Beosin Alert @BeosinAlert Twitter profile

Last Seen Profiles

@mogmachine

@mihoo_andrzej

@HgTheol_mission

@cahuntclub

@UntaiSastra

@whatson4kids

@DennisOkari

@redelk_yt

@Keyaki_Matsuya

@basiliisk

@vivianeghesq

@jesshuh15

@INSOSMANEK1

@EnslavedDoc

@emilunamona

@WaterstonesGod

@gayfourthies

@Cheezy6575

@h_wagonr

@NotVeryCoggy

@pepmint_love

@janisxinesis

@asyagocheese

@itsmaaoo

@felavu_official

@tekken_masterbh

@santecue

@rizkydwi489

@badabluee

@_Chugege_

@G_StuckOnSports

@Jupiter300571

@HerminaNaf44617

@saikyopoker

@nogayelo7

@INSOSMANEK1

Beosin Alert

@BeosinAlert

7 months

🚨 #Unibot exploited🚨 Hacker: The root cause is CAll injection, where an attacker can pass custom malicious calldata into the 0xb2bd16ab() method to transfer tokens approved to Unibot contracts. Users need to revoke approval for

7

36

94

Beosin Alert

@BeosinAlert

1 year

Analysis: The hacker first targets a pool with low liquidity to see if the MEV bot will front-run the tx. For example, the hacker tempts the bot with 0.04 WETH. It is found that the pool is indeed monitored by the MEV bot, the bot will also use all of its funds for arbitrage.

Beosin Alert

@BeosinAlert

1 year

Stolen funds are held at 0x3c98d617db017f51c6a73a13e80e1fe14cd1d8eb ($19,923,735.49) 0x5B04db6Dd290F680Ae15D1107FCC06A4763905b6 ($2,334,519.51) 0x27bf8f099Ad1eBb2307DF1A7973026565f9C8f69 ($2,971,393.59)

0

1

8

4

20

65

Beosin Alert

@BeosinAlert

1 year

🚨Beosin security researchers have recently discovered a critical vulnerability in the library of SnarkJS (version 0.6.11 and earlier). SnarkJS is an open source JavaScript library for building zero-knowledge proofs, widely used in the implementation and optimisation of

1

16

64

Beosin Alert

@BeosinAlert

1 year

⚠️Atlantis Loans was under a governance attack for ~$1M. The attacker gained control over the contract and replaced with a contract containing backdoor function to transfer tokens approved by users. Attacker:

Atlantis Loans Exploiter | Address 0xEADe071FF23bceF312deC938eCE29f7da62CF45b | BscScan

The Address 0xEADe071FF23bceF312deC938eCE29f7da62CF45b page allows users to view transactions, balances, token holdings and transfers of BEP-20, BEP-721 and BEP-1155 (NFT) tokens, and analytics.

bscscan.com

4

18

56

Beosin Alert

@BeosinAlert

1 year

Sturdy Finance was exploited for $770K earlier today. Attacker exploits the read-only reentrancy vulnerability in Balancer to manipulate the price of cB-stETH-STABLE, then requirement of 'validateSetUseReserveAsCollateral' can be passed to remove

1

11

57

Beosin Alert

@BeosinAlert

1 year

$CS token was exploited for $714K in tx The root cause is that the sellAmount in the _transfer function is not updated in time. Attack Flow: 1/ The attacker borrows BSC-USD via flashloan and swap into $CS.

1

10

58

Beosin Alert

@BeosinAlert

1 year

SeaSwapSui rug pulled with 32,787 $SUI. Txs: The sender is the owner of the modules’ presale ledger (PresaleStorage object). The owner can call emergency_withdrawal_token () to withdraw all the $SUI and $SEA obtained in the

4

13

58

Beosin Alert

@BeosinAlert

4 months

Socket protocol @SocketDotTech was under a call injection attack with a loss of ~$3.3M. This attack was mainly due to an unsafe call in the performAction function. It did not consider the case where the caller transfers in 0 WETH, allowing the caller to specify other functions

Socket

@SocketProtocol

4 months

Urgent Socket has experienced a security incident which affected wallets with infinite approvals to Socket contracts. We have identified the issue & have paused the affected contracts. We’re working on the situation & will keep you informed with regular updates & next steps.

86

165

556

2

8

61

Beosin Alert

@BeosinAlert

11 months

H1 2023 Web3 Security Statistics 🚨Total losses from hacks, phishing scams, and rug pulls in Web3 reached $655.61 million in the first half of 2023. Among them, 108 attacks -> $471.43M Phishing scams -> $108M 110 rug pulls -> $75.87M

6

22

49

Beosin Alert

@BeosinAlert

1 year

🚨 Recently, Beosin security team discovered a critical stack overflow vulnerability caused by recursive calls. This vulnerability can lead to a total network shutdown, prevent new validators from joining the network, and potentially result in a hard fork in #Sui , #Aptos , and

7

15

55

Beosin Alert

@BeosinAlert

1 year

Seems @jimbosprotocol exploited for ~$7.5M in tx Now the stolen funds have been bridged to Ethereum address 0x5f3591e2921d5c9291f5b224e909ab978a22ba7e

2

7

50

Beosin Alert

@BeosinAlert

10 months

🚨Transactions on #Shibarium are stuck in a pending state. $1.7M are currently locked on ETH. Users are advised to temporarily stop using shibarium.

