Rebel

about 2 months ago

https://t.co/eUbOcby8z1

2

13

1

3

3K

Cryptorebbel retweeted

Arsen

@arsen_bt

1 day ago

5 exploits worth studying from this past week: ◼️ $2.5M from TSR Mint on BNB Chain, laundered via Tornado Cash 🔗 https://t.co/BEGusUjfOY ◼️ $295K from AROS on BNB Chain 🔗 https://t.co/V1bm37CPWj ◼️ $243K from ATM Token via transferFrom() abuse 🔗 https://t.co/6iG9JtsDQd ◼️ 14.41 ETH drained from ATOHook via Solady ReentrancyGuard storage slot collision 🔗 https://t.co/SUXjUJCsLH ◼️ $35K from DTXT/USDT via flash loan and USDT balance spoofing 🔗 https://t.co/hIUf8WSlm1

3

98

16

107

9K

Cryptorebbel retweeted

3 days ago

#CertiKInsight 🚨 We have seen an exploit affecting contract 0x0fa3E014fA2E751F78e53Dca766faC2223327329 BPool with a loss of 282 ETH (~$471k). https://t.co/eV1ksVdsdB

4

38

8

20

5K

Cryptorebbel retweeted

SlowMist

@SlowMist_Team

5 days ago

🚨SlowMist TI Alert🚨 💸 Loss: 14.411518807585587 ETH 🔍 Root Cause: Storage slot collision between `ATOHook.rewards` mapping slot and Solady `ReentrancyGuard` fixed slot (`0x02215292eb9609279094554c6e223f800950648ddfa3da30329838d6c170928d`). The `nonReentrant` modifier in `getReward()` writes sentinel value `0xffffffffffffff` to the guard slot, which is simultaneously read as `rewards[attackContract]` due to the collision. This inflated reward is paid as ETH each call, allowing 200 repeated claims. 📌 Attacker (EOA): 0x2d2aafc193c24e59bd16139056ac9b4df4d37ad0 📌 Victim Contract: 0xa10de71ddb4e0d51938ef6e0118822e157a62888 📌 Attack Contract: 0x2441e480f62bf609a08da09143e4baf8a817d757 Storage collision between reward accounting and reentrancy guard enables unlimited reward drainage. Powered by #SlowMist.AI https://t.co/vzW3aa8pnH

9

66

7

64

48K

Cryptorebbel retweeted

7 days ago

#CertiKInsight 🚨 The @gravity_bridge exploiter deposited another batch of 1180 ETH (~$2.06M) into Tornado Cash. Of the 2600 ETH stolen (~$5.4M at time of exploit), 2020 has been deposited into Tornado from two EOAs, with the remaining dispersed to CEXs. Stay Vigilant!

CertiKAlert's tweet photo. #CertiKInsight 🚨

The @gravity_bridge exploiter deposited another batch of 1180 ETH (~$2.06M) into Tornado Cash.

Of the 2600 ETH stolen (~$5.4M at time of exploit), 2020 has been deposited into Tornado from two EOAs, with the remaining dispersed to CEXs.

Stay Vigilant! https://t.co/V3lrzR3Hef

2

49

14

11

8K

Cryptorebbel retweeted

8 days ago

#CertiKInsight 🚨 We have seen an exploit of ~$243K on ATM token. The transferFrom() includes logic to swap 20% transfer amount of ATM for BSC-USD, so the attacker can repeatedly swap out extra after transfer. https://t.co/mf6uhujZgK Stay vigilant!

