Forwarded from Wu Blockchain News
OKX DEX is suspected of being exploited. Some wallets authorized to OKX DEX were stolen for more than $424k. The deployer of the OKX DEX: Aggregation Router was involved in the attack. The proxy for attack has been removed. It is suspected of 0xFacf3 permission account's private key is leaked. β link β link
Suspected attacker:
0xFacf375Af906f55453537ca31fFA99053A010239
Profit address:
0x1F14E38666cDd8e8975f9acC09e24E9a28fbC42d
Suspected attacker:
0xFacf375Af906f55453537ca31fFA99053A010239
Profit address:
0x1F14E38666cDd8e8975f9acC09e24E9a28fbC42d
π1
Forwarded from Wu Blockchain News
OKX stated that due to the hack of the management rights of an abandoned OKX DEX market maker contract, 18 address assets authorized for the contract were hacked. The affected contracts have been deactivated and all user assets have been confirmed to be safe. All affected users have lost approximately $370k, and OKX will compensate. OKX will conduct a security self-examination and reorganize all relevant abandoned contracts.
β€1
Ian's Intel
β οΈ Twitter Exploit β samczsun
β οΈ Explainer of the Twitter XSS & CSRF Vulnerability β shoucccc
X (formerly Twitter)
Chaofan Shou (svm/acc) (@shoucccc) on X
π Here is the full disclosure of the Twitter XSS + CSRF vulnerability.
Clicking a crafted link or going to some crafted web pages would allow attackers to take over your account (posting, liking, updating your profile, deleting your account, etc.)
Clicking a crafted link or going to some crafted web pages would allow attackers to take over your account (posting, liking, updating your profile, deleting your account, etc.)
Forwarded from Cookie Reads πͺ
Had this question pop up this morning while in a call with friends
What will MEV in a parallelized EVM look like?
Think this might be an interesting read: https://writings.flashbots.net/speeding-up-evm-part-1
What will MEV in a parallelized EVM look like?
Think this might be an interesting read: https://writings.flashbots.net/speeding-up-evm-part-1
writings.flashbots.net
Speeding up the EVM (part 1) | Flashbots Writings
Thanks to Alejo Salles, Hongbo Zhang, Alex Obadia, and Kushal Babel for feedback and review of this post.
π₯1
Introducing the Mantle LSP β crypto_linn
X (formerly Twitter)
π Crypto Linn (@crypto_linn) on X
Introducing @0xMantle Liquid Staking Protocol: $mETH:
You are now able to stake your ETH and receive instant and sustainable yields from Ethereumβs PoS Validator network
Mantle aims to make holding $mETH (a value-accumulating receipt token) a highly rewardingβ¦
You are now able to stake your ETH and receive instant and sustainable yields from Ethereumβs PoS Validator network
Mantle aims to make holding $mETH (a value-accumulating receipt token) a highly rewardingβ¦
Comprehensive Guide to Crypto Futures Indicators β CryptoCred
Medium
Comprehensive Guide to Crypto Futures Indicators
Understanding open interest, liquidations, funding, and cumulative volume delta.
π3
What might an βenshrined ZK-EVMβ look like? β vitalik
HackMD
What might an "enshrined ZK-EVM" look like? - HackMD
# What might an "enshrined ZK-EVM" look like? Layer-2 EVM protocols on top of Ethereum, including o
Immutable zkEVM and Immutable Passport will be capable of gas fee abstraction, eliminating gas fees for all players. The Immutable zkEVM is powered by Polygon zkEVM β Immutable
Immutable
Immutable zkEVM is Gas Free for Gamers | Immutable Blog
Immutable Passport will be capable of eliminating gas fees for players on Immutable zkEVM
β οΈ LEDGER LIBRARY COMPROMISED β h/t @thedailyape
DO NOT INTERACT WITH ANY APP
https://x.com/matthewlilley/status/1735275960662921638
https://x.com/bantg/status/1735279127752540465
https://x.com/blockaid_/status/1735275569586090221
DO NOT INTERACT WITH ANY APP
https://x.com/matthewlilley/status/1735275960662921638
https://x.com/bantg/status/1735279127752540465
https://x.com/blockaid_/status/1735275569586090221
π±3
Forwarded from Vladimir S. | Officer's Channel (officercia)
Revoke cash and Sushi UIs compromised! Stay safe!
β’ x.com/officer_cia/status/1735276914321846498?1
#security #alert
β’ x.com/officer_cia/status/1735276914321846498?1
#security #alert
X (formerly Twitter)
Officer's Notes (@officer_cia) on X
Stay safe! @SushiSwap and @RevokeCash front-end compromised too!
