Chaofan Shou @shoucccc Twitter profile

Last Seen Profiles

@uncsportsphotos

@ArkingKyle

@ResilienceHeal1

@monsoonconsult

@HBUTC

@1800brookline

@Alan_Morrison67

@dahliaold

@JuKizi

@Sketchy_doyy

@wesley_heagy

@katyhearnFit

@sarataylorwoods

@StirileProTV

@frank_laws

@youknowlex_

@vjacommserv

@CedarCreekFB

@marinakroeger9

@AramosBlack

@heytaroh

@mist3gel

@AssemblyRose

@LeoDaModeler

@sezin_55

@C_King2013

@ria_arts_

@xtinonic

@NashvilleTenn

@Sol_Naciente_V

@tours_talk

@YehFish1

@_Elmiene_

@paratitweets

@sMarts

@PrinVanPhillips

Chaofan Shou

@shoucccc

6 months

😝 Here is the full disclosure of the Twitter XSS + CSRF vulnerability. Clicking a crafted link or going to some crafted web pages would allow attackers to take over your account (posting, liking, updating your profile, deleting your account, etc.)

35

446

2K

Chaofan Shou

@shoucccc

2 months

Technical details on how we made $10k/hr by mining $ORE via @bloXrouteLabs @jito_sol and GPUs. [1/8] 🧵

191

261

734

Chaofan Shou

@shoucccc

5 months

. @publicqi @_yype and I managed to take over chat rooms, C2 servers, and dev servers belonging to this scammer organization. 🧵[1/8]

91

101

471

Chaofan Shou

@shoucccc

6 months

I built a nuclear-weapon-level Twitter/X exploit based on a few previously unfixed vulnerabilities. It is not eligible for bug bounty so I will disclose it soon. @X @elonmusk

27

42

401

Chaofan Shou

@shoucccc

6 months

It is highly irresponsible for Twitter to ignore these security issues and not pay the whitehats. The architecture and design patterns also need to be corrected.

14

34

393

Chaofan Shou

@shoucccc

10 months

The following code in Vyper compiler caused $24M+ hacked in multiple @CurveFinance pools It seems the nonreentrant guard uses different storage slot.

Tony KΞ

@tonyke_bot

10 months

Certain type of Curve factory pool is encountering read-only reentrancy attack and causing a total loss of $11m( @JPEGd_69 ) + $13m( @AlchemixFi ) + ... Initial investigation founds that vyper compiler (0.2.15) doesn't implement the reentrancy guard correctly. add_liquidity and…

7

40

132

13

80

236

Chaofan Shou

@shoucccc

6 months

This hacker made ~$20k by copycat exploiting Thirdweb and NFT trader vulnerabilities. And they have been tipping @BlockSecTeam for sharing the vulnerabilities on Twitter. Made my day 😂😂

10

40

313

Chaofan Shou

@shoucccc

6 months

Likely the NPM key was leaked via GitHub Action... It seems that anyone could invoke GitHub Action via a PR on Ledger GitHub Orgs and leak that key by crafting a malicious package.json.

I'm Software 🦇🔊

@MatthewLilley

6 months

🚨🚨🚨 RED ALERT 🚨🚨🚨: Do not interact with ANY dApps until further notice. It appears that a commonly used web3 connector has been compromised which allows for injection of malicious code affecting numerous dApps.

515

3K

6K

18

58

318

Chaofan Shou

@shoucccc

1 year

How to make $800k every day by rug pulling? A tutorial 🧵[1/7]

17

39

191

Chaofan Shou

@shoucccc

2 months

Sorry for yoinking the $ORE LP. I'll randomly give away 4x 1 SOL to folks following me and retweeting this. Keep your DM on 🤪🤪🤪 Code:

GitHub - tonyke-bot/ore-miner: ORE Miner built on top of Jito bundle with both CPU and GPU support.

ORE Miner built on top of Jito bundle with both CPU and GPU support. - tonyke-bot/ore-miner

github.com

75

143

239

Chaofan Shou

@shoucccc

6 months

And we got the full JS exploit to chain with this XSS vulnerability! In another word, visiting this link earlier today would take over your account:

5

23

202

Chaofan Shou

@shoucccc

4 months

$MINER is hacked. Do not interact! The root cause is if you transfer to yourself, your balance would be doubled.

