Share this page!

CertiK Alert Profile picture
Twitter logo
Feb 21 3 tweets 2 min read
#CertiKSkynetAlert 🚨

1\ In preparation for the @Hope_fin #exit scam, a fake router was deployed in txn 0xf188.

The SwapHelper was then updated to use this fake router in txn 0xc9ee. This txn was approved by all 3 owners of Hope’s multisig 0x8ebd. Image
@Hope_fin 2\ In txn 0x1b47, ` _swapExactTokenForTokens` variable was set to wallet address, 0x957D.
When `GenesisRewardPool.openTrade()` is called to borrow USDC, GenesisRewardPool transfers WETH to TradingHelper to convert to USDC.
Instead of swapping, USDC was sent to 0x957D. Image
@Hope_fin 3\ As the `_uSDC` address was deliberately left empty, the receiving address (0x957D) was passed to v2 and the `swapExactTokensForTokens()` transferred 477 WETH to 0x957D. Image

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with CertiK Alert

CertiK Alert Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @CertiKAlert

CertiK Alert Profile picture
Feb 21
#CertiKSkynetAlert 🚨

What we know so far regarding the @fRiENDSiES_Ai exit scam:

On 20 Feb, fRiENDSiES Ai posted on their twitter that they were pausing the project due to market volatility.

Let’s see what went down 🧵 👇 Image
@fRiENDSiES_Ai 1/ In March 2022, the fRiENDSiES #NFT project conducted a Dutch-style auction which raised ~1,530.78 $ETH.
@fRiENDSiES_Ai 2/ According to the roadmap, which has been deleted, the team promised 1.25% of the royalties to be given back to token holders. However, investors have not received anything.
Read 6 tweets
CertiK Alert Profile picture
Dec 20, 2022
#CertiKSkynetAlert 🚨

1/ Ice phishing is a considerable threat to the Web3 community

Instead of gaining accessing to your private key, scammers trick you into signing permissions to spend your assets.

We’ll outline below what to look out for, and how to protect yourself!
2/ The scam begins when a victim is tricked into approving the ice phishing address.

The scammers address will be presented to you when you are interacting with a malicious URL or Dapp

Below is an example of this type of transaction 👇
3/ The next phase comes when the ice phisher initiates a TransferFrom transaction

In the example below we can see the ice phisher (0x4632) initiates the transaction, which sends USDT to a recipient that is controlled by the scammer.
Read 7 tweets
CertiK Alert Profile picture
Dec 19, 2022
#CertiKSkynetAlert 🚨

We are seeing multiple community reports that @BurstRoyale_NFT is a scam project that drains NFT wallets after downloading the game. Several individuals have reported that they fell victim to this phishing site over the past month.

Please stay safe!
@BurstRoyale_NFT 1/ Burst Royale appears to have a consistent modus operandi where a “team member” contacts their targets on Twitter offering them a job for the project and asking them to download their game, which is a proxy malware that drains wallets.
@BurstRoyale_NFT 2/ The malware is reportedly called RedLine Stealer which connects to a server to exfiltrate data. It can be found on underground forums for sale for ~$150.
Read 8 tweets
CertiK Alert Profile picture
Dec 19, 2022
#CertiKSkynetAlert 🚨

1/ We are seeing a fake @Coinbase email scam. Here’s how it works 👇👀

The scammer targets individuals who are selling items online and promise to pay a large sum of BTC through Coinbase.
@coinbase 2/ They’ll then ask for the email address associated with the victim's Coinbase account.

Coinbase allows users to send crypto to an email address.

They then pretend to send you BTC and provide a fake screenshot of the confirmation.
@coinbase 3/ The scammer will then send an email pretending to be from Coinbase that will ask you to purchase BTC and send it to your 'activation address' in the email subject line. This is in order to ‘activate the encrypted fund’.

The activation address is the scammers BTC wallet
Read 4 tweets
CertiK Alert Profile picture
Nov 21, 2022
#CertiKSkynetAlert 🚨

1/ Let's break down the recent FTX Wallet Drainer activity.

The BSC wallet holds ~$1.6m DAI after converting ~44,232 BNB to ~$4m USDC, ~$3.5m USDT and $3.4m Binance Peg ETH.

The assets were then bridged over to ETH and sent back to FTX Accounts Drainer. Image
2/ Once the FTX Wallet Drainer amassed ~250k ETH, they began bridging funds to the Bitcoin Blockchain

On 20 Nov, 50k ETH was transferred to 0x866E which swapped ETH for renBTC.

Those assets were then bridged to the following addresses

Bc1qv…gpedg
Bc1qa…n0702
3/ BTC Bc1qv…gpedg began a peel chain.

This is a money laundering technique whereby BTC is sent through a series of transactions in which smaller amounts of BTC are transferred to a new address. Image
Read 6 tweets
CertiK Alert Profile picture
Nov 20, 2022
#CertiKSkynetAlert 🚨

FTX Wallet Drainer 1 has transferred 5k ETH to a new wallet 👀

etherscan.io/tx/0xe3f288d78…
0x866Ee has received another 10k ETH from FTX Wallet Drainer 1

They have also begun swapping ETH for renBTC.
0x866E has now swapped 8k ETH for ~575 renBTC (~$9.6m)
Read 5 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

Send Email!

:(