EtherPredicateProxy | Address 0xc3897302ab4b42931cb4857050fa60f53b775870 | Etherscan

The Contract Address 0xc3897302ab4b42931cb4857050fa60f53b775870 page allows users to view the source code, transactions, balances, and analytics for the contract address. Users can also interact and...

etherscan.io

ʎppɐꓷ ɯooɹɥS

@shroom_daddy

10 months

In case yall were wondering how Shibarium is going

353

341

2K

16

23

50

Beosin Alert

@BeosinAlert

1 year

Attack flow of the @jimbosprotocol exploit: The hacker flashloans 10,000 WETH, swaps for $JIMBO to raise its price. Then transfers 100 $JIMBO to JimboController contract for adding liquidity later (since the JIMBO price is inflated, only a small amount of $JIMBO are needed).

Beosin Alert

@BeosinAlert

1 year

Seems @jimbosprotocol exploited for ~$7.5M in tx Now the stolen funds have been bridged to Ethereum address 0x5f3591e2921d5c9291f5b224e909ab978a22ba7e

2

7

50

2

9

52

Beosin Alert

@BeosinAlert

1 year

On May 23, @LOCALTRADERSCL $LCT on BSC was exploited for 380 $BNB ($118K) in tx The root cause is that the 0xb5863c10 function lacks a permission check and can be called by anyone to modify the owner. The attacker first sets himself as the owner and then

2

7

50

Beosin Alert

@BeosinAlert

2 years

We're seeing reports that FTX @FTX_Official was under an gas stealing attack. The attacker deploys the arbitrage contract and then initiates an ETH withdrawal operation from FTX to the arbitrage contract.

6

11

47

Beosin Alert

@BeosinAlert

11 months

V3Migrator on BSC was exploited, the hacker 0xa1e31b29f94296fc85fac8739511360f279b1976 has already made a profit of $53,494. ⚠️ The attack is ongoing. Users need to revoke approval to 0x839b0afd0a0528ea184448e890cbaaffd99c1dbf address ASAP.

5

19

40

Beosin Alert

@BeosinAlert

1 year

A batch of fake Open Campus $EDU contracts have been created these days. One scam address: 0x4749a5f83F6F003440cB4B6aD1628d39E900D0c4 The owner 0xac150dfd7991622d9f89d505504c572c8eb2282b has been buying and selling $EDUs in the pair 0xE3f26c1aDC28f9C85D4B8AB4a995637ad6684862,

0

4

43

Beosin Alert

@BeosinAlert

1 year

Detailed analysis of the Yearn Finance @iearnfinance $11M hack. The root cause is the misconfiguration of yUSDT Token contract. When performing a rebalance to reselect pools, only USDT is used as the add amount, and USDC cannot add to the pool.

Beosin Alert

@BeosinAlert

1 year

The total loss for the Yearn Finance @iearnfinance hack is around $11,539,783. The stolen funds are mainly held at: 0x16Af29b7eFbf019ef30aae9023A5140c012374A5 0x6f4A6262d06272c8B2E00Ce75e76d84b9D6F6aB8

2

1

11

3

9

45

Beosin Alert

@BeosinAlert

1 year

Last month, Beosin security researchers have discovered a high-risk vulnerability CVE-2023–33252 in the library of SnarkJS (version 0.6.11 and earlier). The high-risk vulnerability that allowing double-spending has now been fixed by Circom. It has a severity score of 7.5 in the

4

10

42

Beosin Alert

@BeosinAlert

1 year

In Q1 2023🔽 $295M lost from 61 major attacks, of which $200M were recovered. Losses from attacks in Q1 2023 were lower than any quarter of 2022. #Web3 security getting better? Read PDF:

Beosin 🛡 Blockchain Security

@Beosin_com

1 year

🚨In Q1 2023, 61 major attacks happened in #Web3 , with a total loss of ~$295 million, a 77% decrease from Q4 2022 🚨 Read Q1 2023 Web3 Security Report & Crypto Regulatory Landscape📑 1⃣Text Version👇 2⃣Full PDF Report👇

21

68

2

9

41

Beosin Alert

@BeosinAlert

10 months

Root cause of @JPEGd_69 's $11.4M reentrancy attack: The attacker reentered the add_liquidity function after calling the remove_liquidity function. The balance is updated before reentering the add_liquidity function, resulting in a price calculation error.

