Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
SlowMist Profile picture
@SlowMist_Team
Nov 12, 2022 8 tweets 6 min read Read on X
Scrolly
Quick 🧵on @FTX_Official Hack

Total stolen so far: $417M

Hackers address on:
ETH / BSC / Avalanche: 0x59ab..d32b
Solana: 6sEk..hSHH

Thread Coverage:
1/Assets Stolen
2/ Swapped / Bridged Funds
2/ Assets Frozen
3/ Platforms Used
4/ Notable Transactions
5/Suspected Whitehats Image
Assets Stolen Image
Swapped/Bridged Funds

ETH Network: Swap Alts for $ETH and $DAI via various DEX, and bridge 5,000,000 $MATIC to Polygon Network via Polygon Bridge.

BSC Network: Bridge tokens to ETH network via Stargate, Multichain

Solana: Bridge 7,964 $ETH to ETH network via Wormhole Bridge
Assets Frozen

So far, $USDT on the #Avalanche and #Solana has been frozen by @Tether_to.

The only other assets that can be frozen are the 33,184.98 $PAXG tokens on the $ETH network. Image
Platforms Used:

@1inch
@CurveFinance
@CoWSwap
@PancakeSwap
@MultichainOrg
@StargateFinance
@KyberSwap
Notable Transactions

1/FTX Accounts Drainer bridged 4,375 ETH from BSC to Polygon via Multichain.

Current Status: "Big Amount"
anyswap.net/explorer/tx?pa…

2/Solana chain, Drainer returned 3,138.99 BTC, 4,152.98 soETH and 155,840.75 soChainlink back to FTX US hot wallet. ImageImageImage
Suspected Whitehats

EOA 1: 0xd801..a969
Contract 1: 0x97f9..1E5c
Contract 1 is a multi-signature contract address, labeled as FTX by @etherscan.

EOA 2: 0x8b41..ae4a
Contract creation fees originated from @BinanceUS. Image
Update, FTX Bitcoin wallet was affected too. 3871.69 $BTC was stolen as well. That’s another ~$65 million.

All funds were sent to 325gSHHe7UGvzEc9kGx43VqPboXUVwa26i

Image

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with SlowMist

SlowMist Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @SlowMist_Team

SlowMist Profile picture
May 21, 2023
Brief Analysis of TornadoCash Governance Exploit

On May 20, 2023, @TornadoCash suffered a governance attack, in which exploiters took control of the governance of TornadoCash by executing a malicious proposal.

Let's see how it happened:

Exploiters first created the proposal… twitter.com/i/web/status/1… Image
On 2023-05-13 at 7:22 (UTC), exploiters initiated the #20 proposal and explained in the proposal that the #20 proposal is a supplement to the #16 proposal and has the same execution logic. Image
But in fact, the proposal contract has an extra self-destruct logic, and its creator, 0x7dC86183274b28E9f1a100a0152DAc975361353d, was created through create2 and has a self-destruct function, so after it self-destructed with the proposal contract, the exploiters could still… twitter.com/i/web/status/1… Image
Read 9 tweets
SlowMist Profile picture
May 19, 2023
🚨SlowMist Security Alert 🚨

On May 11th, a user reported a phishing attack leading to the loss of their wallet assets, raising security concerns around permit signatures. This thread is dedicated to understanding the nature of this theft and how we can stay secure.🔐👇

Full… twitter.com/i/web/status/1…
The victim reported that they inadvertently clicked on a phishing website (syncswap[.]network) and ended up losing over $100. As insignificant as this may seem, it emphasizes the potential security risks in the blockchain space.🔗

An analysis of the transactions reveals a… twitter.com/i/web/status/1… ImageImage
We found an additional permit operation related to the contract caller address. To understand its implications, we need to first understand what a permit is. In the ERC20 protocol, it allows users to interact with smart contracts using an authorization signature (permit). 📝💼… twitter.com/i/web/status/1…
Read 6 tweets
SlowMist Profile picture
May 19, 2023
🚨SlowMist Security Alert🚨

Recently, there have been a lot of asset thefts caused by shared #Apple IDs. We believe that the key is "apps are not bound to device codes".
1/ This is an issue prevalent in 99% of #wallets, trading apps,and other apps. It's a concern we've voiced a long time ago. However, due to it not being considered in the initial stages of app design, the majority of apps in the market have yet to rectify this issue.
2/ This lack of binding can lead to data being dragged off or maliciously synchronized to other devices, resulting in potential breaches. Combined with other techniques such as social engineering, brute force attacks to obtain passwords, this can lead to theft of assets.
Read 6 tweets
SlowMist Profile picture
Mar 21, 2023
How effective is GPT for auditing smart contracts?

We conducted a series of tests to assess the performance of GPT-3.5(Web), GPT-3.5-turbo-0301, and GPT-4(Web) in detecting vulnerabilities within Solidity smart contracts.

🧵👇 for TLDR
slowmist.medium.com/how-effective-…
Test Environment & Methodology:

We utilized simple vulnerability codes and moderately complex vulnerability codes as test cases.

The comparative analysis focused on the three GPT models' ability to identify these vulnerabilities.
Test Results:

For simple vulnerabilities, all three GPT models performed well. However, when it came to more complex vulnerabilities, the models fell short.

GPT-4(Web) showcased exceptional readability but didn't surpass GPT-3.5(Web) or GPT-3.5-turbo-0301 during auditing.
Read 8 tweets
SlowMist Profile picture
Mar 13, 2023
On March 13th, 2023, @eulerfinance, a lending platform that operates on the Ethereum blockchain, was attacked, resulting in the attacker making off with over $190 million.

🧵👇
The attacker used flashloans to deposit funds and then leveraged them twice to trigger the liquidation logic, donating the funds to the reserve address and conducting a self-liquidation to collect any remaining assets. Image
Two key factors contributed to the success of the attack:

1. Funds were donated to the reserved address without being subjected to a liquidity check. This created a mechanism that could directly trigger soft liquidation.

2. When the soft liquidation logic was triggered by high… twitter.com/i/web/status/1… Image
Read 4 tweets
SlowMist Profile picture
Feb 10, 2023
🚨SlowMist Security Alert🚨

On February 10th, the DeFi aggregator platform @dForcenet was attacked, and the attacker made a profit of approximately 3.65 million dollars.

Here is a brief report👇
1/ The attacker first borrowed 69665 WETH through a flashloan and swapped it into ETH, then added liquidity to the wstETH/ETH pool on Curve, earning 65343 wstETHCRV. Then deposited some of the wstETHCRV in the Curve wstETHCRV-gauge, receiving wstETHCRV-gauge tokens.
2/ The attacker used wstETHCRV-gauge to deposit in the dForce wstETH/ETH Vault and minted share tokens (dForce wstETHCRV-gauge) and USX tokens.
Read 12 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

Send Email!

:(