22

23

166

Chaofan Shou

@shoucccc

3 months

PSA: Do NOT trust @bloXrouteLabs 's protect RPC. We learned this the hard way today, with a loss of $150k+. @bloXrouteLabs publicly broadcast our white-hat rescue transaction for the @unizen_io deployment on Polygon, allowing MEV bots to frontrun it. What happens: We…

16

39

167

Chaofan Shou

@shoucccc

1 month

Managed to exploit an XSS on Etherscan with funky sanitizers and Cloudflare WAF bypass 😗 And kudos to the Etherscan team! The team fixed this 2 minutes after our report.

9

5

160

Chaofan Shou

@shoucccc

5 months

BRC20 and ETH20 are too hard to index, so I built a new type of inscription: GitHub Inscription Now, all inscriptions are nicely stored in JSON files in a repo. #ghscription

13

16

122

Chaofan Shou

@shoucccc

1 month

We have just rescued $732K from hackers via backrunning 🫡🫡

16

14

135

Chaofan Shou

@shoucccc

7 months

Spot the vulnerability! ItyFuzz found a vulnerability in this contract on BSC with $16k funds. The owner said wont fix.

8

18

107

Chaofan Shou

@shoucccc

1 month

gigagas ✅ teragas ✅ petagas - soon ItyFuzz with GPU EVM on 8x H100 can fuzz smart contracts at 700M+ transactions per second (~0.1 petagas/s).

12

19

133

Chaofan Shou

@shoucccc

6 months

However, I figured out some undocumented endpoints on also support using cookies to access. This means that any XSS on subdomains of Twitter can send requests to and impersonate the user. This solves problems 1 and 3.

2

5

121

Chaofan Shou

@shoucccc

1 year

Announcing ItyFuzz🍦, a tool that can instantly find vulnerabilities and generate exploits for smart contracts! It sets new SoTA in multiple aspects! And open-sourced @ Please Retweet, Like, and Try it; @hackthedefi behind this project will airdrop you.

10

20

90

Chaofan Shou

@shoucccc

6 months

Reverse engineering the JS code of , I found that the CSRF token is just a hash of csrf_id in the cookie. Surprisingly, the csrf_id is not HttpOnly cookie, meaning that subdomain XSS can read this csrf_id and create CSRF tokens. This solves problem 2.

3

4

118

Chaofan Shou

@shoucccc

2 months

Spot the vulnerability in contracts ( @ICSEconf 2024 Edition):

25

8

118

Chaofan Shou

@shoucccc

4 months

That is exactly what we @hackthedefi are working on: - LLM-based Invariant Synthesis - LLM-guided Fuzzing - LLM-based Test Harness Synthesis 🧵

vitalik.eth

@VitalikButerin

4 months

One application of AI that I am excited about is AI-assisted formal verification of code and bug finding. Right now ethereum's biggest technical risk probably is bugs in code, and anything that could significantly change the game on that would be amazing.

3K

15K

7

44

Chaofan Shou

@shoucccc

3 months

@paraswap anyone can use Uniswap V3 callback to set the `fromAddress` to anything. who audited this?

8

15

110

Chaofan Shou

@shoucccc

27 days

Everyone can call this function to get free tokens. No access control, no questions asked. Who audited this?

SlowMist

@SlowMist_Team

27 days

🚨SlowMist Security Alert🚨 We detected potential suspicious activity related to @TsuruBase . Loss 138.78 $ETH As always, stay vigilant!

6

10

36

12

24

108

Chaofan Shou

@shoucccc

1 year

gg! Our fuzzer can solve all challenges automatically in <16hrs on single core with some fine tunings 🔥🔥 Will share the writeup Try it out:

GitHub - fuzzland/ityfuzz: Blazing Fast Bytecode-Level Hybrid Fuzzer for Smart Contracts

Blazing Fast Bytecode-Level Hybrid Fuzzer for Smart Contracts - fuzzland/ityfuzz

github.com

Dragonfly ＞|＜

@dragonfly_xyz

1 year

THAT'S A WRAP! Congrats to all who participated in Puzzlebox.sol, Dragonfly's first ever CTF ⛳️ See you at the next one! 🏆

3

7

45

3

17

96

Chaofan Shou

@shoucccc

10 months

How a simple code change made $150k+ available to steal? 👇 Below is a contract deployed behind a proxy that we found on BSC. The following upgrade subsequently made it possible for anyone to mint ∞ tokens. What went wrong? The upgrade changed a constant `totalSupply` into a…

7

19

102

Chaofan Shou

@shoucccc

6 months

@lourkeur It’s okay, I’m irresponsible all the time

1

6

101

Chaofan Shou

@shoucccc

6 months

This XSS seems to be nothing beyond alert popper because: 1). Twitter's cookies are HttpOnly, meaning reading them using Javascript is impossible. 2). There are CSRF tokens, so no CSRF attacks. 3). Strict same site policy on , so no CSRF attacks to it.