Beosin Alert

@BeosinAlert

10 months

@JPEGd_69 was exploited for $11,461,200. Tx:

0

4

1

7

41

Beosin Alert

@BeosinAlert

1 year

$DEPUSDT and $LEVUSDC were exploited by the attacker: The total loss is 69,961 $USDT and 36,142 $USDC. The attacker can transfer funds from arbitrary authorization via approveToken.

1

7

41

Beosin Alert

@BeosinAlert

1 year

$DEI @DeusDao was hacked for ~$6.38M on BSC and Arbitrum. Root cause: The burnFrom function wrote the two address parameters in a flipped order when obtaining the user's approval value, resulting in the approval value obtained being the one that can be manipulated by hackers.

2

11

39

Beosin Alert

@BeosinAlert

1 year

The deployer of Kokomo Finance deployed a contract cBTC (0x1e02e6a5b549eead726ebcce64a54215196760e2), then called _setRewardSpeed to modify the reward and suspended borrow.

Beosin Alert

@BeosinAlert

1 year

@KokomoFinance Kokomo Finance ($KOKO) has rugged for ~$4M. The stolen funds are now held in four addresses: (20.1 $BTC) (31.74 $BTC) (50 $BTC) (39.99 $BTC)

0

3

1

8

36

Beosin Alert

@BeosinAlert

3 months

🚨 @FixedFloat was exploited for ~$26.1M (409 $BTC and 1,728 $ETH). On Ethereum, the attacker 0x85c4fF99bF0eCb24e02921b0D4b5d336523Fa085 sent the stolen 1,728 $ETH to multiple addresses, then to Exch exchange. The stolen 409 $BTC was dispersed to multiple addresses by attacker

24

9

40

Beosin Alert

@BeosinAlert

1 year

In 2014, MT. GOX exchange claimed to have suffered from a transaction malleability attack on Bitcoin, resulting in a loss of ~850,000 BTCs. This inherent malleability security issue, caused by algorithmic design, is also present in the zk-SNARK algorithm Groth16. The attack

2

10

41

Beosin Alert

@BeosinAlert

1 year

Newly deployed SwaposV2Pair contracts on Ethereum were hacked for $467,192. There’s a judgment error in the k-value, which allows the attacker to withdraw funds from the pair contract. Attacker: 0x2df07C054138Bf29348F35a12a22550230BD1405 One tx:

7

11

36

Beosin Alert

@BeosinAlert

8 months

Analysis of the Stars Arena exploit:🔽 The contract is not open source, there seems to be a reentrancy vulnerability. During the call of the 0xe9ccf3a3 function, the attacker reentered and called the 0x5632b2e4 function, setting a block height. Then, in the sellShares

Beosin Alert

@BeosinAlert

8 months

Stars Arena on AVAX exploited for ~$2.9M. Stay alert!

2

4

12

3

15

39

Beosin Alert

@BeosinAlert

1 year

Seems VPANDA DAO $VPANDA was under a phishing attack. The attacker profited ~$870K. The owner called withdraw() multiple times to get a total of 1,500,085 VPANDA DAO tokens. The stolen funds were transferred to , which may be a phishing money

1

6

37

Beosin Alert

@BeosinAlert

7 months

🚨At least $114M was drained in the @Poloniex hack, including: 32,766,696.57 $USDT (11,030,539.88 on ETH and 21,736,156.69 on TRON); 283.66 $ETH (65.9 on ETH and 217.7 on TRON); 86.50 $WBTC (23.7 on ETH and 62.8 on TRON); 35 types of tokens were stolen on TRON. Check the fund

2

10

39

Beosin Alert

@BeosinAlert

2 years

$VTF on BNB chain was attacked. The attacker 0x57c112cf4f1E4e381158735B12aaf8384B60E1cE profited 58,000 $BUSD. There is a bug in VTF's contract to receive holding rewards. Under normal circumstances, users can claim $VTF token holding rewards via the updateUserBalance function.

1

2

19

Beosin Alert

@BeosinAlert

1 year

Seems @TrustTheTrident $SELLC was under a price manipulation attack in tx The attacker profited ~446 $BNB (~$104K).

0

9

37

Beosin Alert

@BeosinAlert

1 year

Dexible @DexibleApp was exploited for ~$1.54 million. Users who have approved 0xde62e1b0edaa55aac5ffbe21984d321706418024 pls revoke allowance ASAP. Attacker:

1

24

33

Beosin Alert

@BeosinAlert

8 months

$BH token on BNB Chain was exploited for ~$1.27M due to suspected price manipulation. The profits were sent into Tornado Cash. Attacker: 0xFDbfcEEa1de360364084a6F37C9cdb7AaeA63464 The attacker flashloaned a large amount of $USDT, then called 0x33688938() to add $USDT to the

3

14

35

Beosin Alert

@BeosinAlert

11 months

🚨Poly Network was exploited again after 2021. The hacker minted over $34B worth of assets on multiple chains. Some of the stolen funds ($800k) are bridged to Ethereum address:

5

13

32

Beosin Alert

@BeosinAlert

1 year

@tender_fi was exploited for ~$1.58M by a whitehat hacker on Mar 7. The hacker kept 62.15 $ETH as a bug bounty and returned the remaining funds. Root cause: The oracle contract at has a coding error that incorrectly multiplied the price by 1e20.

