Olivia
Online
xAudits
@xAudits
Smart Contracts Audit Service for Rust and Solidity.
We enhance the security of the Smart Contracts that revolutionize our world.
Web3 Security
Joined December 2023
214 Following
587 Followers
220 Posts
Seems the @SeedifyFund hack is related again to North Korea DPRK group.
What Happened more exactly:
1. Seedify’s cross-chain bridge (using LayerZero’s OFT standard) was exploited (the exploit was NOT a @LayerZero_Core/OFT code bug, but an ownership compromise).
2. The attacker gained ownership control of the OFT contract on certain chains (e.g., Base).
3. With that control, they abused the setTrustedRemoteAddress function to redirect the bridge’s trust to their own malicious contract.
4. This let them send fraudulent cross-chain messages that were treated as valid by the destination chains (BNB Chain, Base, Polygon).
Result: attacker minted/received large amounts of $SFUND on BNB Chain and dumped them, causing a severe price crash.
Attack Flow:
1. Ownership Takeover
Attacker obtained the private key or otherwise compromised the admin account controlling SFUND_OFTv1 contracts on some chains.
tx: https://t.co/YByfOiWAOb
2. Malicious Remote Address Set
Using setTrustedRemoteAddress, attacker set their own contract (0xffad4bD0fA118010bA01a3C69C9Ed7fF460E943e) as the trusted Polygon/Base link.
tx: https://t.co/dhNC2014lK
3. Fake Cross-Chain Message Sent
From Polygon, attacker sent a crafted message that looked legitimate to the OFT bridge.
tx: https://t.co/gUITTCAIT6
4. Tokens Minted/Released on Destination Chain
On Base -> BNB Chain, the OFT bridge logic minted the equivalent $SFUND amount for the attacker.
Final BNB exploit tx.
Profit Realization
Attacker dumped the stolen $SFUND into other assets, draining liquidity and crashing the price.
tx: https://t.co/S3qOyRFKLs
🚨 Root Cause
1. Private key compromise of the contract owner(s) like via:
a) Social engineering/phishing (tricked admins into signing something bad)
b) Poor key management (private key in a hot wallet/server/malware)
c) Insider misuse
d) any other tech glitches used by DPRK group (more to research in the next days)
2. Once the attacker had owner rights, they could freely modify LayerZero’s trusted remote configuration.
3. This is a known centralization risk in cross-chain bridges: the “owner” key becomes a single point of failure.
📉 Impact
1. Multiple chains affected (BNB, Base, Polygon).
2. Large amounts of $SFUND minted and stolen.
3. Rapid price crash due to sell-off.
4. Exploit abused the LayerZero OFT logic, but the underlying cause was ownership compromise, NOT a flaw in LayerZero itself.
We just shared an official update on everything regarding today's bridge contract hack.
We appreciate every single person who has shown their support today and sent us their good energies.
We will make sure this part of our story becomes part of a great comeback story from here for our community, holders, and partners who have shared positive things about us.
There is no other option, but to work 10X harder from here, and show resiliency in the face of adversity.
Thank you once again, everybody 🙏
🚨 There’s a large-scale supply chain attack in progress: the NPM account of a reputable developer has been compromised. The affected packages have already been downloaded over 1 billion times, meaning the entire JavaScript ecosystem may be at risk.
The malicious payload works by silently swapping crypto addresses on the fly to steal funds.
If you use a hardware wallet, pay attention to every transaction before signing and you're safe.
If you don’t use a hardware wallet, refrain from making any on-chain transactions for now.
It’s still unclear whether the attacker is also stealing seeds from software wallets directly at this stage.
Excellent report here: https://t.co/5CtiZJHYsN
Stay safe guys.
We're glad it ended well, but it doesn't always happen that way, especially in web3.
I always tried to understand why in 2025 web3 investors still use to send funds to the token address SC instead of swapping by using a DEX / CEX where the token is listed.
I’ve heard stories from the early days when some token contracts actually implemented a “swap” or backdoors by automatically sending back tokens equivalent to the incoming ETH. That pattern is now for sure deprecated.
From talking with these newer users (many of whom are first-time @MetaMask users) the main reason this still happens is simple: they add a new token in MetaMask, see its contract address, and accidentally send ETH there. And these are new web3 users, first time using Metamask. So for sure we need better tools, better UI and better security.
