0x2Joy

@0x2Joy

Joined March 2024

7 Following

383 Followers

24 Posts

Pinned Tweet

about 2 years ago

On March 26, Munchables suffered a 17,413 ETH hack, worth roughly $63 million. The perpetrator was later identified as one of their own developers, allegedly affiliated with North Korea. Today, I'm sharing a private investigation into who the hackers are and how they operate.

0x2Joy's tweet photo. On March 26, Munchables suffered a 17,413 ETH hack, worth roughly $63 million.

The perpetrator was later identified as one of their own developers, allegedly affiliated with North Korea.

Today, I'm sharing a private investigation into who the hackers are and how they operate. https://t.co/fVQbJkAQDB

27

544

100

190

116K

about 2 years ago

Nicely done! 👏👏

1

6

0

1

566

about 2 years ago

@bax1337 Nice work!

0

1

0

0

78

about 2 years ago

@bax1337 @jp_koning Cybercriminals are already exploiting flaws in the registration systems of several major cryptocurrency exchanges, with Coinbase being among their targets. They are then associating valid user accounts with indicators of their net worth, such as Zillow.

0x2Joy's tweet photo. @bax1337 @jp_koning Cybercriminals are already exploiting flaws in the registration systems of several major cryptocurrency exchanges, with Coinbase being among their targets. They are then associating valid user accounts with indicators of their net worth, such as Zillow. https://t.co/7JLoWUaDML

0

1

0

0

76

about 2 years ago

@zachxbt @IRS_CI That's quite concerning and, from my standpoint, a breach of trust and privacy. Hoping that the situation gets better.

0

1

0

0

176

about 2 years ago

I'm deeply grateful by the overwhelming response this investigation has received. A heartfelt thank you to everyone who took the time to read and share it. I'm excited to announce that there will indeed be a continuation of this investigation in a part 2. However, prior to its public disclosure, certain procedural steps must be taken by involved entities. Unfortunately, the duration of this process is beyond my control. Additionally, I'm conducting these investigations in my own spare time, and part 2 involves a significant amount of data processing. I'm committed to delivering high-quality insights and prefer not to rush this stage. Rest assured, as soon as all the data has been thoroughly analyzed and I've received clearance to release it, I will do so without delay. I can assure you that the results will be well worth the wait. In the meantime, please continue to stay safe while browsing the internet.

about 2 years ago

On March 26, Munchables suffered a 17,413 ETH hack, worth roughly $63 million. The perpetrator was later identified as one of their own developers, allegedly affiliated with North Korea. Today, I'm sharing a private investigation into who the hackers are and how they operate.

0x2Joy's tweet photo. On March 26, Munchables suffered a 17,413 ETH hack, worth roughly $63 million.

The perpetrator was later identified as one of their own developers, allegedly affiliated with North Korea.

Today, I'm sharing a private investigation into who the hackers are and how they operate. https://t.co/fVQbJkAQDB

27

544

100

190

116K

2

38

4

4

6K

about 2 years ago

Just a quick disclaimer: The bug mentioned is unrelated to the source of this image: https://t.co/qHWiHZTQi6

about 2 years ago

A common method for crypto companies to recruit employees very fast and easily is through job hiring platforms. These platforms allows them to advertise job positions and filter candidates based on their skill sets and salary.

0x2Joy's tweet photo. A common method for crypto companies to recruit employees very fast and easily is through job hiring platforms. These platforms allows them to advertise job positions and filter candidates based on their skill sets and salary. https://t.co/wBIkbzylK0

1

20

0

2

11K

1

6

0

0

3K

about 2 years ago

With the bug remaining unpatched, I searched the usernames against tens of thousands of applications. After hours of searching, I unexpectedly found the username of one of the hackers in his application. The rogue developer-turned-hacker is "super1114".

0x2Joy's tweet photo. With the bug remaining unpatched, I searched the usernames against tens of thousands of applications. After hours of searching, I unexpectedly found the username of one of the hackers in his application.

The rogue developer-turned-hacker is "super1114". https://t.co/sn0fDdc0tl

0x2Joy's tweet photo. With the bug remaining unpatched, I searched the usernames against tens of thousands of applications. After hours of searching, I unexpectedly found the username of one of the hackers in his application.

The rogue developer-turned-hacker is "super1114". https://t.co/sn0fDdc0tl

0x2Joy's tweet photo. With the bug remaining unpatched, I searched the usernames against tens of thousands of applications. After hours of searching, I unexpectedly found the username of one of the hackers in his application.

The rogue developer-turned-hacker is "super1114". https://t.co/sn0fDdc0tl

0x2Joy's tweet photo. With the bug remaining unpatched, I searched the usernames against tens of thousands of applications. After hours of searching, I unexpectedly found the username of one of the hackers in his application.

The rogue developer-turned-hacker is "super1114". https://t.co/sn0fDdc0tl

3

42

3

2

9K

about 2 years ago

@zachxbt @PacmanBlur @Juice_Finance @_munchables_ @tayvano_ @Orbiter_Finance @inversebrah @AutismCapital @CoinDesk @decryptmedia @TheBlock__ @WuBlockchain @Cointelegraph @BitcoinMagazine @ArkhamIntel

2

20

0

0

6K

about 2 years ago

In order to gather more information about the hackers, I had the idea to search the GitHub usernames shared by @zachxbt to see if any of them appeared in the leaked applications, even if the chances were slim. This could only be accomplished if the bug remained unpatched.

1

32

0

0

7K

about 2 years ago

On March 26, Munchables suffered a 17,413 ETH hack, worth roughly $63 million. The perpetrator was later identified as one of their own developers, allegedly affiliated with North Korea. Today, I'm sharing a private investigation into who the hackers are and how they operate.

0x2Joy's tweet photo. On March 26, Munchables suffered a 17,413 ETH hack, worth roughly $63 million.

The perpetrator was later identified as one of their own developers, allegedly affiliated with North Korea.

Today, I'm sharing a private investigation into who the hackers are and how they operate. https://t.co/fVQbJkAQDB

27

544

100

190

116K

about 2 years ago

A while ago, I discovered a bug in one of the job hiring platforms, allowing me to view both the applications and applicants' personal information. Recalling this bug, I decided to see if it had been patched, only to discover, to my surprise, that it hadn't. How is this relevant?

1

35

0

1

7K

about 2 years ago

Understandably, most companies desire to hire highly skilled employees while minimizing wage costs. This desire is something that North Korean hackers have been exploiting for years, by creating lucrative applications with highly skilled developers who demand low wages.

1

26

0

1

7K

about 2 years ago

A common method for crypto companies to recruit employees very fast and easily is through job hiring platforms. These platforms allows them to advertise job positions and filter candidates based on their skill sets and salary.

0x2Joy's tweet photo. A common method for crypto companies to recruit employees very fast and easily is through job hiring platforms. These platforms allows them to advertise job positions and filter candidates based on their skill sets and salary. https://t.co/wBIkbzylK0

1

20

0

2

11K

Last Seen Users on Sotwe

Trends for you

Most Popular Users