Ancilia, Inc. Profile picture
Oct 25, 2022 4 tweets 3 min read Read on X
1/ #web3 #hacks, our system detected highly suspicious txn from this address

0x8ca72f46056d85db271dd305f6944f32a9870ff0

the attacker was able to gain over 24 eth in two Txn,

etherscan.io/tx/0x8037b3dc0…
2/ This is caused by an re-entry attack when contract Xn00d etherscan.io/address/0x3561… _mint() before doing transferFrom @n00dleSwap
@n00dleSwap 3/ see attachment, the _mint() is before transferfrom, and the re-entry attack could let attack _mint() extra times. @n00dleSwap #web3 #hacks @AnciliaInc Image
@n00dleSwap You should take a look at this!

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Ancilia, Inc.

Ancilia, Inc. Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @AnciliaInc

Mar 20, 2023
1/ #Ancilia_Alerts : Looks like @ndxfi's ORCL5 Token contact lost $9925 due to a flashloan attack,

hacker,
0x65d437e852ac699e3951e1722bcc4a0660053596

contract,
0xD6cb2aDF47655B1bABdDc214d79257348CBC39A7 ImageImage
2/ @ndxfi (Index Finance) you should take a look! More hacks are ongoing to other tokens in the protocol.

The attacker got over 15k so far. Image
3/ here is the list of tokens being drained. Image
Read 4 tweets
Jan 19, 2023
1/ We detect a hack on @ThoreumFinance. Hacker (0x1ae2dc57399b2f4597366c5bf4fe39859c006f99) has gained ~2000 BNB and deposited to tornado (via 0x1285fe345523f00ab1a66acd18d9e23d18d2e35c). #Web3 #Hacking ImageImage
@ThoreumFinance 2/ we think the root cause is in the "transfer" func. In the Tx, when 0x7d1e1901226e0ba389bfb1281ede859e6e48cc3d calls transfer to itself, its balance will increase. By repeating doing this, it ends with 500k+ $THOREUM tokens Imagerepeat calling transfer to ...
@ThoreumFinance 3/ in the same tx, all gained $THOREUM tokens are swapped to WBNB and send to 0x1285fe345523f00ab1a66acd18d9e23d18d2e35c, which later deposit into Tornado. Since no source code is verified, the analysis is based on our Akkala emulator. Image
Read 4 tweets
Dec 2, 2022
10,000,000,000,000 aBNBc Token was minted in tx: 0xe367d05e7ff37eb6d0b7d763495f218740c979348d7a3b6d8e72d3b947c86e33, and sent to addr: 0xf3a465c9fa6663ff50794c698f600faa4b05c777. These aBNBc token is being swapped to USDC and WBNB now
/2 0xf3a465c9fa6663ff50794c698f600faa4b05c777 is transferring $$ out via Tornado and cBridge now
/3 @ankr you should look into it NOW!
Read 6 tweets
Nov 30, 2022
1/ Our monitor system found token MBC bscscan.com/address/0x4e87… was hacked. @CXH21294765 @Moonbirds_Club. Hack(0x9cc3270de4a3948449c1a73eabff5d0275f60785) gained around 5.6k BUSD and transferred to contract 0xad2D2CB5F91e7AdEE7b029958A58fE6a38e282EB
@CXH21294765 @Moonbirds_Club 2/ The root cause is that the MBC contract use function addLiquidity() wrong and also it accidentally exposed the interface as public. The function swapAndLiquifyStepv1() use the balance of address(this) as the desired reserve amount which mean to keep the reserves. ImageImage
@CXH21294765 @Moonbirds_Club 3/ The problem is that when it try to add liquidity it is *AFTER* the swap, hacker use flashloan() borrowed 150k BUSD to swap 11.6k MBC token. The token ratio dropped from 1.13:1 to 0.0053:1. And then swapAndLiquifyStepv1() will use the latest(0.0053:1) as the reserved ratio.
Read 6 tweets
Nov 22, 2022
1/ Our system detected a suspicious tx which gained over 49BNB (~$13K) from @AURofficial_ pancakeswap AUR/WBNB pool.

@AURofficial_ you should take a look.

bscscan.com/tx/0x7f031e854… Image
@AURofficial_ 2/ It seems a hack. Attacker 0x6903499751f973052155df339116b6c6b24ac24b use contract 0x3d743b2f760a431cc20047cb5c7758c9a8860d6b to call createNode() with 0.01 BNB in TX bscscan.com/tx/0xb3bc6ca25….
@AURofficial_ 3/ Due to the lack of permission check on the function call changeRewardPerNode(), attacker could change that value to a huge number which will be used to calculate node rewards. ImageImage
Read 4 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

:(