Olivia
Online
Elad Ernst
@EladErnst
Director of Research at
@blockaid_
תל אביב
Joined July 2019
439 Following
822 Followers
675 Posts
🚨Community Alert:
Blockaid Exploit Detection system detected an ongoing exploit on @ThetanutsFi
More details in🧵
🚨Community alert: Blockaid detected a @MIM_Spell depeg on Arbitrum. MIM is trading around ~$0.91-$0.92 in executable routes, driven by thin/imbalanced Arbitrum liquidity pools.
Token: https://t.co/lvfKd0TzIZ
🚨Community Alert
Blockaid Exploit Detection system detected compromise key incident involving the @MILCplatform bridge on BNB and Ethereum.
The historical bridge admin wallet was used to grant role for new exploiter EOA, withdraw MLT from bridge contracts and transfer admin control to attacker wallets.
🧵
Huge thanks to everyone who helped during the response: @newmichwill, @SEAL_911 , @pcaversaccio, @blockaid_, @itsJeremiahS, @wavey0x, @HypernativeLabs, @KyberNetwork, @MetaMask, @dRPCorg, @aladdindao, @LayerZero_Core @EnsoBuild and many other community members. Your speed and support made the difference. 🙏
Who to follow
Erez Druk
@ErezDruk
Building the most clinician-focused company in the world.
https://t.co/vpJENGBfe0 | https://t.co/xsymIStZgK
Stav Kislev
@StavKislev
Foodie 🍕 @TelAvivUni Biomed Alum 🧬 @TechnionLive Med Student 👨🏼⚕️ Top-writer on @Quora ✍️ Former executive editor at @JIMS_Journal1📜 Tweets are my own
דג הכסף
@NBhgdrh
כלכלה, פיננסים, היסטוריה, תמונות, קריקטורות ומוזיקה; דעות אישיות ומחשבות, אין המלצות
I think you’re massively overestimating our influence here, where exactly do we fit into this story? Would love to clear any confusion
A little sad to see a reductive and, frankly, hateful comment from an org I’ve enjoyed interacting with in the past @kt_nowk . Have a lot of respect for the team over there
🚨Community Alert: 1.5m$ Exploit on Token of Power (TOP) - Ethereum
Blockaid Exploit Detection system detected a governance-takeover attack. attacker drained 944.2 WETH ($1.585M) from the TOP/WETH Balancer V1 BPool. Balancer protocol itself is not the bug the pool was just the venue.
More details in 🧵
🚨Blockaid detected an ongoing incidnet targeting the @Humanityprot on multiple chains.
Multiple wallets drained to attacker addresses on Ethereum & BNB Chain, ~$10M in $H moved so far. Evidence points to compromised key, not a token-contract exploit.
More details in 🧵
A sincere thank you to the @blockaid_ team for being the first to detect the exploit and for their support throughout the investigation.
We would also like to thank the @SEAL_911 team for their assistance and responsiveness during the incident.
The collaboration and professionalism shown by both teams have been invaluable as we work through this situation.
🚨Blockaid detected an exploit targeting the Alephium TokenBridge on Ethereum.
~$815K drained in ~7 minutes via 3-of-4 compromised guardian keys signing forged VAAs. 13.76M wrapped ALPH minted (>100% of prior supply) + USDT/USDC/WBTC/WETH unlocked from custody.
More details in 🧵
Blockaid expands Chain Support for @Aster_DEX:
→ Transaction Scanning across deposits, withdrawals, and perp activity
→ Address Scanning on every counterparty before capital moves
→ Token Scanning for honeypots, rugpulls, and impersonation
→ Risk Exposure for compliance screening, including sanctioned entities, mixers, stolen funds, and fraud operations
Trading firms and asset managers now have the real-time security and compliance coverage to meet institutional standards onchain.
🚨 Blockaid detected an ongoing exploit targeting
@StakeDAOHQ on Arbitrum.
The attacker just minted over 5.4 trillion vsdCRV and is actively swapping it for ETH.
More details in 🧵
🚨 Blockaid detected an ongoing exploit targeting the SquidRouterModule on Ethereum and Base.
86 Gnosis Safes drained for ~$3M in ~2 hours.
All stolen tokens swapped to DAI via attacker-controlled Uniswap V3 pools.
More details in 🧵
Suspected Root cause: Private key compromise of a minting multisig owner.
The @StablREuro minting multisig had a 1-of-3 threshold - a single compromised key was enough for full control. The attacker:
1. Added themselves as owner
2. Replaced the other 2 legitimate owners
3. Minted 8.35M USDR + 4.5M EURR
4. Swapped ~$10.4M face value on DEXes, realizing 1,115 ETH ($2.8M) due to thin liquidity
This is not a smart contract bug - it's a key management and governance failure.
This is not a smart contract bug — it's a key management and governance failure.
🚨Community Alert
Blockaid's exploit detection system has identified an ongoing exploit on @StablREuro.
~$2.8M extracted so far.
Both tokens are depegged: 0x50753cfaf86c094925bf976f218d043f8791e408 (StablR Euro)
and
0x7b43e3875440b44613dc3bc08e7763e6da63c8f8 (StablR USD) on Ethereum.
More details to follow.
🔎 Suspected root cause - TL;DR
The bridge authenticates cross-chain message retries with keccak256(abi.encodePacked(...)) over four consecutive dynamic-bytes fields (initiator, from, to, swapData). abi.encodePacked has no length prefixes, so the field boundaries aren't encoded - different field allocations can pack to the identical byte string and therefore the identical keccak.
The attacker:
1) Originated a real, oracle-multisig-signed MAP→ETH message to a precomputed CREATE address. Destination had no code yet → bridge cached a "NotContract" retry commitment.
2) Deployed the exploit contract at that exact address.
3) Called retryMessageIn with rearranged bytes-field boundaries that pack to the IDENTICAL 601-byte string as the planted message → same keccak → guard passes → bridge mints 10^15 MAPO (~4.8M× supply) to attacker.
Not a key compromise, not a light-client bug, not a MAPO bug. Pure Solidity abi.encodePacked footgun on multiple dynamic-bytes fields.
🚨 Community alert
@MapProtocol / @ButterNetworkio bridge exploited on Ethereum and Bsc.
Attacker tricked Butter Bridge V3.1 (OmniServiceProxy) into minting ~1 quadrillion MAPO — about 4.8M× the legitimate ~208M supply — directly to a brand-new EOA.
More details in🧵
🚨 Community alert:
Blockaid's exploit detection system has identified an on-going exploit on the @veruscoin Verus-Ethereum Bridge (https://t.co/HEwYZqFEfC).
~$11.58M drained so far.
More details in🧵
🚨Community alert:
Thorchain was likely exploited on Bitcoin, Ethereum, BSC, Base for $10M+.
Exploiter addresses
bc1ql4u94klk265lnfur2ujk9p6uh52f2a8jhf6f37 0x82fc0d5150f3548027e971ec04c065f3c93154eb 0xd477b69551f49C0519F9B18c55030676138890Bd
More details in🧵
Since December, @Blockaid_ has seen security incidents surge from a handful a month to several a day.
The driver? AI.
Threat actors are using AI to find and execute exploits faster than ever, at a fraction of the cost and skill it once required.
Last Seen Users on Sotwe
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.3M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.5M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.4M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.7M followers
KATY PERRY
@katyperry
87.1M followers
Taylor Swift
@taylorswift13
81M followers
Lady Gaga
@ladygaga
72.5M followers
Kim Kardashian
@kimkardashian
69.5M followers
Virat Kohli
@imvkohli
69.1M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.6M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.7M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.2M followers