Rugdoc.io Profile picture
Jun 24, 2022 6 tweets 4 min read Read on X
1/6

🚨🚨UPDATE on the Harmony Bridge:

Our amazing team member @pioneerDefi did some digging on the @harmonyprotocol Horizon bridge hack for $100m

The bridge contract is: etherscan.io/address/0x2dCC…
Which is under a 5 person multi-sig contract: etherscan.io/address/0x2dCC…
2/6

Looking at this transfer of 592 WBTC from the bridge to the hacker wallet:
etherscan.io/address/0x0d04…

We can decode the input data and receive:0transactionIduint25621108

Looking at transaction 21108 we see it was confirmed by 2 of the multi sig wallets:
3/6

Wallets which confirmed that unlockTokens transaction:

0xf845A7ee8477AD1FB4446651E548901a2635A915

0x812d8622C6F3c45959439e7ede3C580dA06f8f25
4/6

The multi sig contract asks for 4 confirmations but has a function has a function which allows for the alteration of the requirement number

Transactionid 21126 changed the requirement to 4

…which was also approved by those same two wallets in the multi sig
5/6

The Harmony team seems to have just detected the attack a few hours ago and changed the requirement to 4 which you can see the first 8 bytes:
1942
changeRequirement(uint256)
0xba51a6df

Meaning the 5 person Harmony bridge multi sig had 2 wallets approve the transactions
6/6
TLDR: Harmony bridge uses a multi sig contract. 2 of the multi sig wallets approved transaction 21108 to drain 592 WBTC and a few hours later transaction 21126 a transaction which changed the requirement from 2 to 4 signature wallets to secure the bridge

@harmonyprotocol

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Rugdoc.io

Rugdoc.io Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @RugDocIO

Jun 13, 2022
1/
Regarding the #Celsius freeze:

As strange and wild as #DeFi is, by being decentralized everything is ultimately transparent so you’re able to understand the risks, causes, and effects of specific actors in the space
2/ I don’t know with any certainty Celsius’ financial positions or treasury management and I can’t find out through any objective measure. Everything is unfortunately speculation. Maybe they have bad debt from stETH (cobie.substack.com/p/staking-pegg…)
3/
Maybe they were using DeFi to farm with customer funds for profit (they were) and lost large amounts in various exploits (they did). Maybe they were more affected by the collapse of Terra than they led on. Maybe they'e another victim to the bloody market from volatile exposure
Read 10 tweets
May 23, 2022
Demystifying FUSD and the recent Fantom craze

A thread from a RugDoc engineer without insider knowledge 🧵 👇
1/ A week ago, Andre Cronje, the FTM godfather who supposedly left development completely, was seen deploying a contract on FTM after receiving 70M FTM (~$35m) from a Binance withdrawal presumably by the Fantom Foundation.

I wanted to start investigating this...
/2 All though not verified, the bytecode for this contract contained the address for FUSD, the failed Fantom stablecoin which has been notoriously trading under peg for ages.

Was Andre back to work for the foundation?

ftmscan.com/address/0x44b2…
Read 18 tweets
Feb 16, 2022
🚨Hard Rug alert: ftom.finance 🚨

Tomb Finance fork ftom contains hard rug code within the genesis contracts.

Genesis contract: ftmscan.com/address/0x7404…

$500k+ at risk: These users should withdraw ASAP!

@FantomFDN @tombfinance @TombForkWatch @Forgiving15
As most of you know, one should not leave their tokens within a genesis for too long, as most of these contracts eventually (usually 90 days after genesis finishes) allow governance to take out all staked tokens.

Remember that one fork where they inverted the < to a >?
Now things get fun within ftom as they can reconfigure their poolStartTime.

🤔But you, the solidity expert, say... Look at that second line, it can only be set in the future and thus the rug can only occur in 90 days?!

You are correct... Next function...
Read 7 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

:(