2

5

100

Chaofan Shou

@shoucccc

5 months

You folks are crazy 🫠

Chaofan Shou

@shoucccc

5 months

BRC20 and ETH20 are too hard to index, so I built a new type of inscription: GitHub Inscription Now, all inscriptions are nicely stored in JSON files in a repo. #ghscription

13

16

122

16

3

94

Chaofan Shou

@shoucccc

6 months

On 12/11, @rabbit_2333 posted details about an XSS on the Twitter subdomain .

rabbit

@rabbit_2333

6 months

Twitter reflected XSS PoC:

9

30

243

1

6

94

Chaofan Shou

@shoucccc

1 month

and i got liquidated on my 23rd birthday

MinisterOfNFTs 🔮

@MinisterOfNFTs

1 month

Steve jobs was 21 when he made apple gates was 20 when he made microsoft You’re 30 and buying memecoins.

311

112

1K

23

2

88

Chaofan Shou

@shoucccc

7 months

How about a #CTF that every top 10 team gets diet cokes, and every top 30 team gets physical swags? 👉👉 Happening on 12/1!

BlazCTF

Test your skills by hacking exchanges, exploiting smart contracts, crashing blockchains, and taking on the MEV war. Join now!

ctf.blaz.ai

6

36

61

Chaofan Shou

@shoucccc

9 days

You can make $10k in 10s easily by running ItyFuzz on random contracts!!! Our MEV bot backed by ItyFuzz yesterday managed to find a way to print $WAAC without cost by fuzzing. Run fuzzers onchain today and start printing money for free! Instructions below👇👇

8

12

90

Chaofan Shou

@shoucccc

7 months

Someone just hacked a #mevbot and profited $1.9M. There is a lack of access control in the MEV bot's function 0xf6ebebbb. Through this function, the attacker used the assets in the MEV bot to manipulate the price.

3

20

86

Chaofan Shou

@shoucccc

7 months

A hacker prepared 74 days, launched multiple complex price manipulation attacks, and earned $200 🤡🤡

9

6

80

Chaofan Shou

@shoucccc

3 months

Identify the vulnerability in this token: (it is a live token on BSC with $1m liquidity right now)

29

7

76

Chaofan Shou

@shoucccc

9 months

This is an extremely irresponsible claim. Having these characteristics does not mean #temu is a spyware. If you want to show it exfiltrates user information, at least do a traffic analysis or data flow analysis instead of just posting screenshots of unzipped APKs.

Grizzly Research

@ResearchGrizzly

9 months

TEMU app software has the full array of characteristics of the most aggressive forms of malware /spyware.

16

115

403

2

4

46

Chaofan Shou

@shoucccc

6 months

wow mongodb is hacked

8

17

67

Chaofan Shou

@shoucccc

4 months

I never imagined one of the rejection reasons for my paper could be that I harmed "live" smart contracts by fuzzing...

10

3

70

Chaofan Shou

@shoucccc

1 year

$FLOKI has been hacked. By the same attacker that hacked $OLIFE using the same exploit.

4

11

34

Chaofan Shou

@shoucccc

6 months

This attack towards @TransitFinance is extremely simple and went through the **public** mempool, but no MEV bot frontrun it, and most attack detection bots missed it. Here is why: 🧵

4

17

67

Chaofan Shou

@shoucccc

2 months

[7/8] CUDA As now we could land mining txs cheaply and instantly, the bottleneck returned to finding the nonce s.t. sha3(preimage + nonce) < difficulty. We built a CUDA program for this. Running it on one RTX 4090 is ~800x faster than the CPU-based calculator on 192 core.

4

63

Chaofan Shou

@shoucccc

21 days

I got back to Web2 world recently and missed Foundry really really much 🥲🥲🥲 especially how it prints call traces. For nostalgia's sake, I built a tiny Foundry-style call trace printer for LLVM targets: Example log for running PHP hello world:

5

3

63

Chaofan Shou

@shoucccc

6 months

@X @elonmusk Credit to @rabbit_2333 for the XSS

1

0

54

Chaofan Shou

@shoucccc

6 months

Flooring protocol has an arbitrary external call vulnerability causing the NFT heist today. The vulnerability existed since 59 days ago.

