Share this page!

Maybe Scrolly?
SlowMist Profile picture
Twitter logo
Nov 12 8 tweets 6 min read
Quick 🧵on @FTX_Official Hack

Total stolen so far: $417M

Hackers address on:
ETH / BSC / Avalanche: 0x59ab..d32b
Solana: 6sEk..hSHH

Thread Coverage:
1/Assets Stolen
2/ Swapped / Bridged Funds
2/ Assets Frozen
3/ Platforms Used
4/ Notable Transactions
5/Suspected Whitehats Image
Assets Stolen Image
Swapped/Bridged Funds

ETH Network: Swap Alts for $ETH and $DAI via various DEX, and bridge 5,000,000 $MATIC to Polygon Network via Polygon Bridge.

BSC Network: Bridge tokens to ETH network via Stargate, Multichain

Solana: Bridge 7,964 $ETH to ETH network via Wormhole Bridge
Assets Frozen

So far, $USDT on the #Avalanche and #Solana has been frozen by @Tether_to.

The only other assets that can be frozen are the 33,184.98 $PAXG tokens on the $ETH network. Image
Platforms Used:

@1inch
@CurveFinance
@CoWSwap
@PancakeSwap
@MultichainOrg
@StargateFinance
@KyberSwap
Notable Transactions

1/FTX Accounts Drainer bridged 4,375 ETH from BSC to Polygon via Multichain.

Current Status: "Big Amount"
anyswap.net/explorer/tx?pa…

2/Solana chain, Drainer returned 3,138.99 BTC, 4,152.98 soETH and 155,840.75 soChainlink back to FTX US hot wallet. ImageImageImage
Suspected Whitehats

EOA 1: 0xd801..a969
Contract 1: 0x97f9..1E5c
Contract 1 is a multi-signature contract address, labeled as FTX by @etherscan.

EOA 2: 0x8b41..ae4a
Contract creation fees originated from @BinanceUS. Image
Update, FTX Bitcoin wallet was affected too. 3871.69 $BTC was stolen as well. That’s another ~$65 million.

All funds were sent to 325gSHHe7UGvzEc9kGx43VqPboXUVwa26i

Image

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with SlowMist

SlowMist Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @SlowMist_Team

SlowMist Profile picture
Nov 11
We used our @MistTrack_io OpenAPI to examine FTX withdrawals in the past couple days.

Starting on the #TRON network, most funds were sent to Binance, FTX US, and OKX via TYD....tW6. Binance also received the greatest number of deposits from FTX, followed by KuCoin and OKX. ImageImage
Switching over to the ETH network, FTX hot wallet 0x2f...6ad2 transferred most of the funds @binance, followed by @krakenfx and @coinbase .

When it comes to the exchange of choice for withdrawals, most choose Binance, then @Bybit_Official and Kraken. ImageImage
Another FTX hot wallet(0xc0...3a94) on the ETH network also sent most of the funds to Binance, followed by @Gemini and @coinhako.

However, based on the number of withdrawals transactions, most users chose to deposit to Binance, then @coinbase and @cryptocom. ImageImage
Read 4 tweets
SlowMist Profile picture
Nov 10
On November 9, 2022, the brahTOPG project on the ETH chain was attacked, leading to the loss of $89,879.

We conducted an investigation into this incident and these were our findings. Image
1. The attacker first queries the balance of the victim user 0x392472, and then calls the zapIn function of the Zapper contract.
2. The function will transfer the token specified by the requiredToken to the contract. Since the parameter passed in by the function can be modified externally, the attacker can create a fake token for the requiredToken and transfer it to Zapper contracts. Image
Read 9 tweets
SlowMist Profile picture
Oct 6
Over half a BILLION dollars worth of $BNB was recently hacked.

The hacker is now trying to spread the funds to every network to launder the funds. Image
Even after spending over ~980K $BNB, they still have ~$1M $BNB Image
~4.7M USDT has already been blacklisted. Image
Read 14 tweets
SlowMist Profile picture
Sep 6
🚨 SlowMist Security Alerts🚨

Recently, we've seen a new phishing attack against the crypto community. Scammers are currently soliciting victims to participate in beta testing in return for financial compensation.

Here's how it works🧵👇
Typically, scammers will contact victims through Discord or other messaging apps and send over a compressed file.

The file is generally an 800M exe file, once opened, it will scan your computer for files containing keywords such as "wallet" and send them to the scammer.
The reason why these files were so large is because it’s filled with a large number of 0000 empty files, this helps them evade antivirus software.

(Note: Most online antivirus software can analyze files up to 50 M, while PC antivirus software can analyze files up to 500M.)
Read 10 tweets
SlowMist Profile picture
Sep 5
Week 17 of our "What is Series"🧑‍🎓

What is EVM❓

The Ethereum Virtual Machine (EVM) is a computing engine that can be thought of as a distributed computer with millions of executable applications.
While the EVM's representation cannot be pinpointed like a cloud or an ocean wave, it does exist as a whole and is maintained by thousands of interconnected computers each running the Ethereum client.
The purpose of an EVM is to determine the state of every block in the Ethereum blockchain. While EVMs are similar to other blockchains that use distributed ledgers, they add another layer of functioning due to their smart contract capabilities.
Read 11 tweets
SlowMist Profile picture
Sep 5
Going Above And Beyond🙌

We’ve expanded our consulting services to help support #Web3 projects stay secure from A to Z.

Our services will not only include on-chain support such as smart contract auditing but off-chain as well.
Web3 services include:

1. Complete Security Analysis
2. On-chain Emergency Response Service
3. Threat Intelligence Sharing (Vulnerabilities&Risks)
4. Product Testing of Security Service (@MistTrack_io, Smart Contract Monitoring)
5. Priority Scheduling of Security Audit Services
This was only made possible because our team of security experts has years of practical experience as well as monitoring services in place to stay up to date on the latest attacks.

To learn more about our new services, check out: slowmist.com/service-securi…
Read 4 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

Send Email!

:(