Forwarded from infinityhedge
Ledger Library Exploit Explainer for Average Folks:
Hudson Jameson
What is going on with the recent alerts not to use dapps?
A library that is used by many dapps that is maintained by Ledger was compromised and a wallet drainer was added.
What do I do as a normal user?
Do not interact with any dapp front ends on websites for now. This is an ongoing situation and it is risky to use dapps currently if you don't understand what backend libraries they use.
How does this drain your money?
If you visit the website you won't get automatically drained or your funds. However, prompts from your browser wallet (like MM) will display that give your assets to the malicious actors.
Does Ledger know about this?
Yes they do and are working on it.
Note: Even after Ledger corrects the bad code in their library, projects using and deploying that library will need to update things before it is safe to use dapps that use Ledger's web3 libraries.
Hudson Jameson
What is going on with the recent alerts not to use dapps?
A library that is used by many dapps that is maintained by Ledger was compromised and a wallet drainer was added.
What do I do as a normal user?
Do not interact with any dapp front ends on websites for now. This is an ongoing situation and it is risky to use dapps currently if you don't understand what backend libraries they use.
How does this drain your money?
If you visit the website you won't get automatically drained or your funds. However, prompts from your browser wallet (like MM) will display that give your assets to the malicious actors.
Does Ledger know about this?
Yes they do and are working on it.
Note: Even after Ledger corrects the bad code in their library, projects using and deploying that library will need to update things before it is safe to use dapps that use Ledger's web3 libraries.
β€3π2
The first connect-kit version with the drainer (1.1.6) was added to the npm registry at 9:44am UTC. Check that you have not interacted with any UIs starting this time β FrankResearcher
X (formerly Twitter)
Igor Igamberdiev (@FrankResearcher) on X
1/2
Ok, the first connect-kit version with the drainer (1.1.6) was added to the npm registry at 9:44am UTC
Better to check that you have not interacted with any UIs starting this time
Ok, the first connect-kit version with the drainer (1.1.6) was added to the npm registry at 9:44am UTC
Better to check that you have not interacted with any UIs starting this time
π1
Polygon proposes Apechain to be built using Polygon CDK, purchases $10m+ APE to show alignment β Source
X (formerly Twitter)
Marc Boiron (@0xMarcB) on X
π¨ TLDR:
Today, the @apecoin community will vote on AIP-368, a @0xPolygonLabs proposal for the ApeChain to be built using Polygon CDK.
π We bought $10M+ of APE to show our alignment.
β οΈ We care about the ApeCoin community, so properly managing conflicts ofβ¦
Today, the @apecoin community will vote on AIP-368, a @0xPolygonLabs proposal for the ApeChain to be built using Polygon CDK.
π We bought $10M+ of APE to show our alignment.
β οΈ We care about the ApeCoin community, so properly managing conflicts ofβ¦
Forwarded from Binance Announcements
Binance Will List Bonk (BONK) with Seed Tag Applied
https://www.binance.com/en/support/announcement/1592b7a6ec9a408daf4b778f50ab1ca6
https://www.binance.com/en/support/announcement/1592b7a6ec9a408daf4b778f50ab1ca6
Forwarded from Bybit Announcements
π£ New Trading Pair: SEI/USDC is Live on Bybit Spot!
π₯ What's more, you can now enjoy zero-fee Spot trading on SEI/USDC until further notice!
π€ You can also trade $SEI with Bybit Grid Bots
π₯ What's more, you can now enjoy zero-fee Spot trading on SEI/USDC until further notice!
π€ You can also trade $SEI with Bybit Grid Bots
β€1
Forwarded from infinityhedge
RED ALERT π¨: dingaling
If you've ever used NFT Trader [nft Marketplace] in the past, revoke approval to their contract ASAP (0x13d8faF4A690f5AE52E2D2C52938d1167057B9af)
*So far already 37 BAYC and 13 MAYC have already been drained to this address.
Boring Security: if you have any apes in lending protocols and have ever used NFTTrader, revoke approvals to NFTTrader before withdrawing.
It is most important to get folks who have deposits in BendDAO and Paraspace to revoke! For as soon as they withdraw they will be drained!
If you've ever used NFT Trader [nft Marketplace] in the past, revoke approval to their contract ASAP (0x13d8faF4A690f5AE52E2D2C52938d1167057B9af)
*So far already 37 BAYC and 13 MAYC have already been drained to this address.
Boring Security: if you have any apes in lending protocols and have ever used NFTTrader, revoke approvals to NFTTrader before withdrawing.
It is most important to get folks who have deposits in BendDAO and Paraspace to revoke! For as soon as they withdraw they will be drained!