3

10

33

Beosin Alert

@BeosinAlert

1 year

Mutual Aid VCC rugged via a backdoor function. (Tx credit @bbbb ) Attacker (0xE4A1920AAcc21d2B478ACdB0046AA41117947748) withdrew 1 $BNB from Tornado cash as gas fee 21 days ago, then called the backdoor function 0x5cf29416, which can transfer $VCC from the

1

6

31

Beosin Alert

@BeosinAlert

10 months

RocketSwap on BASE was exploited for 472 $ETH (~$869k) due to the deployer's private key compromise, resulting in assets in the farm contracts being transferred to the attacker's account. The project has now shut down the farm contracts. The attacker has swapped the stolen

RocketSwap

@RocketSwap_Labs

10 months

As a result of the team's investigation We are sorry to inform you that the team needed to use offline signatures when deploying the launchpad and put the private keys on the server. A brute force hack of the server was detected, and due to the proxy contract used for the farm

0

42

140

1

10

33

Beosin Alert

@BeosinAlert

1 year

@TheMerlinDEX Merlin Dex on ZkSync rugged with $1.8M. Attackers: 0xc0D6987d10430292A3ca994dd7A31E461eb28182 0x2744d62a1e9ab975f4d77fe52e16206464ea79b7 Here's what happened🔽

4

6

33

Beosin Alert

@BeosinAlert

1 year

Seems @BuggFinance was exploited for $5K. (Intel by @bbbb ) The hacker calls the 0xFea6aA4a9d44137Ac7cA1a288030A4161f686df3 contract's 0x814b2047 method to modify the contract's slot to $XjdgZU token address he created (0x616F26C1394645653C74FEa49029DBf4d8119482)

5

13

28

Beosin Alert

@BeosinAlert

1 year

$BCGA on BNB Chain rugged. The owner 0x44f2526bca61fb789fef81c3a36bee2fdecf8acb called a privileged function 0x25bbb5ae to mint a large amount of $BCGA, then immediately swapped for 128.45 $BNB (~$39,092).

4

10

28

Beosin Alert

@BeosinAlert

2 years

⚠️Team Finance exploited for $14.5M

Team Finance

@TeamFinance_

2 years

We have just been alerted of an exploit on Team Finance. We are currently unsure of the details. We urge the exploiter to get in contact with us for a bounty payment We are working to analyze and remedy the situation at this very moment. More details to follow

239

127

337

1

0

11

Beosin Alert

@BeosinAlert

1 year

An old contract on BNB chain lacks access control in its core function. Users who have approved to this contract can be attacked. An attacker 0x7d192fa3a48c307100c3e663050291fff786aa1f gained ~$330K.

1

10

30

Beosin Alert

@BeosinAlert

2 years

FTX Accounts Drainer (0x59AB...32b) has conducted multiple swap and cross-chain operations for the past day and currently holds ~$338,598,702 of assets. The majority of the funds are held in the 0x59ABf3837Fa962d6853b4Cc0a19513AA031fd32b address. Current balance:

10

14

28

Beosin Alert

@BeosinAlert

10 months

Eralend on #zkSync was attacked with a loss of $3.4M. The root cause was an inconsistency between the calculated borrow value and liquidate value. The amount borrowed was higher than the amount repaid, allowing the attacker to profit after borrowing and liquidation. The

EraLend | The #1 Money Market on zkSync🥇

@Era_Lend

10 months

🚨Security Update: We've experienced a security incident on our platform today. The threat has been contained. We've suspended all borrowing operations for now and advise against depositing USDC. We're working with partners and cybersecurity firms to address this. More updates

127

57

228

1

5

28

Beosin Alert

@BeosinAlert

1 year

Swaprum on Arbitrum rugged for ~$3M. The deployer of Swaprum used the add() backdoor function to steal LP tokens staked by users, then removed liquidity from the pool for profit. One tx:

6

10

27

Beosin Alert

@BeosinAlert

10 months

DefiLabs on BNB Chain rugged for ~$1.4M. Contract: 0xdedbd1804569f369e33e453ee311f0f97dcd0bde The privileged address 0xee08d6c3a983eb22d7137022f0e9f5e7d4cf0be2 directly withdraws 1,427,200 BSC-USD staked in the vPoolv6 contract via the backdoor function withdrawFunds().

