커뮤니티
커뮤니티를 강화하기 위해 인사이트와 팁을 공유하세요.
카테고리
On June 26, 2025, ResupplyFi—a decentralized stablecoin and lending protocol—became the latest victim in a string of DeFi price manipulation attacks, losing an estimated $9.6 million from its wstUSR lending market.But this wasn’t a typical exploit. This was a surgical, precision-driven manipulation that started with just 1 wei and ended in millions.Here’s how it happened, why it worked, and what this means for the future of DeFi.🧨 The Attack at a Glance• Target: ResupplyFi’s wstUSR market• Method: Oracle manipulation via ERC-4626 vault logic bug• Funds lost: ~$9.6 million in reUSD• Exploited function: _updateExchangeRate() in ResupplyPair contract• Timeline: Single transaction drain within minutes🛠️ How the Exploit WorkedAt the heart of the attack was a poorly designed exchange rate oracle within ResupplyFi’s vault contract. Specifically, the exchangeRate was derived using a value called pricePerShare, common in ERC 4626 vaults.But here’s the catch:➤ The attacker deposited 1 wei into an almost empty vault.This gave them control over how the vault's pricePerShare would respond to subsequent “donations.”➤ Then, they made a large “donation” to the vault.This artificially inflated the share price, skewing the oracle rate. Because of a logic flaw, the protocol calculated the exchangeRate as 0, tricking the system into thinking the collateral was worthless.➤ Result:The attacker borrowed $10 million worth of reUSD against 0 value collateral.⚠️ What Went Wrong?• Broken Oracle Assumptions: The system trusted pricePerShare as a real-world oracle without validation.• No Lower Bound Check: Allowing exchangeRate to drop to zero effectively bypassed the collateralization check.• Missing Guardrails: There were no sanity limits on extreme values coming from vault math.💸 The Drain & LaunderingThe attacker didn’t stick around.They quickly converted stolen reUSD into ETH Funds are now sitting at 0x886f786618623fffb2be59830a47661ae6492e160x31129a5c13306a48e827e851d44e19ca07d4928a🧠 Lessons for the DeFi WorldThis hack joins a growing list of oracle manipulation exploits where DeFi protocols underestimate how easily “trusted” math can be gamed in low-liquidity or edge-case scenarios.✅ Key takeaways for builders:• Never trust raw vault math without bounds.• Validate pricePerShare with a circuit breaker or floor value.• Use multiple oracles for redundancy.• Simulate edge cases with small deposits in testing environments.🗣️ Final ThoughtsThe ResupplyFi exploit is another reminder that a single wei, when paired with flawed logic, can dismantle an entire system.As DeFi continues to innovate, we must slow down and ensure that core primitives like oracles, vaults, and pricing logic are built with security-first principles.If not, there will always be someone waiting to turn one wei into one more heist.
On an ordinary Thursday evening, thousands of crypto users did what they always do, visit CoinMarketCap to check token prices, track trends, and explore new projects. Everything seemed fine. The homepage loaded normally, complete with its signature doodle graphic at the top.But hidden behind that seemingly harmless doodle… was a trap.A highly targeted, well-executed supply-chain attack was underway, and most visitors had no idea.🎭 A Familiar Prompt, A Dangerous IllusionAs users scrolled the CoinMarketCap homepage, something popped up:“Connect your Wallet to Continue.”It looked legitimate. A clean interface mimicking WalletConnect.Many users, conditioned by countless previous wallet interactions, didn’t think twice.They clicked.Within seconds, wallets were drained.SOL, XRP, obscure meme tokens, and more, gone.🔍 Unmasking the AttackThis wasn’t a server breach. There were no leaks, no brute-force logins, and no malware downloads.Instead, the attackers found a smarter way in, through the frontend.They exploited a third-party image API used by CoinMarketCap to load its doodle. That API was silently compromised. When CoinMarketCap called it, it returned not just the image… but also malicious JavaScript code.That code injected the fake wallet prompt right into the homepage, all within the browser.Users never left the site. But their crypto left their wallets.💸 The AftermathWithin 24 hours:• 110+ wallets were compromised• At least $43,000 in funds were stolen• Tokens included $SOL, $XRP, $EVT, $PENGU, $SHDW, and others• The attacker used a tool known as Inferno Drainer, a wallet-draining-as-a-service platform growing in popularityThis wasn’t the first time Inferno Drainer was seen in action. But using CoinMarketCap’s trusted brand and homepage as the delivery vector? That was bold.And most importantly:The funds were traced to the drainer wallet:• 0x8a2983f358a03c6DB9c47a70e944368D4De77820• 0x030703e1EB18355a794F3f034Fe63959F8640D33This address received tokens from victims across multiple chains. You can see the wallet’s on-chain activity, including token swaps and consolidation behavior — classic drainer operation.Other IOCs involved• 0x000037bB05B2CeF17c6469f4BcDb198826Ce0000• 0x0000553F880fFA3728b290e04E819053A3590000• www.cdnkit[.]io• https://static.cdnkit[.]io• blockassets[.]app🛡️ CoinMarketCap’s ResponseTo their credit, CoinMarketCap reacted quickly:• ✅ The fake pop-up was immediately removed• 🔧 The third-party API was patched• 🛑 No backend servers or databases were breached• 🤝 Most importantly, CoinMarketCap committed to reimbursing affected usersThey also stated they are reinforcing internal controls and reviewing all external integrations.🧠 Lessons LearnedThis wasn’t a smart contract exploit.It was an exploit of trust, using a familiar interface, a trusted website, and user habits as the entry point.The most dangerous scams aren’t always flashy. This one worked because it looked normal.Even trusted platforms like CoinMarketCap can be used as vectors in supply-chain attacks.✅ How to Protect Yourself Going ForwardHere’s what you can do right now to reduce your risk:1. Don’t approve wallet prompts you didn’t expect.2. Review token approvals regularly with tools like Revoke.cash.3. Use browser extensions that detect wallet drainers (e.g., Wallet Guard, Scam Sniffer).4. Bookmark official dApps and avoid interacting with wallet pop-ups on informational sites.5. Always double-check transactions before signing.🧵 Final ThoughtsThe CoinMarketCap incident wasn’t the biggest crypto exploit by dollar amount—but it was one of the most deceptive.It showed us how fragile the frontend trust layer can be in Web3.As users and builders, we must recognize that security isn’t just about smart contracts. It’s about interfaces. Dependencies. And habits.The drainer wallet may be just one address.But the lesson it leaves behind affects millions.Stay sharp.Stay sovereign.And never blindly click "Connect Wallet."If this helped you or your community, consider sharing it to raise awareness. Security is a shared responsibility in Web3.#CoinMarketCap #Web3Security #WalletDrainer #CryptoScams #InfernoDrainer #Phishing #CryptoNews
On June 18th 2025, Iranian Exchange Nobitex was drained of over 100 million USD of assets including ETH, BSC, POL, AVAX, ARB, BTC, TRX among others. These are some facts obtained from blockchain analysis.1. The incident started with unauthorized access of Nobitex controlled wallets, which were drained and burned to the following vanity addresses. - TKFuckiRGCTerroristsNoBiTEXy2r7mNX - 0xffFFfFFffFFffFfFffFFfFfFfFFFFfFfFFFFDead - 1FuckiRGCTerroristsNoBiTEXXXaAovLX - DFuckiRGCTerroristsNoBiTEXXXWLW65t2. The reason why 100 million USD is as good as lost assets, is because in order to spend the assets from the above 4 vanity addresses, it would require the knowledge of it's private key and its calculation would requires years of brute force computation.Figure 1: Nobitex Compromised Wallets drained of ETHFigure 2: Nobitex Potentially Implementing Safety Procedure3. Using our proprietary tool CATV, that feeds from blockchain data, we are able to derive insights into the actions of the hacking group, and subsequent response from the Iranian Exchange. For instance, 262 ETH was burned from 2 compromised Nobitex wallets, and within a few hours Nobitex managed to restore approximately 6 ETH from the compromised wallets, and moved close to 10,000 ETH from its hot wallet to a potentially new wallet as safetymeasure. This was observed across other tokens and EVM chains too.Figure 3: More than 2000 Compromised Wallets drainedFigure 4: Nobitex Potentially Implementing Safety Procedure4. Similarly, more than 2,000 compromised Bitcoin addresses containing small amounts of BTC were drained a total of approximately 18 BTC. Similar to EVM chain, we saw that around 1800 BTC were moved by Nobitex to a new address potentially as part of its safety procedure.Figure 5: Zero Value Transactions from Vanity Address to VASPs.Figure 6: TransferFrom() function invoked5. Maximum losses were incurred from TRON blockchain, where more than 100,000 compromised wallets were drained, where each wallet held small USDT balances. The most interesting aspect from TRON is that on 20th June 2025, we observed attempts to withdraw funds from the vanity address using Tron's bonk Token TransferFrom() function. While TransferFrom allows another wallet to spend the vanity wallet's funds upon obtaining approval from the vanity address, in this case 0 value transactions were requested by another wallet to make it seem like funds were transferred to several exchanges. However, real spending from the vanity address would need its private key.
