Track the on-chain flow. Blockchain forensic intelligence platform with encrypted reports on @Solana.
@Colosseum Frontier β’ Supported by @SuperTeamBr π§π·
π¨ EXPLOIT ALERT π¨
Humanity Protocol wallets linked to the project were compromised β +$30M+ in ethereum:0xcf5104d094e3864cfcbda43b82e1cefd26a016eb drained (losses climbing from $19M to over $32M reported).
On-chain analyst @SpecterAnalyst was one of the first to flag the suspicious drains from 17+ wallets that interacted with Humanity Protocol.
The attacker exploited compromised private keys belonging to a member of the Humanity Foundation, draining $H tokens and swapping them aggressively for ETH/BNB on DEXes like Kyber and PancakeSwap. $H token crashed 85-90%.
β οΈ Important: β’ Core protocol remains secure and user funds on the main contracts are SAFU β’ This was not a smart contract bug β it was a private key compromise β’ The team (via @Humanityprot and @terencekwok) has acknowledged the incident and is working with leading security firms β’ Trading continues but they strongly advise: pause all interactions with bridge and liquidity pools until further notice.
β Recommendations: β’ Immediately stop any bridge or LP interactions with Humanity Protocol until official all-clear β’ Only follow verified updates from @Humanityprot or @terencekwok (beware of scammers and fake DMs) β’ Projects should use Multisig + Timelock + regular key rotation for foundation/admin wallets β’ Revoke any unnecessary approvals if you interacted with related contracts.
User funds are SAFU on the core protocol, but private key management still kills projects. Stay safe out there.
@solana_sailor@solana@SolanaFndn@superteam@toly Weβre in! ποΈπ₯
Whatβs the point of an on-chain investigation if the final report is just a manipulable PDF?
We solve this with an end-to-end encrypted and verifiable solution on Solana.
Encrypted on-chain investigations, built for real-world impact.
@solana_sailor@solana@colosseum@superteam@toly We're in! ποΈπ₯
What's the point of an on-chain investigation if the final document is a useless and easily manipulated PDF?
We solve this with our end-to-end, encrypted, and verifiable solution in Solana.
Encrypted on-chain investigation in Solana.
@kukasolana@RoundFinanceSol We are proud to say: We were born with the support of the @SuperteamBR π§π·
The journey to Colosseum Frontier has been incredible.
The submission deadline has passed, but construction has only just begun.
Thanks @kukasolana
π¨ EXPLOIT ALERT π¨
@Polymarket UMA CTF Adapter on Polygon was compromised β ~$660K in POL drained.
@zachxbt was one of the first to flag the suspicious transfers from the UMA CTF Adapter Admin.
The attacker exploited an old 6-year private key, draining roughly 5,000 POL every 30 seconds from an internal operations/rewards wallet.
β οΈ Important:
β’ User funds and main Polymarket contracts are SAFU
β’ This was **not** a smart contract bug, it was a private key compromise
β’ The team has already rotated the key and revoked permissions
β’ Trading continues normally
β Recommendations:
β’ Immediately revoke approvals for the UMA CTF Adapter
β’ Avoid interacting with the affected adapter until official confirmation
β’ Projects should use Multisig + Timelock + regular key rotation for admin/ops wallets
User funds are SAFU, but old key management still kills projects.
Warning: #Polymarket's contract appears to be exploited, and the attacker is stealing funds.
So far, more than $660K has already been stolen.
Source: @zachxbt
https://t.co/WXvRwtWEFs
@vibhu We're in! ποΈπ₯
What good are on-chain investigations if the final document is a worthless and easily manipulated PDF? We solve this with our end-to-end, encrypted, and verifiable solution in Solana.
@solana@colosseum We're in! ποΈπ₯
What good are on-chain investigations if the final document is a worthless and easily manipulated PDF? We solve this with our end-to-end, encrypted, and verifiable solution in @solana
@kukasolana We're in! ποΈπ₯
What good are on-chain investigations if the final document is a worthless and easily manipulated PDF? We solve this with our end-to-end, encrypted, and verifiable solution in Solana.
@mattytay@colosseum We're in! ποΈπ₯
What good are on-chain investigations if the final document is a worthless and easily manipulated PDF? We solve this with our end-to-end, encrypted, and verifiable solution in Solana.
@colosseum@solana We're in! ποΈπ₯
What good are on-chain investigations if the final document is a worthless and easily manipulated PDF? We solve this with our end-to-end, encrypted, and verifiable solution in Solana.
π¨ EXPLOIT ALERT π¨
@EchoProtocol_ on @Monad, $76.7M Unauthorized eBTC Mint.
@lookonchain detected the mint of 1,000 eBTC first. The attacker compromised a single admin EOA key, granted themselves minting rights, and created the tokens.
β οΈ Important:
β’ Monad chain itself is safe
β’ Not a smart contract bug β it was poor key management (single EOA admin)
β’ Attacker used part of the minted tokens as collateral on Curvance to borrow real WBTC, then bridged and laundered via Tornado Cash
β’ Still holds ~955 unbacked eBTC
β Recommendations:
β’ Avoid using Echo Protocol / eBTC until official confirmation
β’ Monitor any Curvance positions exposed to eBTC
β’ Projects should move to Multisig + Timelock for admin/minting roles
Crazy β another hack just happened!
According to @dcfgod, @EchoProtocol_ on Monad was exploited.
The hacker:
minted 1,000 $eBTC ($76.64M) on Monad;
deposited 45 $eBTC ($3.45M) into Curvance;
borrowed 11.3 $WBTC ($867K) from Curvance;
bridged the 11.3 $WBTC to Ethereum and swapped it for 385 $ETH ($821K);
then deposited the 385 $ETH into Tornado Cash to launder the funds.
The hacker still holds 955 $eBTC ($73.2M).
https://t.co/iswmvC0Gk1