2

3

28

Beosin Alert

@BeosinAlert

1 year

The LockedDeal contract of @Poolz__ Poolz Finance on ETH, BSC and Polygon was attacked for ~ $500,000. (Thanks @bbbb for the intel) The attacker called the vulnerable function ‘CreateMassPools’ and triggered an integer overflow vulnerability in the parameter _StartAmount. The

Beosin Alert

@BeosinAlert

1 year

@Poolz__ seems exploited $POOLZ price dropped -97%

0

2

14

26

Beosin Alert

@BeosinAlert

1 year

Crypto1319, The Philosophers Stone ($TPOS) and Meta Speed Game ($MTSG) were exploited by the same attacker 0x187473cf30e2186f8fb0feda1fd21bad9aa177ca for a total profit of ~$3,500. One tx (Credit @bbbb ):

1

17

27

Beosin Alert

@BeosinAlert

1 year

For @TrustTheTrident $SELLC holders: Your funds are at risk. Other attackers may drain the pool PancakeSwap V2: SELLC 2 (WBNB/SELL Token) . Users are advised to remove liquidity for related pool.

PancakeSwap V2: SELLC 2 | Address 0x358efc593134f99833c66894ccecd41f550051b6 | BscScan

The Contract Address 0x358efc593134f99833c66894ccecd41f550051b6 page allows users to view the source code, transactions, balances, and analytics for the contract address. Users can also interact and...

bscscan.com

Beosin Alert

@BeosinAlert

1 year

Seems @TrustTheTrident $SELLC was under a price manipulation attack in tx The attacker profited ~446 $BNB (~$104K).

0

9

37

0

9

28

Beosin Alert

@BeosinAlert

5 months

WiseLending protocol @Wise_Lending suffered a price manipulation attack, resulting in a loss of over $460k. WiseLending uses rounding up when calculating Shares withdrawals, allowing the attacker to repeatedly call the withdraw function with a unit amount. This caused a

3

2

30

Beosin Alert

@BeosinAlert

1 year

Hope Finance @Hope_fin $HOPE rugged for $1.8M. The stolen funds were deposited into Tornado cash. ⚠️Do not stake in the 0x1FC2ac2651E1959d9ae86c6B2270aAF3D799E56c contract. Scammer (0xdfcb) used a multisig wallet (0x1fc2) to modify the router address of TradingHelper contract.

5

12

28

Beosin Alert

@BeosinAlert

2 years

#BeosinAlert Seems there is a flaw in ApolloX @ApolloX_com signature system. The attacker exploited the flaw to generate 255 signatures, and withdraws a total of 53,946,802 $APX (1,601,101 $BUSD) from the contract. #DeFi #Airdrops #blockchain #Web3

2

9

27

Beosin Alert

@BeosinAlert

1 year

Euler Finance Exploiter moved 2,601 $ETH to 0xc66dfa84bc1b93df194bd964a41282da65d73c9a, which then deposited 1,100 $ETH into Tornado Cash.

4

14

27

Beosin Alert

@BeosinAlert

1 year

$BNQ on BNB chain was exploited for ~$72K. $BNQ price dropped -99%. The address 0x28Faec787179FCe7D173DeE71de2766F334C5111 used proxy contract to deposit a certain amount of $BNQ, then called claimReward function to consume a large amount of $BNQ.

5

27

Beosin Alert

@BeosinAlert

11 months

🚨 @PolyNetwork2 have suffered a potential compromise of private keys or a multi-signature service attack. The hacker has exploited forged proofs to initiate withdrawal operations on the cross-chain bridge contracts across multiple chains. An analysis thread:🔽

1

10

24

Beosin Alert

@BeosinAlert

5 months

Radiant Capital @RDNTCapital was under a flash loan attack with a loss of $4.5M. Attacker: The attacker manipulated the index parameter (which later served as a denominator) to become extremely large. The contract has a rounding issue in its

0

8

27

Beosin Alert

@BeosinAlert

11 months

@PolyNetwork2 exploiter has swapped a total of 5,196 $ETH (~$10.1M) on Ethereum. Other tokens (~$260 million) may not be cashed out by the attacker due to low liqudity. The fees for these addresses on Ethereum are from @Bybit_Official , @kucoincom , @FixedFloat , @ChangeNOW_io

12

9

22

Beosin Alert

@BeosinAlert

2 years

Beosin EagleEye monitored a flashloan attack on $ULME with a loss of 50,646 $BUSD. Users are advised to revoke BUSD's approval for ULME contracts and transfer out funds in time. Attack flow🔽

2

5

12

Beosin Alert

@BeosinAlert

11 months

$DOGE3.0 @DOGE3eth on Ethereum rugged for $70K via a backdoor function. Contract: 0x820ba67398c3eA745EB8766FD3F444A92d4de316 The burn function contains a backdoor to mint unlimited tokens. The deployer 0x415A4CA18Ead9e7730918Cb032760B1383824C76 sold all $DOGE3.0 to drain the

1

8

18

Beosin Alert

@BeosinAlert

7 months

🚨 @TrustPad was exploited for ~$155k. Root cause: The receiveUpPool function did not verify msg.sender, allowing the attacker to manipulate newlockstartTime. The attacker repeatedly called receiveUpPool() and withdraw() to collect rewards, then called stakePendingRewards to

TrustPad

@TrustPad

7 months

🚨 UPDATE: We experienced an exploit to one of our staking contracts. We keep investigating the exploit. In the meantime; ⚠️ PLEASE DON'T TRADE $TPAD! We will release a detailed response after the investigations conclude. A snapshot will be taken, wallets and funds are safe.

