39ff21b8634e28cf3fea730069982478465ee5c3ba8e8706d0cef50f)
8:05 PM - Multichain Dogechain bridge begins being drained (https://etherscan.io/tx/0x6bbc867004b4c6650f2b55131955075c4109c32138753147eb142fa431cc84c9)
11:27 PM - Multichain releases a statement stating that this was not intentional and the team is investigating (https://twitter.com/MultichainOrg/status/1677096839731097600)
2023/07/07
4:55 PM - Circle blacklists suspicious addresses (https://etherscan.io/tx/0x5a6ccaebe4e97298e27a40d8dd3fc59661935694c7a96b28c0de1165a725d3fc)
2023/07/08
7:18 AM - Tether blacklists suspicious addresses (https://etherscan.io/tx/0x9abf667f697ffccc2f2036aede9b335b7a732d9e3a9b1b94d70bbb3178c98c60)
2023/07/09
7:30 PM - Multichain MPC begins unexpectedly withdrawing anyUSDT (https://etherscan.io/tx/0x04a1ed178fce750a83878631df64592e4ff78717f1a59b51edc6a0e675c647ec)

[Aptos Twitter Hack]

Summary
@Aptos_Network and @moshaikhs Twitter accounts were compromised

Current status
Accounts have been recovered

Timeline
2023/07/06
7:52 PM UTC - @Aptos_Network tweets phishing link
8:04 PM UTC - Phishing URL merged into Metamask blocklist
8:13 PM UTC - Phantom is now blocking the phishing URL
~11:00 PM UTC - The accounts seem to have been recovered

https://twitter.com/hexagate_/status/1678669303623680002

Sus tx: https://polygonscan.com/tx/0x7320accea0ef1d7abca8100c82223533b624c82d3e8d445954731495d4388483

Someone found a low hanging fruit on the mainnet:

https://twitter.com/DecurityHQ/status/1680117291013267456

https://etherscan.io/tx/0xfc872bf5ca8f04b18b82041ec563e4abf2e31e1fc27d1ea5dee39bc8a79d2d06

Two tokens "9419" and "6827" deployed on BSC were just hacked for around $150k using a flashloan:

https://twitter.com/DecurityHQ/status/1680544938725892096

An attacker did a few mistakes before pulling off a successful tx: https://bscscan.com/address/0x6b7112097404e3d956195f04f75d0e48eb5a9858

APEDAO has just been hacked for $7k:

https://twitter.com/DecurityHQ/status/1681307025391906816

https://bscscan.com/tx/0x8d35dfd9968ce61fb969ffe8dcc29eeeae864e466d2cb0b7d26ce63644691994

[Hayden Twitter Hack]

Summary
@haydenzadams Twitter account was compromised

Current Status
Account has been recovered

Timeline
2023/07/20
8:08 PM - Initial report
8:16 PM - Blocked in Metamask
8:26 PM - Blocked in Coinbase Wallet
8:36 PM - New phishing link tweeted
8:38 PM - Blocked in Coinbase Wallet
8:42 PM - New phishing link
8:43 PM - Blocked in Coinbase Wallet
8:50 PM - Blocked in Metamask
2023/07/21
12:17 AM - Account recovered

[Conic Finance Hacked]

Summary
Conic Finance was hacked for ~3MM

Current Status
Triaging

Timeline
10:35 AM - Hack tx (https://etherscan.io/tx/0x8b74995d1d61d3d7547575649136b8765acb22882960f0636941c44ec7bbe146)

JPEGd pETH has just been hacked due to a reentrancy in a Curve pool for 11 million USD.

https://twitter.com/DecurityHQ/status/1685646377198505985

The attacker was frontrunned by a MEV bot: https://etherscan.io/tx/0xa84aa065ce61dbb1eb50ab6ae67fc31a9da50dd2c74eefd561661bfce2f1620c

Alchemix and Metronome DAO also been hacked due to a missing reentrancy locks on remove_liquidity and add_liquidity possibly due to a bug on an old Vyper compilers: https://twitter.com/hexagate_/status/1685677801813217280

Uwerx network (https://www.uwerx.network/) compromised (or rugged?) a few minutes ago: https://twitter.com/hexagate_/status/1686660090072379392