11364
• Articles: @officercia • Blog: officercia.mirror.xyz • X: x.com/officer_cia
Bybit hack investigation continues 👉 https://x.com/officer_cia/status/1897683647953531004?s=46
#security #investigation
Spotted an amazing resource by 0xFitz 🫡
Much thanks for mentioning my work!
Link: degenhub.com
Post: https://x.com/officer_cia/status/1897536562482565527
#security #web3
https://officercia.mirror.xyz/Q00JH0s86d4KMS43cyqNxbl3VIM2s30qtwYfdSTXywE
Читать полностью…
The hacker has laundered all the 499,000 ETH ($1.39 billion) stolen from Bybit, and the whole process took 10 days. THORChain, the main channel used by the hacker to launder money, received $5.9 billion in transaction volume and $5.5 million in handling fees.
My personal advice to the Thorchain team is to contact my attorney @rata0x before it's too late. I think we can help you with a legal audit.
• https://x.com/officer_cia/status/1896749395577581970?3
#security #investigation
> One image cannot shake the unwavering resolve of a Web3 security researcher!
> Yet, behold this picture:
• https://x.com/officer_cia/status/1896040825479708766?1
#security #opsec
Dear friends, the best thing is to support me directly by donating to any address from the list below (Ethereum, Bitcoin, Tron & Solana)!0xB25C5E8fA1E53eEb9bE3421C59F6A66B786ED77A - Ethereum;17Ydx9m7vrhnx4XjZPuGPMqrhw3sDviNTU - Bitcoin;TYWJoRenGB9JFD2QsdPSdrJtaT6CDoFQBN - Tron;BLyXANAw7ciS2Abd8SsN1Rc8J4QZZiJdBzkoyqEuvPAB - Solana.
You can also support me by minting one of my Mirror articles NFTs or just DM me for a clean address!
Join my chat: t.me/+C6RfnbB33AYzNGIy
Thank you very much!
If you’re in Denver, join Hexens and Remedy for a high-signal side event away from the usual chaos. 🧢
Expect real convos, top builders and security researchers, and cocktails worth sipping.🍸
📍When: Friday, February 28 (8–11 PM MST)
📍Where: Denver, CO (register for exact location)
Register here asap
Hope to see you there! 💚
Statement by FBI: https://x.com/officer_cia/status/1895005396214968534?s=46
#security #investigation
1. Handle your our hosted version of UI - it can be even the case to create the UI that is built from the immutable source
2. Isolate the machine for signing, add hardware key and simulate the tx, check hex from the hardware with what is on the ui.
This tool safehashpreview.com would have stopped this attack.
#security #opsec
Hacker’s address list: https://hackscan.hackbounty.io/public/hack-address.json
#security #investigation
You asked, I answered – the legendary chat room is back! 🚀 The last one may be history, but this time, let’s make it last. Join the fun! 🎉 #ChatRoomRevival
Link: t.me/+C6RfnbB33AYzNGIy
#opsec #ai #web3 #crypto #offtopic
https://x.com/SDNYnews/status/1894115083917185039
Читать полностью…
I'll be writing an article about the wonderful gridplus wallet soon! Stay tuned!
By the way, if you manufacture similar equipment, you can send it to me for review. I finally have a shipping address in the USA!
• https://officercia.mirror.xyz/OJzFborIrcY66RAaQOGB81RCBzey99w_vbtSGKyHpKU
#security #privacy
Date: 2025-02-24
Bug bounty program was added to Remedy:
UFarm Digital
Join my chat: t.me/+C6RfnbB33AYzNGIy
#offtopic
Announcing the debut of a new service!
Now you can contact me and my friend @rata0x for legal services and advice. We've known my dear friend @rata0x for 5 years, and we've helped a lot of individuals in the most desperate situations!
So, if you need to:
1. Resolve the issue of unauthorized blocking of funds on the exchange.
2. You have had a huge sum of money stolen from you and must immediately block it on exchanges and return it as soon as possible.
3. You or your project require legal assistance and advice.
Contact @rata0x ! When I refer him, I use my name because I've worked with him for a long time and know him well.
The last year two different people were strugling to find a lawyer who can really unblock their frozen funds at some big tier1 exhanges, after trying numerous lawyers they finally reached me out, l recommended @rata0x and he was succesfully was able to solve their legal problem and save their funds!