Today we helped a @ratio1ai community user to recover the funds sent to the R1 token address from Optimism, but R1 token is on Base.
Clearly 2 big mistakes:
a) not using a DEX, but sending funds to R1 token SC
b) sending funds on the wrong chain (Optimism vs Base)
The good part was that the second mistake was also the "saving" one, because on Base, R1 SC token is not upgradeable.
Also, another lucky part is that on Optimism, we didn't use the token deployer address at all and we have been able to use the same Base nonce to deploy / generate the same SC address, add an withdraw function, recover the funds and sent back to the legit owner. If our Optimism nonce was bigger vs the one used on Base, it would have been impossible to generate the same SC address and recover those funds.
How is this possible from a tech perspective?
a) Most of the EVM L1 and L2 chains are using the same address space - for example the specific wallet on ETH has the same equivalent / correspondent on Base.
b) Contract creation addresses are deterministic, so using the same nonce, you can create/deploy the same SC address if you want from another chain, ofc if you have access to that deployer private key.
address = keccak( RLP(sender_address, sender_nonce) )[12:]
Big thanks to @alessandrodfr / @xAudits squad for the invaluable support 🫡
xAudits is proud to continuously support the #MultiversX ecosystem - auditing smart contracts to help ensure a secure and reliable environment for the community.
Until now, every audit we've delivered has stood the test of time - high-end security, proven in the wild.
🔍 Smart Contract Audit Services for Rust & Solidity
🔗 Fortify your Web3 ecosystem on #MultiversX with expert-driven security.
Your code, our scrutiny - no vulnerabilities left behind.
Secure your #MultiversX smart contracts with confidence.
We have identified and fixed numerous vulnerabilities for leading projects.
The best proof of our expertise is time itself ; after extensive periods, no vulnerabilities have been found in the smart contracts we audited for projects such as @LudoHQ , @OneDex_X , @SuperRare_Bears, and many more.
Smart Contract Audit Services for Rust & Solidity 🔍
Secure your Web3 ecosystem with xAudits! Our experts identify vulnerabilities using cutting-edge security research & an attacker's mindset to reinforce your code.
🔹 Reverse Engineering
🔹 Cryptography
🔹 Virtualization
🔹 Exploit Analysis
📩 Get audited today!
Ensure your blockchain project is secure and trustworthy with our Smart Contract Audit Services.🔒
We identify vulnerabilities, optimize code, and protect your assets. Build confidence in your platform. 🚀
Strengthen Your Web3 Security with xAudits
Ensure the safety of your smart contracts with xAudits' expert audit services.
Our team leverages advanced security research and an attacker's perspective to identify vulnerabilities and enhance code reliability.
With expertise in reverse engineering, cryptography, malware analysis, and exploit detection, we help safeguard your Web3 ecosystem.
👉Read more on https://t.co/HyapGgaA6Y
@BeHeroNetwork let's do it again 🫡
@BeHeroNetwork
@BeHeroNetwork @xAnalyzeio welcome aboard my little brother @xAnalyzeio!
The Linux kernel 6.10 introduces the mseal syscall for memory protection. Discover its unique features, how it differs from prior schemes, its kernel implementation, and the userspace exploits it prevents.
https://t.co/wDzD9ysgjq
@flipixio GM!
Last Seen Users on Sotwe
Dedsadsad
Seen from Thailand
Cellece -Open Commission-
Seen from South Africa
SaeRock
Seen from Korea
ONLY $13 NO PPV EVER!!!
Seen from United States
paslamteng
Seen from Indonesia
Pemuas Wanita
Seen from Indonesia
크루아상
Seen from Korea
Gay big Ass 🍆
Seen from Turkey
آلُـِـِِـِِِـِِـِـڛـ,ـفُـ,ـآحـًـًًـًًًـًًـًـح
Thuỷ Tạ lil Rustica
Seen from United States
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.3M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.5M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.4M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.7M followers
KATY PERRY
@katyperry
87.1M followers
Taylor Swift
@taylorswift13
80.9M followers
Lady Gaga
@ladygaga
72.5M followers
Kim Kardashian
@kimkardashian
69.5M followers
Virat Kohli
@imvkohli
69.1M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.6M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.7M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.2M followers