Community

Most people imagine a crypto hack involving stolen private keys, phishing campaigns, or sophisticated smart contract vulnerabilities.The AISOTH exploit was none of those.The attacker needed no special permissions, no compromised keys, and no hidden backdoor.Instead, they used only public functions available to every user and extracted over $30,000 in profit from a single atomic transaction.Even more surprisingly, five days later, the funds remain untouched in the attacker’s wallet.This is the story of how a seemingly harmless presale design turned into a risk-free arbitrage opportunity.Executive SummaryChain: BNB Smart ChainLoss: $30,314.76Attack Type: Presale Instant Claim ExploitCapital Required: $0 (Flash Loan Funded)Transactions Required: 1Special Permissions: NoneCurrent Status: Funds remain in attacker’s walletUnlike most DeFi exploits, the attacker did not break the protocol.The protocol behaved exactly as designed.That design was the problem.The Critical MistakeAISOTH operated a standard presale model.Users would:Buy tokens during presaleWait for the claim periodClaim their tokens laterAt least, that was the intended flow.The vulnerability existed because the protocol never actually enforced the waiting period.The contract checked only one thing:“Has this address purchased tokens?”It never checked:“When were those tokens purchased?”As a result, anyone could:Buy → Claim → Sellall within the same transaction.That single missing condition created a completely risk-free arbitrage opportunity.Why the Economics Were BrokenThe attack was only possible because of a massive price gap.The discount itself wasn’t the issue.Presales commonly offer discounted tokens.The issue was allowing those discounted tokens to become immediately liquid.Once that happened, the market effectively offered free money.All an attacker needed was enough temporary capital.Flash loans solved that problem instantly.The Entire Attack Happened in One TransactionThe exploit was executed atomically.If any step failed, everything would revert.If it succeeded, the attacker walked away with profit.This eliminated virtually all risk.Step 1 — Borrow FundsThe attacker borrowed:5,746.57 USDTfrom a PancakeSwap liquidity pool using a flash loan.No collateral.No upfront capital.Step 2 — Buy Presale TokensThe borrowed USDT was sent to the AISOTH presale contract.The attacker received an allocation of:164,187 AISat the presale price.At this stage, everything looked like normal user behavior.Step 3 — Trigger the VulnerabilityImmediately after purchasing, the attacker called:The contract approved the request.No waiting period.No vesting.No claim window.The attacker instantly received all presale tokens.This was the critical failure point.Step 4 — Accept the Token TaxAISOTH included transfer-tax mechanics.Several thousand tokens were burned or distributed through protocol fees.After deductions, the attacker held:159,262 AISThe reduction was insignificant compared to the arbitrage opportunity.Step 5 — Dump on PancakeSwapThe attacker sold all received AIS tokens into the existing PancakeSwap market.Result:36,075.73 USDT receivedThe presale discount had now been converted directly into cash.Step 6 — Repay Flash LoanThe flash loan was repaid immediately.Repayment:5,760.97 USDTRemaining profit:30,314.76 USDTTotal attacker capital invested:$0Execution time:One blockThe Most Interesting PartMost exploiters begin laundering funds almost immediately.That has not happened here.As of June 10, 2026:No exchange depositsNo bridge activityNo mixersNo secondary walletsThe funds remain parked in the original attacker-controlled address.This leaves two possibilities.Scenario 1 — Strategic DelayThe attacker may be waiting for monitoring activity to cool down before moving funds.This is common among experienced exploiters.Scenario 2 — White Hat IntentThe attacker may have conducted the exploit to demonstrate the vulnerability and could be preparing a disclosure or negotiation with the protocol team.At the moment, on-chain evidence supports neither theory conclusively.What Developers Should LearnThis incident highlights a recurring lesson in DeFi security.The biggest risks are not always code bugs.Sometimes they are economic bugs.The AISOTH contracts functioned exactly as written.The vulnerability emerged because the economic assumptions behind the design were never enforced on-chain.Three principles stand out:Presale Discounts Must Have LockupsIf discounted tokens can be sold immediately, the discount becomes an arbitrage mechanism.Assume Infinite CapitalFlash loans mean attackers effectively have unlimited temporary liquidity.Designs that rely on capital constraints are already broken.Test Economic Behavior, Not Just CodeUnit tests verify technical correctness.They do not verify economic safety.Protocols need adversarial simulations that ask:“What happens if every public function is used in the most profitable way possible?”ConclusionThe AISOTH exploit did not require hacking.It required reading the rules.The attacker simply followed the protocol’s intended execution path and discovered that the path itself created free money.One transaction.Zero capital.Zero permissions.Over $30,000 in profit.The most dangerous vulnerabilities are often the ones that execute exactly as designed.

🕵️ FAKE UNISWAP / ANGELFERNO DRAINER CAMPAIGN — FORENSIC TRACE REPORTDate of Analysis: May 26, 2026 | Case Ref: CASE-20260526-AFDRSUMMARYA live, actively draining phishing campaign is targeting Uniswap users via sponsored Google Ads. The operation deploys the AngelFerno drainer-as-a-service kit — a scam-as-a-service platform previously linked to front-end attacks against OpenEden and Curvance. Two primary collector wallets have aggregated $400,000+ in stolen assets, with the broader campaign responsible for $1.27M+ since March 2026 according to Security Alliance (SEAL).Attack vector: Victims search "Uniswap" on Google → click sponsored ad → land on a pixel-perfect phishing clone → connect wallet → sign a malicious approval transaction → all tokens/ETH are swept instantly by the drainer contract.Critical finding: Both drainer wallets remain active as of May 25–26, 2026, with the largest movements occurring within the past 48 hours.ON-CHAIN TRACE🔴 Drainer Wallet #10x37925684BA178821b4436E06e67f5dBD6cfA49Bb Primary ETH aggregator — most active of the twoActivity window: May 12 – May 25, 2026 (34 traced transactions, 109 total analyzed)DateTX HashFrom → ToAmountNotesMay 120x5b2be8...d232Victim 0x18c5...eb7e → Drainer #10.759 ETHDrain eventMay 120xaec8e69ebd54c5673a983d389f619b85c5a7ddc8ff1f552dbaf797bcdafe85d9Drainer #1 → 0xe245...1b3a3.845 ETHLayering hopMay 120x8e178cc8339c6edbd5c384fa7ab15a877904da98c258ac67e19d6a11b42e6ebfDrainer #1 → Relay.link1.201 ETHCross-chain bridge (Base → ETH)May 120x158da6...f81bStargate Finance → chain5,098 USDTStablecoin bridge-outMay 120xaa4607...f68cDrainer #1 → 0x Protocol5,098 USDTToken swap/launderingMay 160x02faa0...0340Feeder 0xc237...35a6 → Drainer #11.286 ETHETH consolidationMay 240x7caf0c...c7bcDrainer #1 → 0x Protocol18,082 USDCSwap out USDCMay 240x05e274...46d1Drainer #1 → 0x02e5...b2a912.9B MogMeme token dumpMay 250x589e10...4588Drainer #1 → 0x02e5...b2a94.65 PAXGGold-backed token drained from victimMay 250xcb5811...d633Relay.link Relayer → Drainer #14.680 ETHInbound bridge receiptMay 250xad3ee71e425192734ade50a40ca26d2140f66cf33cf9d06ad29167a5ccec79ccRelay.link Relayer → Drainer #13.127 ETHInbound bridge receiptMay 250x9ca97bea5de3f2677a06e45ac61b9ceeceefc81e738ae99345769eb60076715eRelay.link Relayer → Drainer #11.830 ETHInbound bridge receiptMay 250x96d703...7b0eDrainer #1 → Relay.link0.001 ETHTest/probe txMay 250x76bb7ae7360056f16774c58201fc844a4aa75dd1d15dfc28fd96c17e7a00365fDrainer #1 (Base) → Relay.link3.135 ETHCross-chain bridge Base→Ethereum confirmedMay 250x428c0f...c017Feeder 0xca7d...4589 → Drainer #10.892 ETHFund consolidationCross-chain bridge confirmed (Relay protocol):TX 0x76bb7ae7360056f16774c58201fc844a4aa75dd1d15dfc28fd96c17e7a00365f (Base) bridges 3.135 ETH → Ethereum main drainer, destination TX 0xad3ee71e425192734ade50a40ca26d2140f66cf33cf9d06ad29167a5ccec79ccNEAR Intents bridge detected:Two NEAR Intents inbound deliveries totaling 2.260 ETH (0x39a85b...ef79 + 0xec85c5...2c8b), suggesting funds were laundered through the NEAR protocol ecosystem before being returned to Ethereum.🔴 Drainer Wallet #20x2fC25F46cC49D226eF92E9A7665f3d2821F3c5E2 High-volume batch collector — 51 inbound transactions in 72 hoursActivity window: May 23 – May 25, 2026 (51 traced transactions — most recent activity: May 25, 2026)This wallet's transaction profile is highly abnormal: the vast majority of inbound txs originate from 0xca11bde05977b3631167028862be2a173976ca11, which is the canonical Multicall3 contract deployed at the same address across all EVM chains. This is a hallmark of the AngelFerno drainer kit — it batches victim asset sweeps using Multicall3 to maximize throughput per block and reduce per-victim gas costs.DateTX HashAmountNotesMay 240x3667fa7015f66af98c0b2fe6deefda170665ed54cec10d8424866d970c4869a317.58 ETHLargest single Multicall3 sweepMay 240xb08a80b1b9ac26cf55a23e1479601a2cfe568a01e563f9d4e97f8f50a8617bb111.43 ETHMulticall3 batch drainMay 240x348886dcf90959a019a1a62a105f52701f533bcf4292b67b0ea3beec8625ed2f11.40 ETHMulticall3 batch drainMay 230x6727ce4b417c3ade48c7a73ec1de7e99a367ffb403f7c630c6fd9331e68bda57617B KISHU tokensMeme token sweepMay 250xa14c313b684c3eddaec8e1cdc6332a6d8eb2e4f998c9376661c9611a52187039170K ORX tokensToken sweepThe 30+ additional inbound transactions from 0xca11 across May 24–25 represent a rolling wave of victim drains occurring in near real-time.🟡 Key Intermediary / Hop AddressesAddressRoleEvidence0xe245f57734ef7f2a868cc549ca1003e658781b3aLayering hop walletReceived 3.845 ETH from Drainer #1 (TX: 0xaec8e69ebd54c5673a983d389f619b85c5a7ddc8ff1f552dbaf797bcdafe85d9); also receives gas from Multicall30x02e5be68d46dac0b524905bff209cf47ee6db2a9Token dump aggregatorReceives PAXG, Mog, XEN, PERP, NMT, SPCX, sato — likely sells via OTC or DEX0xca7ded7e4f4ba8ab3b10009236ae6d1b95094589Feeder wallet AConsolidates ETH to Drainer #1: 0.892 ETH + 0.290 ETH0xada5bb90d0de0bd1b6f3938708f49295a8d1f7cbFeeder wallet BMinor ETH top-up to Drainer #1 (0.035 ETH)0x4cd00e387622c35bddb9b4c962c136462338bc31Relay.link bridgeConfirmed cross-chain movement Base ↔ Ethereum0x2cff890f0378a11913b6129b2e97417a2c302680NEAR Intents bridgeRouted 2.26 ETH through NEAR protocol ecosystemCURRENT STATUS OF FUNDS (as of May 26, 2026)Drainer #1 — 0x37925684BA178821b4436E06e67f5dBD6cfA49BbTotal current portfolio: ~$169,268ChainAssetBalanceEst. USDEthereumETH (native)~62 ETH equivalent$162,138BaseUSDC6,577.83 USDC~$6,578BaseaBasWETH (Aave)0.2599 WETH~$544BaseAERO0.0795~$0.08EthereumKISHU Inu108.9B~traceEthereumORX30,016—PolygonMATIC~$4.40dustBNB ChainBNB~$3.91dust⚠️ ACTIVE: ~$6,578 USDC still parked on Base chain + ~$162K ETH value on Ethereum. No CEX deposit detected yet for these funds — the attacker is holding or continuing to launder.Drainer #2 — 0x2fC25F46cC49D226eF92E9A7665f3d2821F3c5E2Total current portfolio: ~$228 (Polygon MATIC) + tokensChainAssetBalanceNotesPolygonMATIC~$227.93EthereumKISHU Inu617BMeme token — low liquidityEthereumORX170,092IlliquidAvalancheAVAX$0.00Swept/emptiedArbitrumETH$0.00Swept/emptiedFinding: Drainer #2 has been nearly fully swept outbound — ETH was consolidated and moved. The Multicall3 batch operations flooding this address represent the actual drain engine; the real ETH value has been passed through and laundered onward. The residual KISHU/ORX tokens are likely to be OTC-sold or simply abandoned.ANALYSIS & RECOMMENDATIONSLaundering Architecture — Confirmed TechniquesThe AngelFerno campaign employs a 4-layer laundering stack:Layer 1 — Victim Drain (via Malicious Approval): Victims sign an approve() transaction on the phishing site, granting the drainer contract unlimited allowance. AngelFerno uses the Multicall3 contract (0xca11bde05977b3631167028862be2a173976ca11) to batch-sweep all victim assets in a single block — ETH, ERC-20 stablecoins, LP tokens, and NFTs simultaneously.Layer 2 — Token Conversion (via DEX aggregators): Stolen tokens (USDC, USDT, PAXG, meme tokens) are routed through 0x Protocol (0x0000000000001ff3684f28c67538d4d072c22734) and Uniswap V2 Router to convert into ETH or USDC — a standard "dirty → clean native" laundering step.Layer 3 — Cross-Chain Layering (Relay + NEAR Intents): Proceeds are bridged across chains to break the on-chain trace:Relay.link bridge confirmed (Base ↔ Ethereum): TX 0x76bb7ae7360056f16774c58201fc844a4aa75dd1d15dfc28fd96c17e7a00365fNEAR Intents bridge: 2.26 ETH routed through NEAR ecosystem and returned to EthereumStargate Finance USDT bridge: 5,098 USDT bridged outbound (May 12)Layer 4 — Consolidation & Off-ramp (Pending): No confirmed CEX deposit detected yet. Current holding pattern (~$169K on Drainer #1) suggests the operator is either waiting for Google to remove the ads and then bulk cashing out, or has a private OTC arrangement. The token dump address 0x02e5be68d46dac0b524905bff209cf47ee6db2a9 receives illiquid tokens and is the likely OTC/DEX liquidation point.Phishing Infrastructure Patterns (OSINT-confirmed)TechniqueDetailsPunycode / Cyrillic domainsURLs using Cyrillic homoglyph substitution (e.g., uniswаp.org with Cyrillic 'а') — visually indistinguishable from real domainHidden iframesMalicious approval payload embedded in hidden iframes to evade Google's ad review crawlersCompromised advertiser accountsOperators buy/steal aged Google Ads accounts with established reputation to pass automated reviewCloakingServes different content to Google's review bots vs. real users (real users get drainer, bots get legit Uniswap clone)GraphQL proxyProxies Uniswap's own GraphQL endpoint to display victim's real wallet balance inside the phishing UI — reinforces legitimacy and enables targeted draining of the highest-value positionsScam-as-a-ServiceAngelFerno is a commercial kit — operators pay a % of stolen funds to the AngelFerno developersRisk ScoreMetricScoreOverall Risk Score🔴 98/100 — CRITICALMoney Laundering Probability97%Cross-chain obfuscation✅ Confirmed (Relay + NEAR Intents + Stargate)DEX laundering✅ Confirmed (0x Protocol, Uniswap V2)Mixer usage❌ Not detected (yet)CEX deposit (KYC exposure)⚠️ Not yet confirmed — funds still heldActive campaign status🔴 LIVE — last drain May 25, 2026 (≤24h ago)Attribution to AngelFerno family✅ High confidence (Multicall3 batch pattern, SEAL/Protos confirmation)Recommended ActionsImmediate (0–24 hours):Relay.link cooperation request — Relay bridge confirmed funds movement between Base and Ethereum. Contact Relay.link security team with TX 0x76bb7ae...365f and 0xad3ee71...79cc to identify any linked KYC data or IP logs.NEAR Intents / NEAR Foundation cooperation — Two NEAR Intents bridge deliveries totaling 2.26 ETH. The NEAR-side source address may be traceable and may be linked to a NEAR-registered entity.Google Ads abuse report escalation — File formal abuse reports with Google's Trust & Safety team citing both drainer wallet addresses, the Multicall3 drain pattern, and SEAL's documented campaign tracking. Uniswap Labs and ZachXBT have already applied public pressure; a formal legal hold request from law enforcement would be more effective.Victim alert distribution — Broadcast both drainer addresses (0x37925684BA178821b4436E06e67f5dBD6cfA49Bb and 0x2fC25F46cC49D226eF92E9A7665f3d2821F3c5E2) and the hop wallet (0xe245f57734ef7f2a868cc549ca1003e658781b3a) to all major CEXs for pre-emptive freeze requests. If the operator attempts to cash out via Binance, Coinbase, Kraken, OKX, or Bybit, these flags will trigger compliance review.Revoke emergency advisory — Victims who interacted with any Uniswap-lookalike site in the past 30 days should immediately check and revoke all token approvals via revoke.cash or [filtered].io/tokenapprovalchecker.Follow-up (24–72 hours):Trace 0x02e5be68d46dac0b524905bff209cf47ee6db2a9 — This token dump aggregator receives all illiquid stolen tokens (PAXG, Mog, XEN, PERP, NMT, SPCX). It may interact with a known OTC desk or NFT marketplace that has KYC.Trace 0xe245f57734ef7f2a868cc549ca1003e658781b3a — The 3.845 ETH hop from Drainer #1 is parked here with minimal outbound activity. This wallet may be staged for a future CEX deposit. Monitor urgently.SEAL coordination — Security Alliance is actively tracking this campaign (356+ malicious ads blocked). Share this trace with SEAL radar at radar.securityalliance.org.Base chain follow-up — Drainer #1 holds 6,577 USDC and 0.26 WETH deposited into Aave (aBasWETH) on Base. This Aave position may be unwound in coming days; monitor the Base chain activity of 0x37925684BA178821b4436E06e67f5dBD6cfA49Bb closely.Fund Recovery Feasibility: MODERATE-LOW. The ~$169K currently held by Drainer #1 has not yet been deposited to a regulated CEX — this is the window for a freeze request. However, if the operator off-ramps via OTC or DEX, recovery becomes effectively impossible. Time is critical.

A SquidRouterModule exploit reportedly hit Safe accounts across Ethereum and Base, draining roughly $3.2 million before funds were consolidated into DAI.WHAT HAPPENED:Attackers abused missing identity validation in SquidRouterModule and used a Foundry-based exploit contract to call the DelegateBundler route.The result:• 86 Safe accounts affected• USDC, ENA, and USDT drained• Assets swapped through attacker-seeded Uniswap V3 pools• Around 3.07 million DAI consolidated after laundering stepsLAUNDERING FLOW:The attack path shows clear pre-planning:→ Tornado Cash-funded attacker EOA→ Exploit execution across Safe wallets→ Liquidity manipulation through worthless “u” token pools→ DAI conversion→ Relay.link and NEAR Intents Bridge movement attemptsKey addresses to monitor:• Attacker EOA: 0x9bdc730183821b6bb2b51be30b77c964fa645b91• DAI hub: 0xa447f71782135ab96a71374271a749ff7aa54859• Unknown 90 ETH wallet: 0xe12e0f117d23a5ccc57f8935cd8c4e80cd91ff01CHAINBOUNTY ANALYSIS:This was not a simple wallet drain. It targeted Safe execution infrastructure and abused delegated transaction pathways at scale.The Tornado Cash funding, attacker-seeded liquidity pools, and rapid DAI consolidation suggest a prepared operation rather than opportunistic theft.The current priority is a freeze-versus-bridge race. If the 3.07 million DAI hub has not exited to centralized venues, blacklist coordination may still reduce recovery loss.PROTECT YOURSELF:• Revoke SquidRouterModule permissions on Safe wallets immediately• Review delegated module routes connected to treasury execution• Monitor DAI consolidation wallets before funds move through bridges or swap aggregators

Verus Bridge Exploit: How a $10 Transaction Drained $11.4 MillionOn May 18, 2026, the Verus-Ethereum Bridge lost approximately $11.4 million in a single exploit transaction. The attacker paid roughly $10 in fees. The bridge released everything.What makes this incident especially alarming is that the system behaved exactly as designed.This exploit exposed a deeper structural weakness still present across many cross-chain bridges in DeFi.What Happened?The Verus-Ethereum Bridge enables asset transfers between the Verus blockchain and Ethereum.The protocol relied on a notary system where at least 8 out of 15 notaries had to cryptographically sign a state root before it was accepted as valid.The bridge successfully verified those signatures.But it failed to verify whether the underlying assets on the Verus side actually existed.According to Blockaid, the root cause was:“Missing source-amount validation in the checkCCEValues process.”In simple terms, the attacker was able to create a cross-chain transfer request with an empty source-side payload. No real assets were locked on the Verus chain.The notaries signed the state root because the cryptographic structure itself appeared valid. The bridge then accepted that state and released real funds from its Ethereum reserves.The result: approximately $11.4 million drained from the bridge.This Isn’t a New Type of AttackThe attack category is painfully familiar.Major bridge exploits caused by source-destination validation failures include:Wormhole — $325M lostNomad — $190M lostFour years later, the same fundamental validation issue is still being exploited.Pre-Attack ActivityRoughly 14 hours before the exploit, the attacker’s execution wallet received 1 ETH from Tornado Cash.Tornado Cash Funding Address0x47ce0c6ed5b0ce3d3a51fdb1c52dc66a7c3c2936Attacker Execution Wallet0x5aBb91B9c01A5Ed3aE762d32B236595B459D5777This type of pre-funding pattern closely resembles operational behavior previously associated with organized threat actors, including Lazarus Group-linked activity seen before the Drift Protocol and KelpDAO exploits in April 2026.Attribution in the Verus incident remains unconfirmed.The Exploit TransactionExploit Transaction Hash0x6990f01720f57fc515d0e976a0c4f8157e0a9529194c4c15d190e98d087eb321Target Bridge Contract0x71518580f36feceffe0721f06ba4703218cd7f63The stolen assets were moved into the following holding wallet:Holding Wallet0x65Cb8b128Bf6e690761044CCECA422bb239C25F9Assets DrainedImmediately after the exploit, the attacker swapped the stolen tBTC into ETH using a swap contract.tBTC Swap Contract0x00000011f84b9aa48e5f8aa8b9897600006289beAfter consolidation, the attacker controlled approximately:5,402 ETH (~$11.4M)Where Did the Money Go?The stolen funds split into two major routes.Route A — USDC Flow Into BinanceThe USDC funds were routed through a DEX address before reaching a Binance deposit wallet. Holding Wallet ↓ DEX Routing Address 0xbee3211ab312a8d065c4fef0247448e17a8da000 ↓ ⚠ Binance Deposit Address 0xb300000b72deaeb607a12d5f54773d1c19c7028d Additional WETH and USDT inflows were also detected at the Binance deposit address.This is currently the strongest actionable lead in the investigation.If Binance compliance responds quickly, investigators may still have an opportunity to:Freeze assetsIdentify linked KYC accountsTrace additional laundering activityRoute B — ETH Laundering PathThe ETH moved through an intermediate address before disappearing further downstream. Holding Wallet ↓ Intermediate Address 0x83928b7f2a85bdde9854f27a1e78aac29316f23b ↓ Current Balance: 0 ETH Final Destination: UNKNOWN The ETH has already left the intermediate address.Investigators are now