11364
• Articles: @officercia • Blog: officercia.mirror.xyz • X: x.com/officer_cia
We're on officer_cia's favorite and most vision aligned with list!
Thank you sir!
Leviathan News - 𝕏/@officer_cia
A short-list of my favorite projects and individuals with whom we share the same vision for our industry:
• https://x.com/officer_cia/status/1891993271246758113
#offtopic #security
BTW. It is really easy to revoke all your sessions at once on Abstract Global Wallet through revoke.abs.xyz
#security #tip
🚨 Abstract Wallets are being drained as we speak!
If you've connected your AbstractChain wallet to Cardex, make sure to disconnect it & revoke all approvals you might have given.
Over 50 ETH has already been drained, and it's not a network-wide issue. The exploit is specifically targeting those who linked their abstract wallets to Cardex.
• https://x.com/officer_cia/status/1891852031041605841?s=46
#alert #security
Might be useful:)
https://huggingface.co/datasets/Coriolan/smart-contract-vulnerabilities
Crypto privacy software refuses money stolen in $9.5m hack
Читать полностью…
Please help me to promote this tweet fam 👉👈
• https://x.com/officer_cia/status/1890334427252732241?s=46
#security #opsec
SlowMist founder: we discovered that the hacker who attacked zkLend has a close connection to the hacker who attacked EraLend in July 2023, and we suspect they are the same person: x.com/officer_cia/status/1890132436589445291?12
#security #privacy #investigation
Use this list of fantastic telegram channels I've put together in order to discover them as your own personal Web3-Google!
Link: t.me/addlist/uesom31GM1I4Yjgy
Feel free to use this folder to onboard your non-web3 friends to Web3, as the majority of the channels are maintained by independent researchers. There are also additional channels for news, CT reviews, and more!
A small tip to subscribooors: if you find a channel interesting, move it out of the folder into your main list of chats. That way you’ll view content you’re interested in more often, and channels get more views instead of just subscribers!
#crypto #web3
Use my tips and stay safe. Forewarned is forearmed.
Link: https://officercia.mirror.xyz/ye7je7tkuy5nEF7oxHiqyfPI48SBKYckkhW1uTqafpo
#security #opsec #privacy
Crypto Security 101: How to NOT Get Hacked & Lose Everything
Link: https://x.com/fourvork/status/1887433629501935835
Much thanks for mentioning my work!
#security #opsec #privacy
ZKlend Hack rootcause: The attacker manipulated the "lending_accumulator" to be very large at 4.069297906051644020, then took advantage of the rounding error during ztoken mint() and withdraw() to repeatedly deposit 4.069297906051644021 wstETH getting 2 wei then withdraw 4.069297906051644020*1.5 -1 = 6.103946859077466029 wstETH to expend just 1 wei. @EthSecurity1
Читать полностью…
The Liquity Protocol team is investigating a potential issue affecting Liquity V2 Stability Pools ("Earn").
While the protocol continues to function as expected and no users have been impacted, users are advised to close their Stability Pool positions as a precaution.
More information: https://x.com/officer_cia/status/1889698655868682634?s=46
#security #alert
Eventually, zkLend has suffered a $9.5M exploit on the Starknet network. Stolen funds were bridged to Ethereum and transferred via Railgun, but due to protocol policies, the funds were returned to the original address by Railgun!
Deposit to Railgun: 0x7309db8034a421a319dc7073a41da4679f93a1a4bab8793c026666837e7846d4
Railgun to attacker: 0xf185675b2c2000d1d39f189594be223b78e389cc229b4ec4051b810b920bb125
Official statement by zkLend:
We are actively tracking the funds and pursuing the identification of the hacker. We are committed to full transparency and will share a comprehensive post-mortem analysis as soon as it is completed. We understand that this is a challenging time for our community, and your trust remains our highest priority. We appreciate your patience and support as we work diligently to resolve this issue.
We understand that you are responsible for today’s attack on zkLend. You may keep 10% of the funds as a whitehat bounty, and send back the remaining 90%, or 3,300 ETH to be exact, to this Ethereum address: 0xCf31e1b97790afD681723fA1398c5eAd9f69B98C.