CertiKAlert's tweet photo. #CertiKInsight 🚨

We have seen an exploit of ~$243K on ATM token. The transferFrom() includes logic to swap 20% transfer amount of ATM for BSC-USD, so the attacker can repeatedly swap out extra after transfer.

https://t.co/mf6uhujZgK

Stay vigilant! https://t.co/hwN1B3Xt0m

6

83

16

37

9K

10 days ago

Most people carry a surprisingly powerful OSINT toolkit in their pocket. One of my favorites? Holehe on Termux. In seconds, it can help determine whether an email address is registered on dozens of online services. How to install and use it: pkg install python pip install holehe holehe [email protected] Useful for: • Account recovery investigations • Scam victim assistance • Digital footprint analysis • OSINT training No expensive software. No laptop required. Just your phone. What other OSINT tools are you running directly from Termux? #OSINT #CyberSecurity #InfoSec #DigitalForensics #Termux #Linux #EthicalHacking #DFIR #CyberInvestigation #OpenSourceIntelligence

Cryptorebbel's tweet photo. Most people carry a surprisingly powerful OSINT toolkit in their pocket.

One of my favorites?

Holehe on Termux.

In seconds, it can help determine whether an email address is registered on dozens of online services.

How to install and use it:

pkg install python

pip install holehe

holehe target@email.com

Useful for:
• Account recovery investigations
• Scam victim assistance
• Digital footprint analysis
• OSINT training
No expensive software.
No laptop required.
Just your phone.
What other OSINT tools are you running directly from Termux?

#OSINT #CyberSecurity #InfoSec #DigitalForensics #Termux #Linux #EthicalHacking #DFIR #CyberInvestigation #OpenSourceIntelligence

0

2

25

Cryptorebbel retweeted

PeckShieldAlert

@PeckShieldAlert

24 days ago

#PeckShieldAlert @dcfgod reports that @EchoProtocol_ was hacked on @monad The hacker minted 1k $eBTC ($76.7M) &, utilizing the tested flow, deposited 45 $eBTC ($3.45M) into Curvance. They then borrowed ~11.29 $WBTC ($867.7K) against it, bridged the $WBTC to #Ethereum, swapped them for $ETH, and sent 384 $ETH (~$821.7K) to #TornadoCash.

PeckShieldAlert's tweet photo. #PeckShieldAlert @dcfgod reports that @EchoProtocol_ was hacked on @monad

The hacker minted 1k $eBTC ($76.7M) &, utilizing the tested flow, deposited 45 $eBTC ($3.45M) into Curvance. They then borrowed ~11.29 $WBTC ($867.7K) against it, bridged the $WBTC to #Ethereum, swapped them for $ETH, and sent 384 $ETH (~$821.7K) to #TornadoCash.

11

103

20

25

24K

Cryptorebbel retweeted

Dominik Konopacki

@crypto_domin

26 days ago

Projekt z polskimi korzeniami @adsharesNet padł ofiarą exploita na ~$628k (~2.3M PLN). W transakcji poniżej Adshares token deployer wysyła prośbę do exploitera o zwrot 90% środków w zamian za 10% nagrody: 0x99a1114c2e8dc1807e00da0e963a6fbd5d91a04d1e1fd0a75b78e9c6b41a7464 Warto nadmienić, że projekt jakiś czas temu przeszedł na full DAO i raczej z Polską nie ma już nic wspólnego, ale spółka w PL w dalszym ciągu istnieje. @RecoverisTeam @EKryptowalut @Mikey_Satoshi @MaciejTomczyk3 @IT_Tech_PL @BithubPl @44Crew_PL Źródło:

1

20

2

10K

Cryptorebbel retweeted

PeckShieldAlert

@PeckShieldAlert

28 days ago

#PeckShieldAlert @THORChain has been exploited for ~$10M worth of crypto, including 36.75 $BTC ($3M) and ~$7M worth of assets from #BNBChain, #Ethereum, and #Base. The stolen funds mainly sit in: bc1ql4u94klk265lnfur2ujk9p6uh52f2a8jhf6f37 0xd477b69551f49C0519F9B18c55030676138890Bd

PeckShieldAlert's tweet photo. #PeckShieldAlert @THORChain has been exploited for ~$10M worth of crypto, including 36.75 $BTC ($3M) and ~$7M worth of assets from #BNBChain, #Ethereum, and #Base.

