Discover and read the best of Twitter Threads about #flashloan

Most recents (10)

According to @numencyber on-chain data monitoring, at 10:48:03 PM +UTC on Feb-16-2023, the #StarlinkCoin contract on the #BNBChain was attacked by a #flashloan..../.resulting in a loss of 38 $BNB (~$12,000)

Attacker address: bscscan.com/address/0x1874…
👉 The attack occurred when the #StarlinkCoin contract used the "transfer" function to transfer funds, which incurs a fee when funds come from the LP contract. Image
Read 4 tweets
A #flashloan attack on @UpswingFinance resulted in the loss of ~22 ETH (~$35.5K)

The project has appeared inactive since Oct. 2020 and was attacked using price manipulation.

A thread👇 Image
It was a price manipulation attack caused due to the design flaw of the $UPStkn token - the _transfer function of the token.

The attack occurred in three key steps👇 Image
1) the attacker uses 18 swaps to lift $UPStkn's sell pressure. Also, during the swaps, the attacker swaps 1.31 Ether for 136,299.97 UPStkn. Image
Read 5 tweets
#Flashloan
Beosin EagleEye monitored a flashloan attack on MooCakeCTX contract. The loss is ~$140K.
There is no time restrictions on collateral and rewards, and the prevention of caller is not comprehensive enough, enabling the attacker to increase dividends via flashloan. Image
2/ Tx:
bscscan.com/tx/0x03d363462…

The attacker flashloaned $BUSD and swapped into vBUSD and then into $CAKE, as only $CAKE can be used as collateral in StrategySyrup. The $CTK are prepared at the same time, so that smartchef function can call a successfully performed transfer. ImageImage
3/ After calling deposit function, the hacker called harvest function. Here the call address is the attack contract. The harvest function judges whether the call address is an EOA address, but when the initiating call in the case of the constructor, iscontract() can be bypassed. ImageImageImage
Read 6 tweets
#BeosinAlert #Flashloan
$PLTD suffers a price manipulation attack with a profit of 24,497 $BUSD for the hacker.
(Tx provided by @bbbb)

TX:0x8385625e9d8011f4ad5d023d64dc7985f0315b6a4be37424c7212fe4c10dafe0

Attacker’s address:0x6ded5927f2408a8d115da389b3fe538990e93c5b
The attacker mainly exploits the vulnerability in the PLTD contract to reduce the balance of PLTDs in Case-LP (0x4397c7) to 1 via flashloan, and then uses the $PLTD to swap all the $BUSD into the attack contract.
Step 1: The attacker initiates 2 flashloans through DODO and borrows $666,000 BUSD. Image
Read 12 tweets
GM! Here's the daily summary of trending projects on crypto GitHub. Curated by the greatest web3 developers ⭐️.

Check the 8 projects in the thread below 🧵👇🏻
abigger87 and 5 others starred repo whitenois3/flashloan-rs (3 ⭐️)

Minimal Multicall3 Flashloan Module...
#arbitrage #ethereum #flashloan #rust

github.com/whitenois3/fla…
dcbuild3r and 5 others starred repo diptools/dip (214 ⭐️)

Write cross-platform application with React-like declarative UI and scalable ECS arch...
#bevy-engine #desktop-app #dioxus #rust #cross-platform #bevy-plugin #declarative-ui #framework #ecs

github.com/diptools/dip
Read 9 tweets
#Flashloan
On July 10, @OMNI_xyz OMNI protocol suffered a reentrancy attack. The hacker made a profit of ~496 $ETH and deposited into Tornado.cash.
We take one of the attack Txs (0x05d65e0adddc5d9ccfe6cd65be4a7899ebcb6e5ec7a39787971bcc3d6ba73996) as an example:
2/ The attacker first borrowed 1,000 $WETH and 20 #Doodles via flashloan and staked NFTs with ids 720, 5251 and 7425, obtained the corresponding digital receipts and then borrowed 12.15 WETH.
3/ Then call the withdrawERC721 function to withdraw the NFTs with ids 720 and 5251. This will call Ntoken contract’s burn function, which internally calls the safeTransferFrom function to send the NFTs to the attack contract and calls back the onERC721Received function. ImageImage
Read 6 tweets
We are seeing a possible exploit on @BeanstalkFarms - symbol $BEAN which has dropped 100%

#slippage

Address: 0xdc59ac4fefa32293a95889dc396682858d52e5db0x48f33863b1defc7b294717498c634ba9a5fb58a7

Be careful out there! Image
Flashloan attack on Beanstalk has drained their fund of approx $100 Million

Attacker wallet: etherscan.io/txs?a=0x1c5dcd…

“Publius” the discord owner has stated the project has no money to carry on and ‘its dead’.
The hacker has moved roughly $30M (~9700 #ETH) to @TornadoCash

Follow the funds yourself with SkyTrace: certik.com/skytrace/eth:0… Image
Read 8 tweets
#CommunityAlert 🚨

@ElephantStatus's Treasury contract experienced a #flashloan attack leading to a loss of around $11M. The Treasury contract is unverified and unaudited.

bscscan.com/address/0xd520…
The attacker took advantage of the redeem mechanism of the $TRUNK token, manipulated the price oracle to empower the token return, and stole ELEPHANT from the unverified Treasury contract.

Attack Steps 👇
1. The attacker deployed an attacker contract and borrowed $WBNB and $BUSD using flashloan from multiple pair pools.

2. Most of the borrowed WBNB was swapped for ELEPHANT to raise the price of ELEPHANT.
Read 6 tweets
#Thread comment passer de 500$ à 3 Million$ en à peine 2H 👀

Si vous êtes du genre à suivre bêtement ce qu'on vous dit n'allez pas plus loin vous allez être frustré.

Si vous êtes curieux, là pour la tech, avec l'envie d'apprendre let's go
Prérequis : savoir analyser des montages financier, comprendre comment un rendement est généré + maitriser l'environnement Blockchain.
après go sur #FTM vous déposez ~500$ sur une adresse vierge

Mise en place d'un #FlashLoan des Familles pour à peine 1$ la TX

ftmscan.com/tx/0xe37449503…
Read 5 tweets
1. As promised, this is a thread about @AaveAave and #flend! AAVE is a lending/borrowing protocol that evolved the #defi ecosystem to the next step! It's gonna be a long thread, let's start!
$ftm
2. In order to understand the decentralized way, we first need to understand the traditional way.
As always i'll try to make it as easy as it can be!

So we first need to understand how banks make money.
3. Let's say you have 1000$ in your pocket and you want to deposit your #money to a #bank, because they give some #interest to you. Let's say your bank gives %1 interest rate for 1 year lock.
Read 20 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!