Telegram Web
要用env文件,避免敏感信息出现在代码、历史记录、网站访问日志中

https://twitter.com/greysign1/status/1664109947758743552
Dedaub反编译波场:
首先确保你拿到的是runtime bytecode,看里面没有CODECOPY
从开头搜索十六进制50 D3和50 D2,都改成50 34,替换之后就是合法的EVM bytecode可以直接反编译
https://twitter.com/AnciliaInc/status/1681902951168884736

_airdrop exploit,他标出(not yet)的地址攻击不了
ETH上的TADPOLE和GELDPEPE、LadyPepe垃圾币大概1小时前被攻击,获利4个ETH
Forwarded from bupt.moe
#security
Libbitcoin Explorer 使用了 PRNG 而非 CSPRNG 作为随机数初始源,导致私钥强度不够可能被攻击者猜出。
Libbitcoin Explorer 开发者否认这是一个bug。

编者评:开发者行为很奇怪,据披露文件说在 v2.3.0 (2017年) 的时候还是使用的 std::random_device + std::uniform_int_distribution 来作为随机数源的(也不安全), v3.0.0 之后就改成 get_clock_speed() + std::mt19937 作为随机数源了。这个刻意的修改我认为应该是故意削弱随机数发生器的安全性。

https://milksad.info/disclosure.html
恶俗·茶话会 / 万象更新
https://x.com/AnciliaInc/status/1709352941541630049 Attack contract: 0x0bb02653ca1c3c4915cae217aa02c16e68ae381a Victim: 0x6705d8196D06DA351371b6E0692fC18504ed4864 (bridge)
out存在重入,每个uuid的签名可多次提款
该bridge同时存在于ETH BSC POL ARB OP AVA CRO FTM BASE网络,只有BSC被搞,其他链上资产已转移
https://twitter.com/Phalcon_xyz/status/1732581441278824773

不保密了,直接公开 ThirdWeb exploit

Forwarder.execute -> TargetContract.multicall -> TargetContract.PriviledgedFunction

根本原因:multicall delegatecall自己保留msg.sender为Forwarder,在calldata结尾添加bytes20 address可伪造任意_msgSender
DEFI Scam Check (🔗Telegram)[🌐RU🔀EN]

How to Masterfully Decorate $243m and Get Caught

This is the story of how Grievis (Malone Iam), Wiz (Veer Chetal) and Box (Jandiel Serrano) stole $243m at the victim in August using a sophisticated social engineering attack.

On August 19, 2024, attackers targeted one Genesis lender:

1) Call pretending to be Google support from a fake number to hack personal accounts

2) Call to Gemini support about account hacking

3) Social engineering forced the victim to reset 2FA and send Gemini funds to the hacked wallet

4) Victim used AnyDesk to screen sharing and leaked private keys from Bitcoin Core.

Gemini txn hash
59.34 BTC - August 19 at 1:48 UTC

e747b963a463334c164b0a8fff844f73693272bb2b331adbe2147d70ec196360

14.88 BTC - August 19 at 2:30
UTC

7c7ebed785f0b4d4335d559b14b8215862fbe29db329e3ee0f2a7e64a16ce9e3

txn hash
4064 BTC - August 19 at 4:05 UTC

4b277ba298830ea538086114803b9487558bb093b5083e383e94db687fbe9090

Initial analysis showed that $243m was divided between each party, after which the funds were quickly distributed to over 15 exchanges where they were instantly exchanged between Bitcoin, Litecoin, Ethereum and Monero.

Viz (Vir) received a large percentage of the theft but his dementia and courage allowed him to make a mistake during the screen sharing, revealing his full name during the theft.

Accomplices called him Vir in audio recordings and in chats, special respect to them for their conspiracy

$34.5m
0x3c7a5f2795e73d2b94a9120a643f608cfc45c935

6Friend Visa Light/Dark (Aakaash ) helped him launder money using eXch and Thorswap.

Like Wiz, he also revealed his name during the screen sharing.

Wiz TC address confirmed in the video
0xa212d7441fed6db9ab666ba34e8c4

Greavis (Malone) lives a luxurious lifestyle, buying more cars with stolen money and going to clubs in Los Angeles and Miami with friends, spending $250-500k a night and giving girls Birkin bags.< br />
In videos and chats, many called him Malone and said that he was trading stolen funds on Discord.

Currently $3.5m tied to Grievis is here
0x21d7d256be564191a43553e574c06a4d0

Grivis was found through OSINT in Los Angeles/Miami thanks to friends/girls who posted his location every night on social media.

He also has Instagram account, where he posted photos of himself under his own name earlier this year.

Box (Jandiel/John) played his part by identifying the victim as a representative of the Gemini exchange.

On Discord, Telegram and other Box platforms reuse the same PFP.

Currently $18m is here
0x98b0811e2cc7530380caf1a17440b18f71f51f4e

Danny Trauma (Dane) was active in the internal Telegram chat under the pseudonym Mitch, although his exact role is not entirely clear, although he is known to have access to several bankruptcy databases.

However, his ex-girlfriend leaked all his photos on social media network, so his information became public.

Over the past few weeks, a cluster of Ethereum addresses tied to Box/Wiz received more than $41m from two exchanges that trade luxury goods.

Although most of the funds were converted to XMR, both Box and Wiz accidentally linked the laundered funds.

a) During the screen sharing, Wiz showed the address to which he sent funds for designer clothes

b) Box linked dirty money with clean funds, accidentally reusing the deposit address.

0x6d865235ebb2504d3478fc1dd839100d210144df

12/ With the assistance of the security team, the cyber crimes department and Binance, over $9m was frozen, and over $500k has already been returned.

As a result of the investigation, Box and Grievis were arrested last night in Miami and Los Angeles.

Law enforcement is believed to have seized additional funds during the arrests due to large transfers to that period

https://x.com/zachxbt/status/1836753473343259058&t=0kEtp7M29ov5I RUYfIeIlQ
2024/11/17 06:00:01
Back to Top
HTML Embed Code: