The CIA not only invests with Venture Capitals, but also helps with finding interesting projects and security issues.
Why is it worth #revoking smart contracts that you interacted with?
A thread! 🧵
1/11
#CIA #crypto #approval #revoke #exploit #cybersecuritytips
Why is it worth #revoking smart contracts that you interacted with?
A thread! 🧵
1/11
#CIA #crypto #approval #revoke #exploit #cybersecuritytips
Yesterday, we received an information from one of the Venture Capital company that after sending a transfer to other address, the funds immediately disappeared and according to their findings everything went to 0xdead~.
They asked us for assistance and clarification.
2/11
They asked us for assistance and clarification.
2/11
1) Firstly, we examined the transfer from the VC to another address. Nothing unusual happened here - it was just a normal transfer:
3/11
3/11
2) Exactly in the same block height, a transaction occurred that automatically took over the $BUSD sent by the VC, and executed a transfer to another address. The transfer was not initiated and authorized by the VC:
4/11
4/11
3) We took a closer look at this transaction. As it turned out, besides the transfer to an unauthorized address, we also see an approval for the contract address 0x544fde4e25dd7e0aff084f4975d808ae366b746b:
5/11
5/11
4) Quick research on our side revealed that this is one of the smart contracts that received approval from VC Address 2 exactly 2 years ago:
6/11
6/11
5) During the deeper research, we established that this smart contract is known and was compromised along with other smart contracts on February 27th, 2023, following the tweet from @peckshield/@PeckShieldAlert below:
7/11
7/11
https://twitter.com/PeckShieldAlert/status/1632644674828779521
6) This event is most likely related to the exploit on @launchzoneann. The initial announcement on this incident can be found here:
8/11
8/11
https://twitter.com/launchzoneann/status/1630161294836768771
The final conclusion is that the above incident is the result of an exploit and the lack of removal of #approval (by #revoke) by VC Address 2. 0xdead~ is not the real 0xdead~ or the 0x0000~, but rather another scammy smart contract.
9.1/11
9.1/11
As you can see, the consequences can come even after a few years since the interaction, even if then the contract was not malicious.
9.2/11
9.2/11
We have informed the VC about what happened, what they should do, and how to behave. As a result, only a few hundred $ disappeared. The entity revoked the malicious smart contracts and managed to save a significant portion of the funds by sending it to their fresh wallet!
10/11
10/11
To perform revokes, you can find plenty of tools!
For example you can use @RevokeCash or even Etherscan. For more information regarding approvals and revokes, see this article by @ConsenSys
consensys.net/blog/metamask/…
11/11
For example you can use @RevokeCash or even Etherscan. For more information regarding approvals and revokes, see this article by @ConsenSys
consensys.net/blog/metamask/…
11/11
Kindly reminder that we published our first public report. For more information see the tweet below:
Thank you for reading. If you liked this thread don't forget to leave your feedback.
Thank you for reading. If you liked this thread don't forget to leave your feedback.
https://twitter.com/CIA_DAO/status/1632817599275847684
• • •
Missing some Tweet in this thread? You can try to
force a refresh