Upon receiving the transfer, we agree to release from any and all liability regarding the attack.
We are working with security firms and law enforcement at this stage. If we do not hear from you by 00:00 UTC, 14th Feb 2025, we will proceed with the next steps to track and prosecute you.
Investigation: https://x.com/officer_cia/status/1892012038546931751?s=46
#security #investigation
Official post-mortem: https://x.com/0xcygaar/status/1891948692204368122?s=46
#security #analysis
178 ETH drained already.
• https://dune.com/artemisrsch/abstract-drain
#security #investigation
You asked, I answered – the legendary chat room is back! 🚀 The last one may be history, but this time, let’s make it last. Join the fun! 🎉 #ChatRoomRevival
Link: t.me/+C6RfnbB33AYzNGIy
#opsec #ai #web3 #crypto #offtopic
Official post-mortem by zkLend: https://drive.google.com/file/d/10i1dh_J89tPPw7KRcmFIVM6iNrJZAyfi/view?usp=sharing
#analysis #security
Elliptic's private key extraction in ECDSA upon signing a malformed input.
Private key can be extracted from ECDSA signature upon signing a malformed input (e.g. a string or a number), which could e.g. come from JSON network input.
I suggest not to be nervous, I think it will be fixed soon. However, this is interesting enough information to share with you! Also, it looks like you'd have to sign a dodgy transaction twice first…
Link: https://github.com/advisories/GHSA-vjh7-7g9h-fjfh
#cryptography #offtopic
Update: https://x.com/VitalikButerin/status/1889995280524681393
#security #privacy #opsec
Security challenges have recently become extremely acute. But what if you're abroad, have run out of cash, and need to cash out your cryptocurrencies immediately? Or simply need to purchase or sell bitcoin or USDT?
I'd like to remind you about my friendly exchanger, which likewise thoroughly examines cryptocurrency for purity.
Works in practically all countries in the world 🌍Personally, I have used their services several times and never had any issues. Everything is as trustworthy and secure as possible.
Withdrawal and input methods include cash, bank cards, and other bank transfers. Different currencies. 💵
Contact: t.me/Mr_Hermes1
I've known these guys for years and have never heard of any problems related to the swap. Please take note that you are my referral!
#opsec #crypto
Attention ‼️🚨
Thread (please like & RT): https://x.com/officer_cia/status/1889749401058644348?1
Apparently there is an exploit from within a zoom call now, avoid clicking any links! Use urlscan.io or virustotal.com
Stay safe!
#security #privacy #alert
Open Ocean Limit Order Protocol on Base as well as their main system works good now, everything has been fixed by their dev team.
I talked to their team, also to other researchers and we came to the conclusion that all the comments were applied by the team. Also, the total losses did not exceed 20-30k $.
The situation itself turned out to be more positive than we thought at first. You can draw your own conclusions.
• https://x.com/officer_cia/status/1889736948945674580?s=46
#security #web3
The U.S. may send Vinnik to Russia as part of the exchange.
Vinnik may control a wallet with 80k bitcoins: they were stolen by hackers from the Mt. Gox exchange in 2011, and Vinnik technically helped with the withdrawal.
80k bitcoins. $8 billion. You can't even imagine how many conspiracy theories are connected with this money...
More information: https://x.com/officer_cia/status/1889708710047453290?s=46
#security #offtopic #bitcoin
People keep asking about Railgun… Well, funds actually cannot be seized. Merely just excluded from the main pool if address is on exclusion list for illicit activity.
In this case the zkLink exploiter relayed it back to themselves after being excluded.
Privacy pools concept is based off of this paper Vitalik Buterin authored: https://papers.ssrn.com/sol3/papers.cfm?abstract_id=4563364
More information: https://docs.railgun.org/wiki/assurance/private-proofs-of-innocence
#privacy #security #opsec
https://officercia.mirror.xyz/S2ZQ6kkRVUfZzJx9Pv72ZWvVf5EaZPjr2yjiHbRDaZk
Читать полностью…