Mail scam are not send by randomly, but your mail actualy already sign up at several sites/airdrop/giveaway etc.This is my dump email for sign up and many thing not personal mail.
When it comes to crypto, even the smallest mistake can lead to big losses, especially with your wallet address. There’s a sneaky scam going around called address poisoning, and it’s causing people to accidentally send their crypto to the wrong wallet.It’s cheap for scammers to do, hard to notice, and it works more often than you’d think.In this post, we’ll explain how the scam works, how to spot it, and what you can do to protect yourself.What is address poisoning?Address poisoning is a scam where a bad actor creates a wallet address that looks almost identical to yours, same beginning and ending characters, for example:Your real wallet: 0xA1B2...7890Scammer’s address: 0xA1B3...7890Then they send a tiny or worthless token (like $0.00) to your wallet from their fake address. This harmless-looking transaction now shows up in your transaction history.Later, if you copy-paste your wallet address from your history (as many people do), you might accidentally copy the scammer’s lookalike address instead, and unknowingly send your real funds to the wrong wallet.It’s simple, quiet, and devastating.Take this address for example:0x917f79bd9c4435179eb3c0c88e40951824580f99 (Binance Smart Chain Mainnet)https://bscscan.com/address/0x917f79bd9c4435179eb3c0c88e40951824580f99#tokentxnsThis wallet is part of an address poisoning campaign on Binance Smart Chain (BSC). It sends tiny token amounts to many other addresses, making it appear in wallet histories. If a user mistakenly selects this address instead of their own, they could end up sending real assets to the scammer.We’ll be tracking this address further and analyzing its flow of funds to understand how widespread its activity is.Image 1 captured from bscscanImage 2 captured from bscscanThe outgoing transactions shown in images 1 and 2 are part of an address poisoning attack carried out by the scammer.Now, let’s take a closer look using a visual graph with CATVImage captured from the Crypto Analysis Transaction Visualization (CATV) Dashboard.Looking at the graph, we can see that the scammer used exchanges like Bybit, Phemex, MEXC Global, and Gate. Once someone falls for the scam, the stolen crypto gets sent to these VASP (Virtual Assets Service Provider).🔍 How to Spot Address PoisoningHere are common signs you’re being targeted:• You receive a transaction from a wallet that looks very similar to yours.• The transfer is very small (often $0 or just a few cents).• It appears shortly after you’ve made a real transaction.🛡 How to Stay SafeAvoiding this scam is easy if you follow a few good habits:✅ Never copy your wallet address from your transaction history.✅ Use a saved address book in your wallet app (e.g., MetaMask, Trust Wallet).✅ Double-check the entire address, not just the first and last few characters.✅ Send a small test transaction when dealing with a new address.✅ Ignore dust tokens or unexpected airdrops, they're often part of the trick.About the Crypto Analysis Transaction Visualization (CATV) ToolThe Crypto Analysis Transaction Visualization (CATV), developed exclusively by Uppsala Security’s expert team, serves as a sophisticated yet seamless forensic tool that offers in-depth insights into cryptocurrency transaction flows. This tool is designed to trace both inbound and outbound transactions linked to a specific wallet. CATV empowers users to effectively track, analyze, monitor, and graphically visualize cryptocurrency transactions, highlighting the flow of tokens and their interactions with various entities like exchanges and smart contracts.Explore CATV in a brand new Avatar with easy to use credit system!!Pay for only what you need and use. Contact us at [email protected] for a free demo and more details!!
I see lot of new new crypto project thay doing most of scaming . At first when lunch new price big pump than after some days price going almost 99% down ? How to find real coin and save my money
조사관 신청하기