2

6

54

Chaofan Shou

@shoucccc

4 months

Glad to share we have raised $3m seed round! We will advance distributed fuzzing and formal verification research with it 🥳

fuzzland 🥐

@hackthedefi

4 months

📢Fundraising News 📢 We’re so delighted to share that we’ve closed our $3M seed funding round, led by @1kxnetwork , with participation from @HashKey_Capital @snzholding @pangacapital @dedaub @GoPlusSecurity and our angel investors! It’s been 1+ year since we released ItyFuzz…

19

16

85

10

4

55

Chaofan Shou

@shoucccc

3 months

@onedeuxtrois dog washable pee pad is the exact same thing and much cheaper😅

2

3

55

Chaofan Shou

@shoucccc

2 months

@bloXrouteLabs @jito_sol [6/8] Jito Bundles As more miners came, priority fee to land tx skyrocketed. We paid $9.8k fees to validators to mine every $10k. We avoided the priority fee with Jito bundles. By bundling 25 mine tx, we only paid ~$2k tips to mine every $10k and can land ~1k txs every block.

3

49

Chaofan Shou

@shoucccc

2 months

@bloXrouteLabs @jito_sol [2/8] WTF is $ORE ORE is a token on Solana with a mining program. One can claim ORE from the mining program by sending correct nonces (calculated by trying hashes) to it. A mining tx looks like this:

1

0

44

Chaofan Shou

@shoucccc

7 months

hey @freecashcom , someone just took almost the entire block space (93M gas 🔥) and hacked your contract. There is a price manipulation issue in the FreeCash token's aggregator, allowing the attacker to take all LP tokens in the aggregator. #hackalert

4

8

46

Chaofan Shou

@shoucccc

5 months

🐮🐮🐮 Happy (almost) bull market!! We are hiring more engineers in China / Malaysia / Singapore. 招人啦！！

6

8

44

Chaofan Shou

@shoucccc

4 months

We have seen Jenkins File Leak / RCE (CVE-2024-23897) exploited in the wild and managed to reproduce it. If your Jenkins allows anonymous users or user registration, immediately update it to the latest version.

3

7

44

Chaofan Shou

@shoucccc

2 months

@bloXrouteLabs @jito_sol [5/8] Nodes and bloXroute We then synced ~10 nodes around the world as replacements. However, regardless of how beefy our machine is, the node is always 1-2 blocks behind due to the congested network. bloXroute gateway helped us get parts of Solana blocks much faster.

1

3

42

Chaofan Shou

@shoucccc

1 year

A hacker stole $8.9M from #SAFEMOON last month through a `burn` vulnerability introduced by an upgrade. Do you know another vulnerability has existed in the #SAFEMOON allowing anyone to mint since 1/9/2023? Srsly, @safemoon , fire your dev team!

2

3

25

Chaofan Shou

@shoucccc

6 months

@bytes032 umm that was exactly what i just wrote🫠

8

0

41

Chaofan Shou

@shoucccc

5 months

my dad started to learn solidity 🤣 @WTFAcademy_

5

2

38

Chaofan Shou

@shoucccc

5 months

An MEV bot managed to fuzz the victim contract in less than 12 seconds and get the maximum profit from the contract.

Tony KΞ

@tonyke_bot

5 months

A pool guy purchased $310K-worth Bullran Index (BUI) and deposit into a custom safe contract. However, due to lack of permission control, a MEV bot was able to burn those BUI tokens in the safe and extracted 136ETH. Whose fuzzer win the ETH?

3

4

26

3

37

Chaofan Shou

@shoucccc

7 months

@bytes032

GitHub - fuzzland/audit_gpt: Fine-tuning GPT for Smart Contract Auditing

Fine-tuning GPT for Smart Contract Auditing. Contribute to fuzzland/audit_gpt development by creating an account on GitHub.

github.com

0

2

35

Chaofan Shou

@shoucccc

9 months

Nice paper shedding lights on #LLM for smart contract auditing: 🚀 ChatGPT achieved high recall (88.2%) but low precision (22.6%) on detecting vulnerabilities. 🚀 4 main causes of ChatGPT's false positives are: (protected mechanism bias) , (development intent bias),…

1

3

19

Chaofan Shou

@shoucccc

2 months

@bloXrouteLabs @jito_sol [4/8] Why It Worked and How It Failed Later Using these global RPCs as launchpads, we can instantly propagate tx to validators. However, we are not the only abusers. After 2 days, the # of working RPCs on the Internet reduced from 272 to 14. Tx landing rate reduced to ~6%.

