Olivia
Online
F12
@f12sec
Smart contract security. Continuous audits, real-time exploit monitoring & onchain forensics. Catching threats before they drain you.
Blockchain
Joined December 2009
0 Following
173 Followers
43 Posts
~72M USDT frozen by Tether , part of a 120M+ Tron laundering run (KuCoin, instant exchanges, bridged to BTC/ETH). confirmed the inflow on-chain. h/t @zachxbt
Frozen: TBzrPEsStbZAUx2SBhD4oHz8UW3FX9Ak9W Entity: TA6YHqB2xh5HhfmC7WoLQaWmqq7Vv4zCoQ
@r0bre yeah, closed source isn't a real boundary. the sbf bytecode is public, you can disassemble it, and missing account checks show up in behavior regardless. no source just means harder, not safe. hit the same root cause, and traced the full fund flow on chain. it's on my profile.
@Param_eth thanks!
@WhiteHatMage It's closed-source/unverified, that's why you can't find it
But source isn't needed: the bytecode is public and the bug is in account validation, discoverable by probing. The attacker's failed test txs are right there on-chain.
I broke it all down in my account
@PeckShieldAlert https://t.co/sotgfLOgrN
π¨ SOLVED: ~$1.3M Raydium-AMM exploit on Solana
We traced every hop on-chain
The bug? A FAKE LP token (supply=1) β Withdraw β 100% of the pool drained.
~$1.3M bridged via deBridge β 810 ETH straight into Tornado Cash.
Here's exactly how π§΅π
π¨ Raydium drained of ~$1.3M (reported by @PeckShieldAlert / Specter)
Attacker funded from KuCoin β bridged Solana to ETH β laundered 810 ETH via Tornado Cash + 7 ETH to FixedFloat. Tracing the on-chain flow now. π
@AMLBotHQ Full trace here if you want it π
https://t.co/sotgfLOgrN
π¨ SOLVED: ~$1.3M Raydium-AMM exploit on Solana
We traced every hop on-chain
The bug? A FAKE LP token (supply=1) β Withdraw β 100% of the pool drained.
~$1.3M bridged via deBridge β 810 ETH straight into Tornado Cash.
Here's exactly how π§΅π
π¨ SOLVED: ~$1.3M Raydium-AMM exploit on Solana
We traced every hop on-chain
The bug? A FAKE LP token (supply=1) β Withdraw β 100% of the pool drained.
~$1.3M bridged via deBridge β 810 ETH straight into Tornado Cash.
Here's exactly how π§΅π
π¨ SOLVED: ~$1.3M Raydium-AMM exploit on Solana
We traced every hop on-chain
The bug? A FAKE LP token (supply=1) β Withdraw β 100% of the pool drained.
~$1.3M bridged via deBridge β 810 ETH straight into Tornado Cash.
Here's exactly how π§΅π
@0xINFRA Root cause's a fake LP token (supply=1) that drains 100% of the pool on withdraw. Money went deBridge then 810 eth into tornado. Breakdown's here π
https://t.co/sotgfLOgrN
π¨ SOLVED: ~$1.3M Raydium-AMM exploit on Solana
We traced every hop on-chain
The bug? A FAKE LP token (supply=1) β Withdraw β 100% of the pool drained.
~$1.3M bridged via deBridge β 810 ETH straight into Tornado Cash.
Here's exactly how π§΅π
@TheBlockCo Root cause's a fake LP token (supply=1) that drains 100% of the pool on withdraw. Money went deBridge then 810 eth into tornado. Breakdown's here π
https://t.co/sotgfLOgrN
π¨ SOLVED: ~$1.3M Raydium-AMM exploit on Solana
We traced every hop on-chain
The bug? A FAKE LP token (supply=1) β Withdraw β 100% of the pool drained.
~$1.3M bridged via deBridge β 810 ETH straight into Tornado Cash.
Here's exactly how π§΅π
Exploited program (unverified):
https://t.co/e5CYsjoXrf
"Unverified" proof (osec):
https://t.co/3jKXL6CN36
ETH wallet:
https://t.co/G65xDHJb2z
π¨ SOLVED: ~$1.3M Raydium-AMM exploit on Solana
We traced every hop on-chain
The bug? A FAKE LP token (supply=1) β Withdraw β 100% of the pool drained.
~$1.3M bridged via deBridge β 810 ETH straight into Tornado Cash.
Here's exactly how π§΅π
π¨ Raydium drained of ~$1.3M (reported by @PeckShieldAlert / Specter)
Attacker funded from KuCoin β bridged Solana to ETH β laundered 810 ETH via Tornado Cash + 7 ETH to FixedFloat. Tracing the on-chain flow now. π
$894K drain (USDC+RAY):
https://t.co/CNmnhWft92
RAY+wSOL:
https://t.co/W6SQ8EOuAJ
RAY+SRM:
https://t.co/mE4Ssf0dn6
RAY+dust:
https://t.co/xRIdJ4f4s7
How it's prevented:
One line , assert the LP mint passed in == the pool's stored mint. On every withdraw/deposit path. No exceptions.
We catch this class with invariant checks + real-time "new mint β Withdraw β vault drained to 0" alerts
- F12 Security Labs
Same trick, 4 pools drained:
β’ 66,836 RAY + 893,700 USDC
β’ 74,720 RAY + 5,602 wSOL
β’ 8,621 RAY + 10,692 SRM
β’ 5,037 RAY + dust
Everything funneled into one wallet, then swapped to USDC
Cash-out:
USDC bridged Solana β Ethereum via deBridge (giveChainId "sol") β 819.9 ETH (~$1.3M) on the attacker's ETH wallet.
Then: 810 ETH into Tornado Cash (9 deposits), 7 ETH to FixedFloat, 0.65 ETH to a fresh EOA
Last Seen Users on Sotwe
Mo
Seen from Switzerland
CHUDAI CHANNEL
Seen from Malaysia
Sarah Arabic π
Seen from India
jakebattal
Seen from Switzerland
Dalouaa
Seen from Bahrain
Lavanyarasigan789
Seen from India
Octopus Ink Tattoo
ΰΈΰΈ±ΰΈYEDΰΈ‘ΰΈ·ΰΈΰΈΰΈ²ΰΈΰΈ΅ΰΈ
Seen from Thailand
ππ¦ππ
Seen from Pakistan
Ω
ΩΨ§Ψ·ΨΉ ΩΨ― ΨͺΨ±ΩΩΩ βΊοΈ
Most Popular Users
Elon Musk 
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.4M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.4M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.7M followers
KATY PERRY
@katyperry
87M followers
Taylor Swift
@taylorswift13
80.9M followers
Lady Gaga
@ladygaga
72.4M followers
Kim Kardashian
@kimkardashian
69.5M followers
Virat Kohli
@imvkohli
68.9M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.5M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.5M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.1M followers