#legal #aml #investigation
🌟 Switching to Apple’s macOS? Here's Your Ultimate Security Guide! 🌟
With the rise in cyber threats on Windows, many are turning to macOS. If you're one of them, here's a comprehensive guide to safeguarding your device and enhancing your OpSec: https://x.com/officer_cia/status/1896761077318193637?s=46
#security #opsec #privacy
Since yesterday, the Bybit hacker has resumed money laundering. Currently, of the 499,000 ETH stolen from Bybit by hackers, only 156,000 ETH have not been processed. At the current speed, it is expected that the remaining stolen funds will be completely cleared within three days.
• https://x.com/officer_cia/status/1896038932619350255?s=46
#security #investigation
Telegram 's latest beta for Android introduces detailed user info! 🕵️♂️
You can now see:
📍 Country of phone number origin
📅 Account registration date (month/year)
👥 Number of shared groups
✔️ Whether the account is official
• https://x.com/officer_cia/status/1895442145370087681
#privacy #security #opsec
The Bybit hacker has moved 270,000 ETH worth around $605M via THORChain and still holds 229,395 ETH worth around $514M: https://x.com/officer_cia/status/1895407702614094208?s=46
#security #investigation
FYI OpenZeppelin just launched a user-friendly interface to make it easily accessible: safeutils.openzeppelin.com
#security #privacy #opsec
A dev machine of Safe was compromised. This allowed access to AWS and their S3 bucket. A malicious JavaScript was pushed to the bucket and eventually distributed. The malicious JS code targeted specifically the Bybit contract address. The JS code changes the content of the transaction during the signing process.
#security #investigation
This is official. Safe UI has been compromised to attack Bybit…
Link: https://x.com/officer_cia/status/1894773005961527331?s=46
#security #investigation
Being sovereign of your resources is not an easy task and the custody of own funds in Bitcoin, or any other crypto, is a burden that we are not used to. Here is an awesome solution! Make your cold wallet with washers ⬇️
Link: https://blockmit.com/english/guides/diy/make-cold-wallet-washers/
#security #opsec #privacy
Bybit CEO Ben Zhou launches LazarusBounty at http://lazarusbounty.com, the industry's first bounty site offering full transparency on sanctioned Lazarus money laundering activities, enabling bounty hunters to connect wallets, trace funds, earn instant rewards when freezes occur (with freezers receiving 5%), and access live rankings to expose bad actors. - 𝕏/@benbybit
Читать полностью…
More information: https://x.com/officer_cia/status/1894195644455080341?s=46
#investigation #security
Type: #multisig #delegateCall
Project: Bybit
Date: 21/01/25
Blockchain: ETH
Problem: Malicious delegate call upgraded storage of the multisig wallet.
The story of one of the biggest exploits in history. In this hack an attacker managed to get a full access to the Gnosis multisig wallet of the Bybit CEX, by receiving signatures from the signers for the malicious delegatecall. Bybit stated that it has signed malicious data because of the UI compromise, which is the most likely scenario. I can assume that all devices of the signers were compromised to trick them. The signers has approved a seemingly routine ERC-20 transfer as it has appeared on UI, but inside this data there was a delegatecall to the hacker's implementation, the call has a regular transfer selector, however the recipient is hacker address and amount is 0.
It's important to mention that Gnosis multisig is using upgradable pattern. When user creates a wallet - a new proxy is created, which sets it's implementation to the masterCopy address. This address stores all of the wallet logic, and is stored in slot 0. Every time when a user calls his Gnosis multisig wallet (the proxy address), the call is always delegated to the masterCopy address;
And the hacker, by tricking the signers, was able to take advantage of this upgradable design, with the malicious delegatecall to his own implementation the hacker has rewritten the masterCopy address at the storage slot 0 to his own new implementation. After the implementation is changed, the hacker can execute any code, gaining full control over the multisig wallet.
The Hacker:
1) Tricked signers to sign malicious data.
2) Executed a transaction with the signatures, delegatecall to address controlled by attacker, overwriting slot 0, changing the implementation of the proxy to malicious one.
3) Drained all tokens from the multisig to his wallet.
Discoverer: Lazarus group
Harm: 1.46 B $
link | boost | twitter
Bybit releases blacklisted wallets API to aid recovery program
Bybit is offering a bounty of up to 10% of the stolen funds for white hat hackers who successfully recover crypto from the Lazarus Group.
https://ct.com/e1ql