3

0

33

Chaofan Shou

@shoucccc

2 months

@bloXrouteLabs @jito_sol [3/8] Initial Attempt for Landing Tx Due to the massive amount of miners clogging the Solana network, it is extremely tough to land any tx. We initially tried a strategy MEV bots used: blindly sending millions of txs every second to every open RPC on the Internet.

9

1

35

Chaofan Shou

@shoucccc

1 year

WE ARE HIRING A FUZZING GURU 🤪 DM me if ur interested

3

2

20

Chaofan Shou

@shoucccc

1 year

ItyFuzz gains similar performance as @ConsenSysAudits fuzzer on their benchmarks! Even better, ItyFuzz is opensourced Contracts in the benchmark only have 49 states. ItyFuzz is stateful fuzzer and performs even better on more stateful contracts [1/3]👇🧵

Valentin Wüstholz

@vwuestholz

1 year

Which smart-contract fuzzer should developers use? It would be great to have benchmarks to compare different tools easily! We just released Daedaluzz (), an open-source tool that automatically generates challenging benchmarks for many fuzzers. [1/3]

7

21

83

4

16

Chaofan Shou

@shoucccc

1 year

We confirmed 12 tokens with 18 liquidity pools (worth>$28k) are vulnerable to variants of LP Skim attacks identified by @AnciliaInc after analyzing and fuzzing 1.29M pairs on @PancakeSwap . Through static analysis, we find another 1384 LPs may be at risk. #fuzzing #web3 …

1

5

19

Chaofan Shou

@shoucccc

5 months

. @GammaStrategies is hacked, not @CryptoAlgebra 🤣

BlockSec Phalcon

@Phalcon_xyz

5 months

ALERT! Our system has detected a series of attacks targeting @CryptoAlgebra on #Arbitrum , resulting in the loss of several million dollars. Stay vigilant!

4

15

30

9

8

34

Chaofan Shou

@shoucccc

3 months

@uriklarman @bloXrouteLabs @unizen_io @0xPFL That semi private tx page was hidden in your deeply nested docs. We didn’t see it until yesterday. There is also no reference on this page. If it does not prevent frontrun, why you call it frontrun prevention?

1

2

34

Chaofan Shou

@shoucccc

2 months

@AlexMasonCrypto it's nearly impossible for Coinbase to launch a token given it is a public company based in the US

2

0

33

Chaofan Shou

@shoucccc

11 months

We are hiring full time & part time security researchers (PhD students welcomed) to work on exciting #fuzzing , #LLM , and #blockchain researches. If you are at #ISSTA or #EthCC , let’s talk

We Are Hiring! | Notion

About Us

fuzzland.notion.site

1

9

31

Chaofan Shou

@shoucccc

10 months

@CurveFinance fixed in vyper v0.3.1

Fix unused storage slots (#2439) · vyperlang/vyper@eae0eaf

* fix: don't alloc slots for repeated nonreentrancy keys this is not a semantic bug but an optimization bug since we allocate more slots than we actually need, leading to "hole...

github.com

3

4

28

Chaofan Shou

@shoucccc

6 months

About the identities, C2s, and IPs of recent @Blast_L2 phishing scammers (1/10)

4

5

33

Chaofan Shou

@shoucccc

2 months

@bloXrouteLabs @jito_sol fwiw, i did not dump that much. only took ~600sol from ore LPs

10

0

32

Chaofan Shou

@shoucccc

5 months

we got banned by @github

11

1

31

Chaofan Shou

@shoucccc

2 months

Parallel Fi projects achievements in last 2 yrs: * Omni hacked for $1.5m * Paraspace hacked for $5m * ParaX fucked up * Pac Finance hacked for $1m + $26m fucked up All due to team’s negligence. Absolutely the most impressive DeFi team. Kudos to @yuboruan @Sequoia @Polychain …

Parallel Network

@ParallelFi

2 months

At Parallel, we are backed by the best VCs in the world. Names such as: @Sequoia @Polychain @FoundersFund @BlockchainCap @CBVentures

70

20

154

6

4

30

Chaofan Shou

@shoucccc

7 months

I built a duck pooping game for a challenge of upcoming #blazctf . You can play it here now: Or register for BlazCTF to hack it onchain:

1

5

32

Chaofan Shou

@shoucccc

1 year

🈹 Stop buying #pepedao / #pipipump / #bobcoin , owner can rug you. Scammer deployed >67 malicious tokens. These contracts are obfuscated and designed to bypass @GoplusSecurity & @Token_Sniffer 's rugpull analysis. ~$300k funds have already been rugged. #ScamAlert #rugpull

4

7

29

Chaofan Shou

@shoucccc

5 months

oh, and I renounced the ownership by forgetting the password of my GitHub account.