monitoring for:Mixer usageAdditional bridge hopsExchange depositsOTC cash-out activityPriority Actions1. Emergency Binance Freeze RequestCritical address:0xb300000b72deaeb607a12d5f54773d1c19c7028dBecause the wallet received direct exploit proceeds, there is sufficient basis for an emergency freeze request and KYC disclosure inquiry.Every hour matters.2. Continue ETH Route TrackingTracking target:0x83928b7f2a85bdde9854f27a1e78aac29316f23bAll outbound transactions from this address should be mapped and flagged across major exchanges before the attacker reaches a successful cash-out point.The Bigger Problem With Bridge SecurityAccording to PeckShield, at least eight major bridge exploits occurred between February and mid-May 2026, resulting in combined losses exceeding $328.6 million.The Verus exploit is simply the latest example.The economics are staggering:Attack cost: ~$10Profit: ~$11.4MEstimated ROI: ~1,140,000xWhat makes this even more frustrating is that the fix appears relatively straightforward.According to Blockaid, the bridge needed an additional validation step to confirm source-side asset amounts before releasing destination-side funds.That validation did not exist.And it is the same class of failure that contributed to the Wormhole and Nomad exploits years earlier.Final ThoughtsThe Verus Bridge exploit was not just a smart contract bug.It exposed a broader issue still affecting cross-chain infrastructure today:Many bridges verify cryptographic validity without verifying actual economic reality.A valid signature does not necessarily mean valid collateral exists.Until cross-chain security standards enforce both layers of verification, bridges will likely remain one of the most heavily exploited sectors in DeFi.

활동하는 재미가 없네요

test

Blockchain Forensics Investigation ReportDrift Protocol, Solana’s leading decentralized perpetual futures exchange by TVL, suffered a critical exploit on April 1, 2026, with losses estimated at $285 million. The scale of the breach positions it as the most significant DeFi exploit of 2026 and among the largest historically.

Drift Protocol Exploit - Forensic Investigation Report Generated: 2026-04-02 15:07 Date of Incident: April 1, 2026 Report Generated: April 2, 2026 Document Type: Blockchain Forensic Investigation Report Chains Involved: Solana, Ethereum (Cross-Chain) Total Estimated Loss: ~$285,000,000 USD Attribution: DPRK-linked Threat Actor (Lazarus Group) - High Confidence (Elliptic)Classification: Confidential - Law Enforcement / Compliance Use1. Executive Summary Drift Protocol, the largest decentralized perpetual futures exchange on Solana by total value locked, suffered a catastrophic exploit on April 1, 2026, resulting in approximately $285 million USD in stolen assets. This makes it the largest DeFi exploit of 2026 and one of the largest in DeFi history.The attacker combined three sophisticated vectors: (1) compromise of the Drift Security Council multi-sig administrator key via a durable nonces attack, (2) minting and oracle manipulation of a fictitious "CarbonVote Token" (CVT) used as fraudulent collateral, and (3) systematic draining of all Drift vaults across multiple asset classes.Following the exploit, stolen assets were rapidly liquidated via the Jupiter DEX aggregator on Solana, bridged cross-chain to Ethereum via Wormhole, deBridge, and Circle's CCTP, and converted to ETH via multiple DEX aggregators (KyberSwap, 0x