Olivia
Online
OShield ๐ก๏ธ
@oshield_io
Smart Contract Auditing and Security Services ๐ก๏ธ
Some Beach
Joined October 2021
417 Following
4.1K Followers
320 Posts
ย Pinned Tweet
UPDATE: Following earlier concerns by @oshield_io tied to the exploit, SolanaFloor has confirmed from its sources that the @DriftProtocol team is safe and not in any physical danger.
Who to follow
Solsteads & Citizens
@SolsteadsNFT
Solana's surreal estate. A beautiful home and exclusive gallery for your NFTs.
Matrica ๐ณ
@MatricaLabs
Matrica is the number ๐ฅ trusted community solution!
Want to see why all the top communities use our tools?
๐Apply at https://t.co/3ZozBePodX
MonkeVentures
@MonkeVentures
The Investment syndicate of @MonkeDAO. Democratizing and redefining investments for retail investors, one monke at a time.
Inbound: https://t.co/cLSYie1DbU
Update โ @DriftProtocol uses two different multisig wallets both with the same set of members.
1 ) Risk Council โ
2-of-5 multisig that two of the keys were compromised to upgrade the programโs admin key and setup the vault for the scam token CVT
https://t.co/7dJgyUb5uW
1) Program Upgrade โ
3-of-5 multisig that around an hour ago signed a transaction to upgrade the program. It was approved by the other 3 members apart from the confirmed 2 compromised members.
https://t.co/hNTGb1RSXk
Attacker most likely did not compromise all wallets as the program upgrade seems to be benevolent.
This is CRAZY!
@pattiruss_ @bangerz @DriftProtocol 1) They are physically in danger
2) The infra they use for their keys has been compromised and has even a bigger issue.
Summary of the @DriftProtocol Exploit thus far:
1) Someone on Drift multisig has updated the drift state account to change the admin here.
https://t.co/qZWnNjmbCQ
2) This member on the multisig approved the change
https://t.co/OFWYP6DyOR
3) And the current admin and attacker is this account.
https://t.co/5fdzN3GaGH
4) The attacker used this key to initialize spot market vault for a CVT ( scam propped up token) with high oracle price here.
https://t.co/Tr1XPQWib4
5) Deposits CVT and withdraws actual tokens using the cross-margin and swap functionality on Drift.
6) Program upgrades is happening to regain back the admin as per our latest analysis.
Update โ
The main issue is that two keys from the multisig has been compromised,
https://t.co/z6sM0zXKUZโฆ
And
https://t.co/GAN6367zpMโฆ
Concerning that the physical security of the team might be in danger.
The main issue is that two keys from the multisig has been compromised,
https://t.co/z6sM0zXKUZโฆ
And
https://t.co/GAN6367zpMโฆ
Concerning that the physical security of the team might be in danger.
@GrimLothar https://t.co/t6fZxnRnKJ
The main issue is that two keys from the multisig has been compromised,
https://t.co/z6sM0zXKUZโฆ
And
https://t.co/GAN6367zpMโฆ
Concerning that the physical security of the team might be in danger.
The main issue is that two keys from the multisig has been compromised,
https://t.co/z6sM0zXKUZโฆ
And
https://t.co/GAN6367zpMโฆ
Concerning that the physical security of the team might be in danger.
The main issue is that two keys from the multisig has been compromised,
https://t.co/z6sM0zXKUZโฆ
And
https://t.co/GAN6367zpMโฆ
Concerning that the physical security of the team might be in danger.
Summary of the @DriftProtocol Exploit thus far:
1) Someone on Drift multisig has updated the drift state account to change the admin here.
https://t.co/qZWnNjmbCQ
2) This member on the multisig approved the change
https://t.co/OFWYP6DyOR
3) And the current admin and attacker is this account.
https://t.co/5fdzN3GaGH
4) The attacker used this key to initialize spot market vault for a CVT ( scam propped up token) with high oracle price here.
https://t.co/Tr1XPQWib4
5) Deposits CVT and withdraws actual tokens using the cross-margin and swap functionality on Drift.
6) Program upgrades is happening to regain back the admin as per our latest analysis.
Summary of the @DriftProtocol Exploit thus far:
1) Someone on Drift multisig has updated the drift state account to change the admin here.
https://t.co/qZWnNjmbCQ
2) This member on the multisig approved the change
https://t.co/OFWYP6DyOR
3) And the current admin and attacker is this account.
https://t.co/5fdzN3GaGH
4) The attacker used this key to initialize spot market vault for a CVT ( scam propped up token) with high oracle price here.
https://t.co/Tr1XPQWib4
5) Deposits CVT and withdraws actual tokens using the cross-margin and swap functionality on Drift.
6) Program upgrades is happening to regain back the admin as per our latest analysis.
Oshield is proud to partner with @solflare on security.
We audited Solflare Shield (hardware wallet) and Solflare Card (crypto debit card), confirming strong protections for users.
All critical and high-severity issues were patched before launch.
Security first. ๐ก
@DeFiTuna ๐ค๐ค๐ค
https://t.co/WAejVwXUtL
We completed an audit of @DeFiTuna โs leveraged product. 2 critical vulnerabilities were identified alongside a number of high and medium severity level issues.
All bugs have been patched and fixes are implemented. Tuna is safely deployed on top of @FusionAMM markets and @orca_so whirlpools.
Read the full report on our publications page ๐
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
60.9M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers