Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Igor Igamberdiev Profile picture
@FrankResearcher
Jun 29, 2020 4 tweets 2 min read Read on X
Two random facts about the hack of @BalancerLabs pools:
- the hacker made five 0.1 ETH withdrawals from Tornado, in the first of them relayer was used and the rest using his own address. Consequently, the hacker had experience with Tornado and he made at least 5 deposits there. ImageImage
Currently, there are 1312 unique addresses that deposited 0.1 ETH into Tornado. Of these, 112 made at least 5 deposits. In addition, the number of addresses can be reduced by using heuristics from this paper: arxiv.org/pdf/2005.14051…
It will be cool if someone takes a look at it.
- the contract that withdrew the money from the STA pool couldn't withdraw it from the STONK pool due to an "Out of gas" error. However, after 40 minutes, the hacker rewrote the code and drained funds from the second pool using a new contract. ImageImage
It is still very surprising to me that attackers rarely use SELFDESTRUCT after their hacks. This would make it impossible to quickly analyze contracts using only explorers like Tenderly.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Igor Igamberdiev

Igor Igamberdiev Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @FrankResearcher

Igor Igamberdiev Profile picture
Aug 21
1/6
Today, we’re launching The Alpha Challenge, a two-week experiment for the crypto community to test their on-chain analysis skills and for Wintermute to hire top talent

We've also collaborated with six companies to provide exciting awards for those who will not be hired👇 Image
2/6
We developed this idea because using case studies is our (and my personal) approach to hiring for research-related roles

The feedback was always excellent, so it would be interesting to check it on a larger scale

That’s why we're posting 10 case studies instead of a few
3/6
Think of this challenge as a simpler way to check your on-chain skills because if you collect 60+ points, then you’re in a good position to receive awards from our frens

If not, you can read writeups after the challenge ends and learn something new (similar to CTFs)
Read 6 tweets
Igor Igamberdiev Profile picture
Sep 26, 2023
1/5
Imagine if you could bet on a coin flip but couldn’t lose anything

This is how someone stole around $25k from dice9win today, with another $200k was saved by SEAL 911 members

Let’s figure out how it works (we have the team's approval)👇

2/5
The exploiter deployed contracts for each 'coin flip'

The project’s VRF oracle provided randomness and settled bets

In case of victory, the exploiter’s contract redirected the winnings to them Image
3/5
In case of failure, dice9win returned 1 wei of ETH, which led to reverts inside exploiter contracts

Due to this revert, the casino state wasn’t updated, and the bid was still in a pending state

The protocol allows for a full refund of the pending bet in around 8 hours Image
Read 5 tweets
Igor Igamberdiev Profile picture
Aug 1, 2023
1/12

Alright, I've been sitting on this news all day, but let's look at the @BaldBaseBald deployer.

This is definitely someone from Alameda, but I don't think we can safely say that this is @SBF_FTX (even though he is a psycho)

Let's go👇 Image
2/12

I started the morning by making sure that he is not a Coinbase insider, despite the mention of the address (0xccFa05) as the largest holder on DeFi governance forums

Upon closer inspection, one could find that cbETH was not minted by Coinbase, but was bought on Uniswap v3 Image
3/12

Despite the incredible amount of funds the address held, the leading exchanges used were Binance, FTX, Coinbase

Nothing out of the ordinary, right?

It could be anyone, so I went to see if any previous addresses were associated with exchange accounts Image
Read 12 tweets
Igor Igamberdiev Profile picture
Mar 24, 2023
1/10

For more than a week, someone has been trying to carry out a governance attack on @SwerveFinance (a dead Curve clone) and steal $1M+ in various stablecoins

Let’s figure out why he didn’t succeed and also find out who the exploiter is👇

2/10

Swerve is powered by Aragon, where voters use veSWRV (maximum voting power if tokens are locked for 4 years)

There are currently 1.6M yvSWRVs, 51% of which (571k) are needed to execute proposals

Exploiter already owns 495k ($60k) from two addresses
3/10

Let’s move on to the timeline of events:

1) 18 days ago, 0x3cc111 sent messages to 8 largest veSWRV holders asking them to check Blockscan chat

This address has also received messages from j-trezor.silvavault.eth twice
Read 10 tweets
Igor Igamberdiev Profile picture
Mar 13, 2023
1/7
Euler lost $197M in 6 tokens:

- 73.8k wstETH ($116M)
- 34.2M USDC
- 846 WBTC ($18.6M)
- 8k WETH ($12.6M)
- 8.9M DAI
- 3.8k stETH ($6M)

Also, EULER price fell by 52%👇

2/7
Let’s see what happened using the attack on the DAI pool as an example

But first, I need to share a little context:

eToken - collateral token
dToken - debt token

As soon as the amount of dToken exceeds the amount of eToken, liquidation can be triggered Image
3/7
The execution flow:

1) Flash loan tokens from Balancer/Aave v2 => 30M DAI

2) Deploy two contracts: violator and liquidator

Violator:

3) Deposit 2/3 of funds to Euler using deposit() => sent 20M DAI to Euler and received 19.5M eDAI from Euler Image
Read 7 tweets
Igor Igamberdiev Profile picture
Feb 28, 2023
1/7
Many post-mortems after the Terra events have focused on “Wallet A” which played a large role in UST depegging

"Wallet A" swapped 85M UST for USDC and imbalanced the UST/3CRV Curve pool

There is a good chance this wallet is related to @JaneStreetGroup
2/7
On May 3, 2022, Clearpool announced that Jane Street borrowed 25M USDC from @BlockTower using their permissioned lending pool

This news made it possible to identify three addresses of the trading firm, of which we are most interested in only one

3/7
Within two weeks of Terra's collapse, this address:

🔴 Received $15M and repaid them along with an additional $10M to the lender without any use

🟡 Invested $150k in @tonicdex

🟢 Borrowed $25M again and deposited them to a very interesting Coinbase wallet
Read 7 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

Send Email!

:(