5

0

28

Chaofan Shou

@shoucccc

5 months

10 years ago, I bought "How to Make $10k" guide on Silk Road market with $btc now worth $40k.

2

0

31

Chaofan Shou

@shoucccc

2 months

Confession: I spammed all public Solana RPCs with 200M txs last night just to make 3 $ORE 🤪🤪

5

4

29

Chaofan Shou

@shoucccc

3 months

@TheMisterFrog This was 5 SOL two minutes ago. Stop trading.

4

0

25

Chaofan Shou

@shoucccc

9 months

We took 3rd place in @MetaTrustLabs CTF and got 5x first blood!!! 🚀🚀🚀

4

27

Chaofan Shou

@shoucccc

3 months

@uriklarman @bloXrouteLabs @unizen_io @0xPFL This doc can cause lots of misunderstandings. It starts with and keeps reiterating “Front-running prevention”. Also, almost all MEV devs would assume “your transaction info will *eventually* become public info” means that the tx is only public after it got included into the…

1

25

Chaofan Shou

@shoucccc

1 year

FYI, I don't rug-pull. This is for educational purposes. We will soon release tools for combatting rug pulling.

1

24

Chaofan Shou

@shoucccc

2 months

@radiorock2022 @samwu 傻逼

0

1

25

Chaofan Shou

@shoucccc

6 months

I don't want to be the chad to try it out but this is one possibility given all these repos use this key.

2

22

Chaofan Shou

@shoucccc

2 months

This is the 3rd time your project got hacked. More like bring 1 billion $ user funds to hackers 🫡

Parallel Network

@ParallelFi

2 months

One mission: Parallel Network will bring 1 billion people to DeFi.

84

41

242

4

9

23

Chaofan Shou

@shoucccc

6 months

but github token with write access does

4

3

23

Chaofan Shou

@shoucccc

7 months

what @frenpetonbase

1

3

23

Chaofan Shou

@shoucccc

1 year

found my #FTX card, good memory

2

1

21

Chaofan Shou

@shoucccc

6 months

How should I use this domain? Maybe free *.fuzz.ing subdomain for fuzzer projects?

3

2

23

Chaofan Shou

@shoucccc

5 months

The scammers trick victims into installing fake @AICoincom wallets and steal wallet private keys. The fake wallet wraps the real one with a wallet drainer trojan. The fake wallet also adds itself to startup apps. [2/8]

2

1

20

Chaofan Shou

@shoucccc

5 months

This information is then encrypted using RC4 and sent to *.91.90.189 (***chilou[.]com). This host, first seen in Nov 2023, has been connected to multiple wallet drainers and linked to an Android Trojan. [4/8]

3

0

19

Chaofan Shou

@shoucccc

5 months

The wallet drainer is well-designed. Almost no antivirus software recognized it as malicious yesterday. The wallet drainer automatically records private keys in >50 different Ethereum, NEAR, Aptos, etc wallet browser plugins, monitors the clipboard, and takes screenshots. [3/8]

2

1

18

Chaofan Shou

@shoucccc

1 year

Formal verification and Fuzzing for smart contract used to be complex Now it works just like using #ChatGPT 👇

fuzzland 🥐

@hackthedefi

1 year

🤖 GPT4 x Formal Verification = Everyone can audit smart contracts easily & accurately [1/3] #web3 #bugbounty #gpt #fuzzing

19

21

75

13

2

22

Chaofan Shou

@shoucccc

5 months

In another host, we gained access to scammers' Baidu Netdisk. We found photos taken in China, Thailand, and Laos. Through different sources, we also found multiple ID cards of members of the organization. [7/8] Luxury life of scammers:

12

1

19

Chaofan Shou

@shoucccc

6 months

@BlockSecTeam update: they seem to be whitehat

2

21

Chaofan Shou

@shoucccc

1 month

@fdlucifer11 But it is designed for sending arbitrary sql query 😂

1

0

21

Chaofan Shou

@shoucccc

5 months

We managed to compromise various hosts in the *.91.90.189/27 network by exploiting PHP bugs. After logging into the server through RDP, we confirmed that these hosts are owned by the same scammer organization. [5/8]

2

0

18

Chaofan Shou

@shoucccc

5 months

we've been banned

9

0

20