10

12

42

0

8

26

Beosin Alert

@BeosinAlert

10 months

$BALD rugged for ~5,000 $ETH (worth ~$9.28M). The deployer added a total of 6,077 $ETH liquidity and removed 11,077 $ETH. $BALD address: 0x27D2DECb4bFC9C76F0309b8E88dec3a601Fe25a8

0

6

22

Beosin Alert

@BeosinAlert

10 months

Seems @ConicFinance was exploited for $3.26M in tx: The stolen funds were sent to 0x3d32C5a2E592c7B17e16bdDc87EAb75f33ae3010

1

52

26

Beosin Alert

@BeosinAlert

11 months

🚨 The scammers are posting phishing links in the reply section in the recent @MultichainOrg exploit. Scammer: @MultichainsOrg Phishing site: distribution-multichain[.]com Scammer's address: 0x0000553F880fFA3728b290e04E819053A3590000

5

13

24

Beosin Alert

@BeosinAlert

1 year

MultiChainCapital $MCC was under a flashloan attack in tx The deflationary token does not exclude pair from the excluded address, allowing the attacker to use deliver function to mint tokens, and finally swapped the minted tokens for 10 $ETH.

0

7

26

Beosin Alert

@BeosinAlert

1 year

On Apr 15th, @HundredFinance was exploited for over $7M on #Optimism . Hundred Finance was also a victim of a reentrancy attack on Mar 2022. Txs: 0x15096dc6a59cff26e0bd22eaf7e3a60125dcec687580383488b7b5dd2aceea93 0x6e9ebcdebbabda04fa9f2e3bc21ea8b2e4fb4bf4f4670cb8483e2f0b2604f451

4

8

26

Beosin Alert

@BeosinAlert

9 months

🚨 @Stake has experienced multiple suspicious outflows on #Ethereum , #BSC and #Polygon . ETH: ~$15.7M Polygon: ~$7.8M BSC: ~$17.8M The total funds were ~$41.35M. Stay alert!

3

11

22

Beosin Alert

@BeosinAlert

1 year

Never Fall on BSC was under a price manipulation attack with a loss of 70K. The attacker flashloans 1.6M $BUSD and uses 200K BUSD to buy 75.5M of Never Fall tokens via buy function in the Never Fall contract. The buy function adds liquidity with 90% BUSD

2

10

24

Beosin Alert

@BeosinAlert

2 years

#BeosinAlert $DDC was exploited for $104,600 in tx () Attack flow🔽: The attacker first swapped 1.3 USD for 26 $DDC.

2

3

24

Beosin Alert

@BeosinAlert

1 year

AutoDonateUkraine $ADU on BSC was under a flashloan attack in The loss is ~$7K. The attacker used the deliver function to increase $ADU in the pair, then withdraws the excess $ADU with skim. After repeating the operation several times, the price in the

2

6

21

Beosin Alert

@BeosinAlert

11 months

$ARA @AraBlocks was exploited for $125k in Attacker: 0xF84efA8a9F7E68855CF17EAaC9c2f97A9d131366 The root cause is a bug in the contract's handling of permissions. The 0xB817Ef68d764F150b8d73A2ad7ce9269674538E0 has a large $ARA and $USDT approvals to a

2

21

Beosin Alert

@BeosinAlert

2 years

@Melody_SGS was hacked earlier today, causing 2,224.9 $BNB in losses. It is suspected that the off-chain front-end was hacked or the private key was compromised. Here we only analyze the transactions of the hacker, but the attack is not caused by vulnerability exploits.

1

0

8

Beosin Alert

@BeosinAlert

1 year

The stolen funds of @boshen1011 are seeing new movement. 4M $DAI was swapped for 2496.66 ETH then sent to 0x376a0255, and 502 ETH was deposited to @FixedFloat by 0x376a0255.

7

11

18

Beosin Alert

@BeosinAlert

11 months

Our initial analysis of the Poly Network attack🔽: On Ethereum, the attacker has utilized multiple addresses to withdraw funds from cross-chain bridge contracts. Many of these addresses have performed cross-chain operations two months ago. Each cross-chain protocol by the

Poly Network

@PolyNetwork2

11 months

Dear users, we would like to inform you that Poly Network is temporarily suspending its services due to a recent attack. We are actively engaging with relevant parties and diligently assessing the extent of the affected assets. 【1/3】

27

44

82

1

3

23

Beosin Alert

@BeosinAlert

9 months

Magnate Finance on #BASE has rug pulled for $6.4M. The deployer is also linked to the past rug pulls: 🚨Solfire's $4.8M rug on Jan 23, 2022 🚨Kokomo Finance's $5.5M rug on Mar 27, 2023 That makes a total profit of $16.7M for the scammers.

