Daily Security

It appears Ripple was hacked for ~213M XRP ($112.5M) Source address rJNLz3A1qPKfWCtJLPhmMZAfBkutC2Qojm So far the stolen funds have been laundered through MEXC, Gate, Binance, Kraken, OKX, HTX, HitBTC, etc Theft addresses rGhR13XyM43WdDaSMznHd5rZ4cJatybvEg rHQVKntyfkDCPhEBL2ctryuEAkDZgckmmV rLsUemhuBZtF44rqqzneb2F9JgyrRYYd4t rKPERax7t9iFvT3RHXn5nifyNpzp9a4hBa rpjs4HLX1gJoEenH69PsQmXaXY22QhCYAT rLRhugR4ysNa2xkt4E6fKN8krs9jatCp6w rnCyeUNvfDbtTagGEPjBfTCBz6EqJjf2Uj rHVjfYzTaB8MzSoQGqpzH9barZr85QsZW7

Thanks to great minds from Oxorio for such a cool list🙏

From SunSec guys "🔥DarkCat progress updates: Automatic PoC generator: 1. Rewritten the server with nodejs (it was python before). 2. Using interfaces instead of low level calls. 3. Support run forge test directly on web. Keep improving!" https://fxtwitter.com/1nf0s3cpt/status/1744310042424398088

MongoDB is hacked 🚨⚠️ https://www.mongodb.com/alerts

Have you ever dreamed about an auditing course with top web3 enthusiasts gathered in one place? No code required 😊 https://updraft.cyfrin.io/courses/security 🔥 Follow for more @ethers_security

Revoke cash and Sushi UIs compromised! Stay safe! • x.com/officer_cia/status/1735276914321846498?1 #security #alert

Foundry POC that shows how the thirdweb contracts are exploited due to the wrong use of Openzeppelin ERC2771 with Multicall https://github.com/0xnirlin/Thirdweb-Exploit-POC 🟢Follow for more @ethers_security

At Wonderland we found a bug related to RAI and RAI forks The full story: https://twitter.com/DeFi_Wonderland/status/1733179115962843303

Highly recommended, check it out 🙏

Just spotted a really good (by SamCZSun) and clear Telegram setup guide for beginners: securityalliance.notion.site/Telegram-Security-Self-Audit-863507aa2ea84360be8e6f30c61e6b0d But. If you want more…anonymity - check out my own guide via the link below: officercia.mirror.xyz/i9-pRa_r9Of1RNf-tnkhJLO9ho3gwhBK-4ARHNFtmvM #security #privacy #tip

Worth a try https://twitter.com/ackeeblockchain/status/1729501275648074207?s=61&t=OCY8E8DxO5l2BlRJ5kv3Xg Follow for more @ethers_security 🟢

Type: #dex #logicFlow Project: Kyberswap Date: 17/04/23 Blockchain: Multichain Problem: Double-adding liquidity because of the incorrect tick handling. For this hack it's important to understand how CLMM works, visit a link for a full hack description. In short: * Users provide liquidity at a certain price range. * The price range is discretely subdivided into ticks. In Kyberswap the trick was to get the system in a state where currentTick was sitting on a valid tick range boundary and nearestCurrentTick == currentTick - 1. You then mint liquidity in the range (currentTick, currentTick + n) for some n. When a one-for-zero swap is executed in the current state, the nearestCurrentTick == currentTick - 1 (the next tick) will be calculated as currentTick, but it should be calculated as the next initialized tick. This causes the liquidity just added to be added again: - Before minting, crossing the tick boundary would have added l0 liquidity. - Minting adds l1 liquidity, but it also adds liquidity to the tick range. This means crossing the tick boundary will now add l0 + l1 liquidity. - We then cross the tick boundary with a small one-for-zero swap. In total, l1 + l0 + l1 liquidity has been added by minting and crossing (because two ticks are the same). The Hacker: 1) Starts with a pool containing 1000 ETH and 2,000,000 USDC. Using a flash loan swaps 5000 ETH for USDC, getting the price down to $1 (tick 0). There are now 6000 ETH tokens in the pool and no USDC. 2) Calculates how much liquidity would need to be in the range (0,n) for some small n in order to completely drain the pool of 6000 ETH (in this tick range). 3) Mints half that liquidity and then performs the double-add exploit. Since the price of ETH is $1 this doesn’t require a whole lot of ETH and USDC. 4) Swaps 6000 USDC for 6000ETH. 5) Pays back the flash loan and keep approximately 1000 ETH as profit as well as the USDC received in step 1. Discoverer: 100proof Harm: 100 M $ at risk, 1.1 M payout link

🆘 HECO bridge got hacked The reason: rugpull or loss of private keys https://twitter.com/cyversalerts/status/1727276003196600539?s=61&t=mT6-HI5V4xWlmAcNVpJfLw https://www.theblock.co/post/264271/heco-bridge-appears-to-have-been-drained-of-86-6-million Good material on bridges security https://spearbit.mirror.xyz/MjMLQf5cTfKtxHj8GWG7DZjaUrswrcKpU4vJ45fgQW0 https://medium.com/@j2abro/a-visual-guide-to-blockchain-bridge-security-e982fec671a7 How to store your private keys https://officercia.mirror.xyz/p1ieZdxQWH4yHCNOXNPHyT8So1cY0X_wMGKwdmavi7s Follow @ethers_security

It seems that SpookySwap UI is compromised! Same with TraderJoe. Stay safe and follow my X thread! Please RT: https://x.com/officer_cia/status/1725664449434919344 #security #alert

🎓A good source for bridges https://twitter.com/ethers_security/status/1725272256715079924?t=oNrpF8qGy1VfWHG88TrdYw&s=19 🧐@ethers_security

Use this list of fantastic telegram channels I've put together in order to discover them as your own personal Web3-Google! • t.me/addlist/uesom31GM1I4Yjgy What’s new? • Added new channels, mostly non-tech format! Feel free to use this folder to onboard your non-web3 friends to Web3, as the majority of the channels are maintained by independent researchers. There are also additional channels for news, CT reviews, and more! A small tip to subscribooors: if you find a channel interesting, move it out of the folder into your main list of chats. That way you’ll view content you’re interested in more often, and channels get more views instead of just subscribers! #security #offtopic