CertiK Alert Profile picture
Nov 21 6 tweets 2 min read
#CertiKSkynetAlert 🚨

1/ Let's break down the recent FTX Wallet Drainer activity.

The BSC wallet holds ~$1.6m DAI after converting ~44,232 BNB to ~$4m USDC, ~$3.5m USDT and $3.4m Binance Peg ETH.

The assets were then bridged over to ETH and sent back to FTX Accounts Drainer. Image
2/ Once the FTX Wallet Drainer amassed ~250k ETH, they began bridging funds to the Bitcoin Blockchain

On 20 Nov, 50k ETH was transferred to 0x866E which swapped ETH for renBTC.

Those assets were then bridged to the following addresses

Bc1qv…gpedg
Bc1qa…n0702
3/ BTC Bc1qv…gpedg began a peel chain.

This is a money laundering technique whereby BTC is sent through a series of transactions in which smaller amounts of BTC are transferred to a new address. Image
4/ This morning, FTX Accounts Drainer transferred a further 15k ETH to 0x8059

Those funds were then swapped to renBTC & WBTC.

Recipient address of bridged funds: bc1qe…vpp4t
5/ Most recently, FTX Accounts Drainer has transferred 180k ETH to 12 new EOAs.

Now, FTX Accounts Drainer has 5.7k ETH in their account. Image
6/ To summarize ~$201.3m has been distributed to 12 EOAs (15k ETH each)

~$73.7m was bridged to three BTC Wallets:

Bc1qv…gpedg: ~$17.2m
Bc1qa…n0702: ~$39.3m
Bc1qv…gpedg: ~$16.4m

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with CertiK Alert

CertiK Alert Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @CertiKAlert

Nov 20
#CertiKSkynetAlert 🚨

FTX Wallet Drainer 1 has transferred 5k ETH to a new wallet 👀

etherscan.io/tx/0xe3f288d78…
0x866Ee has received another 10k ETH from FTX Wallet Drainer 1

They have also begun swapping ETH for renBTC.
0x866E has now swapped 8k ETH for ~575 renBTC (~$9.6m)
Read 5 tweets
Nov 19
#CertiKSkynetAlert 🚨

The FTX Wallet Drainer 1 (0x59AB) has begun swapping BNB to ETH, BSC-USD, and USDC.

So far:

~14,558 WBNB swapped for 3,000 ETH across 2 txns

~13,663 WBNB swapped for 3.5M BSC-USD

~15,875 WBNB swapped for 4M USDC across 2 txns

Stay vigilant! ImageImageImageImage
The address still holds ~190.5 BNB.

Fifth transaction 👇 Image
Assets were sent to a new address: 0x2Cfe6a1ABC4F72065d3A640a5A006471794b2EcC

Which has begun bridging assets to their Ethereum wallet. Image
Read 4 tweets
Nov 18
#CertiKSkynetAlert 🚨

In a matter of days, FTX, a company valued at $32B at the beginning of this year, went from a leading cryptocurrency exchange to bankruptcy.

🧵👇
2/ In the aftermath of FTX filing for bankruptcy we have seen the devastating impact the situation is having on a number of companies who had dealings with FTX.
3/ Some of the major companies hit by FTX’s collapse are:

Genesis Trading
Galaxy Digital
Galois Capital
BlockFi
Coinshares
Amber Group
Pantera Capital
Nexo
Voyager
Read 4 tweets
Oct 12
#CertiKSkynetAlert 🚨

On October 11, 2022 at 11:19 PM UTC, Mango Market was attacked for a total loss of roughly ~$116M.

The attacker was able to manipulate the price of the MNGO token and exploitatively borrowed more assets than what they were supposed to be able to.

🧵…
1/ The attacker funded Account A with 4,999,998.95 USDC. Account A then sold 488,302,109 MNGO worth of perpetual swaps on Mango Markets, worth $18,653,140.

Account B bought 482,745,055 of the MNGO swaps.
2/ The attacker then began manipulating the price of MNGO on the spot MNGO/USDC market.

From a stable low of ~$0.038 prior to the attack, they pushed it up to a peak of $0.91.
Read 8 tweets
Apr 26
#CryptoSecNewsAlert🚨

The @FBI is raising awareness on BlackCat ransomware-as-a-service (RaaS), which it said has attacked around 60 entities worldwide from November 2021 to March 2022.

The FBI released Flash No: CU-000167-MW

Read it all here👇

ic3.gov/Media/News/202… Image
@FBI Also called ALPHV and Noberus, the ransomware is notable for being the first-ever malware written in the #Rust programming language.

Rust is known to be memory safe and offer improved performance. rust-lang.org

Rust is also used by Solana docs.solana.com/developing/on-…
@FBI Rust offers the attackers opportunity to take advantage of a lower detection ratio from static analysis malware detection tools, which aren't adapted to all programming languages.

Rust is growing in the web3 space for EVM connected DAPPS as well
ethereum.org/en/developers/…
Read 5 tweets
Apr 17
We are seeing a possible exploit on @BeanstalkFarms - symbol $BEAN which has dropped 100%

#slippage

Address: 0xdc59ac4fefa32293a95889dc396682858d52e5db0x48f33863b1defc7b294717498c634ba9a5fb58a7

Be careful out there! Image
Flashloan attack on Beanstalk has drained their fund of approx $100 Million

Attacker wallet: etherscan.io/txs?a=0x1c5dcd…

“Publius” the discord owner has stated the project has no money to carry on and ‘its dead’.
The hacker has moved roughly $30M (~9700 #ETH) to @TornadoCash

Follow the funds yourself with SkyTrace: certik.com/skytrace/eth:0… Image
Read 8 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

:(