ZachXBT

@zachxbt

9 months

Community Alert: Magnate Finance on Base will likely exit scam in the near future currently with over $6.4M TVL. The deployers address is directly linked to the Solfire $4.8M exit scam.

261

502

2K

3

15

20

Beosin Alert

@BeosinAlert

1 year

$land was exploited with a loss of 149,616 $BUSD in tx: The root cause is the lack of permission control on mint.

3

2

22

Beosin Alert

@BeosinAlert

1 year

$FDP was under a flashloan attack in The loss is ~$10K. (Thanks @bbbb again)

BNB Smart Chain Transaction Hash (Txhash) Details | BscScan

Binance (BNB) detailed transaction info for txhash 0x09925028ce5d6a54801d04ff8f39e79af6c24289e84b301ddcdb6adfa51e901b. The transaction status, block confirmation, gas fee, Binance, and token transfer...

bscscan.com

1

7

22

Beosin Alert

@BeosinAlert

2 years

@UvTokenOfficial UvToken was exploited for ~$1.5 million. The stolen funds were deposited to Tornado cash. tx:

BNB Smart Chain Transaction Hash (Txhash) Details | BscScan

Binance (BNB) detailed transaction info for txhash 0x54121ed538f27ffee2dbb232f9d9be33e39fdaf34adf993e5e019c00f6afd499. The transaction status, block confirmation, gas fee, Binance, and token transfer...

bscscan.com

1

7

Beosin Alert

@BeosinAlert

7 months

🚨The 0x9239127f function in Maestro Router 2 contract has an external call vulnerability. Currently the attacker has stolen over 280 $ETH. Vulnerable contract: 0x80a64c6D7f12C47B7c66c5B4E20E72bc1FCd5d9e Attackers can pass in a token address, fill in the called function as

Maestro🤖🤖

@MaestroBots

7 months

➡️ The router exploit has been fully identified and dealt with. 👇 Our router has been updated to a safe, exploit-free implementation. Trading can resume as normal, but tokens with pools on SushiSwap, ShibaSwap, and ETH PancakeSwap will be temporarily unavailable. Thank you

81

25

133

1

10

19

Beosin Alert

@BeosinAlert

1 year

On February 10, @dForcenet was attacked for a total of $3.7M on both Optimism ($1.75M) and Arbitrum ($1.95M).

2

12

20

Beosin Alert

@BeosinAlert

2 years

JUMPN Finance $JST rugged with ~$1.15M. 2,100 $BNB sent to ; 2,058 $BNB sit at hacker's address. The scammer calls the 0xe156 contract’s 0x6b1d9018() function and withdraws the user assets and transfers to the scammer's address

6

21

Beosin Alert

@BeosinAlert

1 year

Tornado Cash has suffered a malicious governance attack with a loss of ~$1.07M. 100,000 $TORN are held on the 0x0921 address, and 370 $ETH went into Tornado Cash. In declaring the proposal, the attacker claimed to use the same logic as the previous one, but added an additional

samczsun

@samczsun

1 year

On 2023/05/20 at 07:25:11 UTC, Tornado Cash governance effectively ceased to exist. Through a malicious proposal, an attacker granted themselves 1,200,000 votes. As this is more than the ~700,000 legitimate votes, they now have full control.

116

704

2K

0

7

21

Beosin Alert

@BeosinAlert

10 months

The axlUSD/WETH pair of @LeetSwap on BASE was subject to a price manipulation attack, with losses of ~$620,000. The attack exploited the _transferFeesSupportingTaxTokens function in the pair contract, which allows anyone to transfer axlUSD in the pair contract, leading to an

0

4

20

Beosin Alert

@BeosinAlert

1 year

Beosin EagleEye monitored an exploit on $BRA. The loss is ~820 $WBNB ($225K). The attack is caused by a logic vulnerability in the BRA contract, where the BRA transfer process will generate rewards if the caller or receiver is pair.

3

6

20

Beosin Alert

@BeosinAlert

1 year

Seems FarmApp contract singer's private key was abused, the attacker (0x2a45a576beecc945527a1b106c6d41d3ea52f9f7) used singer's signature to call the sowSeed function to generate newSowData with 42 sowid, and called claimedSeed function again to steal 936,387 $MMT.

1

14

21

Beosin Alert

@BeosinAlert

1 year

UN token on BSC was hacked for $26K. The attacker triggers sendreward function by transferring directly to pair multiple times. $UN tokens are sent to the pair address, then the attacker uses skim to get the extra $UN tokens to the attack contract.

