Pinned
BlockSec
2,208 posts
BlockSec
@BlockSecTeam
Smart Contract Audit | Security Monitoring | AML/CFT (KYA/KYT) | Crypto Investigation | @Phalcon_xyz @MetaSleuth @MetaDockTeam 👉TG: t.me/BlockSecTeam
Joined December 2020
We blocked an attack on @ParaSpace_NFT and rescued 2900 eth. Please contact us asap. Dmed 45 minutes ago but get no response.- We help @Platypusdefi recover 2.4M USDC from the attacker contract successfully! BlockSec will always be here to secure the whole ecosystem.
- .@KyberSwap was exploited due to tick manipulation and double liquidity counting. In summary, the attackers borrowed a flash loan and drained the pools with low liquidity. By executing swaps and altering positions, they manipulated the current prices and ticks of the victimized
Kyber being exploited on all chains rn. here's an example tx on base. 20m+ lost already - Our initial analysis of the Cream Finance attack: tx.blocksecteam.com/tx/0x0fe254207… @Mudit__Gupta @banteg @CreamdotFinance
- 1/ @samczsun explained that the attacker exploited the vulnerability in mev-boost-relay to drain MEV bots. After digging into the attack, we have two more findings. First, the attacker used a honeypot tx to lure MEV bots. Second, the honeypot tx has a self-protected mechanism.
Dusk for sandwich bots? A few top mev bots were targetted in block etherscan.io/txs?block=1696… @peckshield @BlockSecTeam @bertcmiller @samczsun @bbbb - 1/ Exploits on chain are growing at an alarming rate. Here's how #BlockSec responds when an attack occurs and the secret weapons we deploy to analyze incidents quickly and accurately.
- 1/ Alert | BlockSec detected that exploiters are replaying the message (calldata) of the PoS chain on @EthereumPow. The root cause of the exploitation is that the bridge doesn't correctly verify the actual chainid (which is maintained by itself) of the cross-chain message.
- 1/ The key to the success of the Tornado Cash DAO attack is that 1) blindly vote -- vote without knowing the consequence; 2) a proposal contract can be updated through a well-designed trick -- create and create2. Click to see the detailed attack steps: docs.google.com/presentation/d…
- Euler exploiter just returned 51000 Eth to Euler finane. Still some Ethers are remaining in the exploiter account.
- Please note that this reentrancy issue is associated with the use of 'use_eth', which could potentially place the WETH-related pools in jeopardy! @CurveFinance , please DM us if you need any help.
Another attack cause the loss ~$14m! explorer.phalcon.xyz/tx/eth/0x2e7dc… - Looks like an MEV bot has been attacked(tx.blocksecteam.com/ETH/0x6c30c0b8…) due to the lack of a check for the sender. @Mudit__Gupta