The stolen funds mainly sit in:
bc1ql4u94klk265lnfur2ujk9p6uh52f2a8jhf6f37
0xd477b69551f49C0519F9B18c55030676138890Bd

22

178

43

20

63K

Cryptorebbel retweeted

about 1 month ago

#CertiKInsight 🚨 We have seen ~$5.87M pre-approved fund stolen through 0xeEeEEe53033F7227d488ae83a27Bc9A9D5051756. The attacker registers as an AllowedOrderSigner through a public function, then executes the order to transfer from the victim. Please revoke any approval to the vulnerable contract. Stay vigilant!

CertiKAlert's tweet photo. #CertiKInsight 🚨

We have seen ~$5.87M pre-approved fund stolen through 0xeEeEEe53033F7227d488ae83a27Bc9A9D5051756.

The attacker registers as an AllowedOrderSigner through a public function, then executes the order to transfer from the victim.

Please revoke any approval to the vulnerable contract.

Stay vigilant!

12

95

20

43

43K

Cryptorebbel retweeted

about 1 month ago

#CertiKInsight 🚨 We have seen an exploit involving @wasabi_protocol. ~$2.9M drained so far https://t.co/lSWYPc64FE

32

200

34

31

57K

Cryptorebbel retweeted

Blockaid

@blockaid_

about 1 month ago

🚨Community Alert: Ongoing exploit on @SweatEconomy on @NEARProtocol. Exploiter: 3be304b2151870b2be88b9de0b80acab921337ad152584138bd852fc6e9ae018 Largest exploit tx: DvrSMfY85Anc6AuLUmoEDkDdab7qX5NUZLu76HN8NoPn

72

357

60

77

402K

about 1 month ago

@Dziewczynka_z_ Tak, swietnie napisane, @321Crypto mówi o tym od długiego czasu

1

4

0

162

Cryptorebbel retweeted

about 1 month ago

#CertiKInsight 🚨 We have seen an exploit involving @AftermathFi. ~$900K USDC drained so far https://t.co/kC1BEonomP Still under investigation. Stay vigilant!

20

137

34

31

80K

about 1 month ago

@KO_Kryptowaluty @44Crew_PL Sprawdze, moze sie do czegos jeszcze dogrzebie

0

1

0

152

about 2 months ago

@SzJadczak wiecej o tym, w ktorych kierunkach jeszcze wyplywaly srodki z zondy opisalem tutaj https://t.co/pIMVOkqn9n

about 2 months ago

https://t.co/eUbOcby8z1

2

13

1

3

3K

0

1

0

1

433

about 2 months ago

@KO_Kryptowaluty o tym gdzie mniej więcej wychodziły niektore środki opisałem tutaj https://t.co/pIMVOkqn9n

about 2 months ago

https://t.co/eUbOcby8z1

2

13

1

3

3K

0

2

255

about 2 months ago

@BithubPl To ja jeszcze dorzucę od siebie w jakich kierunkach wypływały środki z Zondy https://t.co/pIMVOkqn9n

about 2 months ago

https://t.co/eUbOcby8z1

2

13

1

3

3K

0

4

0

4

557

about 2 months ago

To w polaczeniu z tymi jak to nazywasz "aferkami" potwierdza tylko jedno, Ty po prostu jesteś chory, tak jak alkoholizm czy narkomanie - hazard trzeba leczyć. Obrzydliwe przy tym jest to, jak Ci którzy uzywajac Twojego imienia, robili zasięgi wchodzili gleboko w dupe, udawali kolegów, teraz robia to samo w druga strone gdy jestes już na równi pochyłej w dół...

1

5

0

917

about 2 months ago

@SzJadczak @zondacryptopl Ja tylko przypomne, ze od dwoch lat rzadzi KO a zonda w tym czasie tez nikt sie nie zajal, tak czy inaczej gdzie jeszcze mogły być prane środki opisałem tutaj https://t.co/pIMVOkqn9n