0

2

22

Beosin Alert

@BeosinAlert

3 months

🚨 @_WOOFi on Arbitrum was under a price manipulation attack with a loss of ~$8.5M. The contract has been paused. The hacker flashloaned $USDC.e and $Woo, and then performed frequent token swaps. Due to a flawed price calculation in WooPPV2 contract, the hacker was able to

WOOFi

@_WOOFi

3 months

Earlier today we identified an exploit of WOOFi Swap on Arbitrum. Within 13 minutes, the threat had been contained and we marked all other WOO contracts as safe. Linked below is a post-mortem detailing today’s events. (1/6)

14

16

111

0

4

19

Beosin Alert

@BeosinAlert

11 months

Mike Wazowski Monsters Inc $MIKE and Sid Ice Age $SID on Ethereum rugged via a backdoor function, which would allow mint of tokens. Contracts: 0x8b99bb8ddd8103cbeccc3b20c4b0038ca65a51ae 0x12a9fe7656eb8400a708f00a51c607499a1fa188 The scammer

0

5

19

Beosin Alert

@BeosinAlert

2 years

#BeosinAlert #Flashloan $PLTD suffers a price manipulation attack with a profit of 24,497 $BUSD for the hacker. (Tx provided by @bbbb ) TX：0x8385625e9d8011f4ad5d023d64dc7985f0315b6a4be37424c7212fe4c10dafe0 Attacker’s address：0x6ded5927f2408a8d115da389b3fe538990e93c5b

2

4

20

Beosin Alert

@BeosinAlert

1 year

$FFF rugged for ~$648k. There’s an ownership and a mint permission of a specified address in its contract. The creator of First Free Finance minted a large amount of $FFF then sold to rug. The stolen funds are currently held at 0xB6F7024Be5E73c9E69982Df6EC29E56f6E5bd723

Bythos

@bbbb

1 year

FFF rugged 1m? @PeckShieldAlert @BeosinAlert

1

0

1

2

9

15

Beosin Alert

@BeosinAlert

9 months

🚨 @ExactlyProtocol on #Optimism was exploited for over $7M. Stay safe!

3

21

Beosin Alert

@BeosinAlert

2 years

#Flashloan Beosin EagleEye monitored a flashloan attack on MooCakeCTX contract. The loss is ~$140K. There is no time restrictions on collateral and rewards, and the prevention of caller is not comprehensive enough, enabling the attacker to increase dividends via flashloan.

2

20

Beosin Alert

@BeosinAlert

1 year

HakunaMatata (TATA) was under a flashloan attack in (TX provided by @bbbb ) The attacker 0xE7bD1ea7f83Bd174Fcd765f24529a3DAA28eAa52 made a profit of 33 wbnb (~$10K).

BNB Smart Chain Transaction Hash (Txhash) Details | BscScan

Binance (BNB) detailed transaction info for txhash 0x747f4cda06ad47ff0d1338d7cadf1361a87fd5eb20a718bfd05e0b0f4dd10637. The transaction status, block confirmation, gas fee, Binance, and token transfer...

bscscan.com

4

13

20

Beosin Alert

@BeosinAlert

2 years

In H1 2022, ~$1,140.7 million in stolen funds were transferred into by hackers, accounting for ~60% of the total amount lost in Web 3. Joint data & chart by @Beosin_com @Footprint_Data Previous news: U.S. Treasury sanctions crypto mixer Tornado Cash.

2

8

19

Beosin Alert

@BeosinAlert

1 year

$SNK on BSC was exploited in tx 0x7394f2520ff4e913321dd78f67dd84483e396eb7a25cbb02e06fe875fc47013a, hackers use SNK's invitation reward mechanism to make a profit of $190,000. The stolen funds are currently held at the hacker's address 0x7738B2f18d994C7c8Fa10E1FE456069624740f3e

2

19

Beosin Alert

@BeosinAlert

2 years

We have noticed a contract-level replay exploit on Gnosis Omni Bridge after Ethereum Merge. The root cause is that Omni Bridge contract code has a fixed chainID without actually verifying the chainID of the chain it is currently on.

1

6

15

Beosin Alert

@BeosinAlert

1 year

MetaPoint ($POT) on BSC was hacked with a loss of $920K. The root cause is that users will create a new contract to hold their funds each time they deposit $POT, but the contract has a public approve function to transfer all users' assets.

2

4

21

Beosin Alert

@BeosinAlert

9 months

Vulnerability Disclosure: Beosin security team discovered a DoS vulnerability in the p2p protocol of @SuiNetwork that could cause nodes in the Sui network to crash due to memory exhaustion. This denial of service vulnerability was caused by an old attack technique - the "memory

1

6

18

Beosin Alert

@BeosinAlert

1 year

@CoWSwap was exploited for 114,824 $DAI. The settle function has an onlySolver modifier. This function can be called arbitrarily with the isSolver permission, where calldata interactions can be specified arbitrarily.

2

15

18

Beosin Alert

@BeosinAlert

2 years

Brief analysis of the exploit🔽 #Binance @cz_binance BSC Token Hub uses a special pre-compiled contract for validating IAVL trees when performing cross-chain transaction verification. There is a bug in its implementation which may allow an attacker to forge arbitrary messages.

3

4

18