Protocol, CowSwap, OpenOcean). As of the time of reporting, approximately 19,913+ ETH (~$42.6M+) is held across unlabeled Ethereum wallets with additional USDC awaiting conversion.Security firm Elliptic has attributed this exploit to DPRK-linked threat actors (Lazarus Group), citing near-identical methodology to the Bybit $1.5B hack of February 2025.Key findings:The attacker wallet HkGz4KmoZ7Zmk7HN6ndJ31UJ1qZ2qgwQxgVqQwovpZES was created 8 days prior to the exploit and made test swaps on OKX and Jupiter as pre-staging.Circle had a ~6-hour window to freeze USDC via CCTP but failed to act, allowing tens of millions in stolen USDC to be converted to ETH.Funds are currently held in multiple Ethereum wallets, and further obfuscation (Tornado Cash, additional bridging) is considered imminent.2. Attack Timeline Time (UTC)EventTransaction / Address11:06 UTC First drain: 41M JLP tokens transferred from Drift Vault Solana: HkGz4KmoZ7Zmk7HN6ndJ31UJ1qZ2qgwQxgVqQwovpZES 11:07-11:15 Batch draining across all asset classes (USDC, SOL, WETH, WBTC) Multiple Drift vault contracts on Solana ~11:15-11:40 Rapid Jupiter DEX swaps - all stolen tokens converted to USDC/SOL Jupiter Aggregator, Solana ~11:40-13:00 Funds distributed to 5+ Solana intermediary wallets for layering 8ubo4HbWJHKyFJYJc2Gh74dxCP7bN7Fu2Pi13KZ9rGxw, mfDuWeQsHeqtFVYZ7LoExgak9dxK7Cy4DfjwjwMGvwA, 7z73WkGcFc5XwuHsLHU6McBZhHGeG7VZvUnsvN21ipsu, 57zj6DxxCeWZPj9beYKb5XjGZvgG4HqDaLLBiruFBsjM 13:00-17:00 Cross-chain bridging: Wormhole (x10), deBridge, CCTP Solana Bridge hub: 8ubo4HbWJHKyFJYJc2Gh74dxCP7bN7Fu2Pi13KZ9rGxw 13:30 UTC First USDC arrives on Ethereum at primary receiver 0xFcC47866Bd2BD3066696662dbd1C89c882105643 ~13:30-17:49 USDC converted to ETH via KyberSwap, 0x Protocol, CowSwap 0xeF4326f42f2Eb656C58fAbF8b1d3298DC2Ab80c6, 0xfE837a3530dD566401d35BEFcd55582af7c4dFFC ~17:49 UTC 19,913 ETH ($42.6M) confirmed accumulated across Ethereum holding wallets 0xbDdAe987FEe930910fCC5aa403D5688fB440561B, 0xAa843eD65C1f061F111B5289169731351c5e57C1 17:00-ongoing SOL consolidation on Solana into holding wallets 6fhfn98cRC786cSfSraLNb61GDGs7dvEVgVmwCSw1ggD Apr 1-Apr 2 Elliptic issues DPRK attribution, ZachXBT publicly criticizes Circle Public intelligence 3. Stolen Assets Token Approximate Amount Stolen Estimated USD Value JLP (Jupiter LP Token)~41,000,000 tokens~$155,000,000USDC~90,000,000+~$90,000,000SOL (native/wrapped)~980,000 SOL~$82,000,000WETH~5,557 WETH~$11,800,000cbBTC~164 cbBTC~$11,300,000WBTC~282 WBTC~$19,500,000USDT~5,600,000~$5,600,000USDS~5,250,000~$5,250,000Other (misc DeFi tokens)-~$4,550,000TOTAL-~$285,000,0004. Fund Flow Analysis 4.1 Solana Primary Drain and Layering The primary attacker wallet HkGz4KmoZ7Zmk7HN6ndJ31UJ1qZ2qgwQxgVqQwovpZES initiated the drain directly from Drift Protocol vaults. A total of 563 transactions were identified across the 5-hop tracing window, involving 63 unique addresses. All stolen assets were immediately liquidated via the Jupiter DEX aggregator into USDC and SOL. Funds were then distributed across at least 5 Solana intermediary wallets to begin layering:Hop From Address To Address Amount Role 1Drift VaultHkGz4KmoZ7Zmk7HN6ndJ31UJ1qZ2qgwQxgVqQwovpZES~$285M (all assets)Primary drainer2HkGz4KmoZ7Zmk7HN6ndJ31UJ1qZ2qgwQxgVqQwovpZES8ubo4HbWJHKyFJYJc2Gh74dxCP7bN7Fu2Pi13KZ9rGxw~$190M+ USDC/SOLBridge hub/primary launderer2HkGz4KmoZ7Zmk7HN6ndJ31UJ1qZ2qgwQxgVqQwovpZESmfDuWeQsHeqtFVYZ7LoExgak9dxK7Cy4DfjwjwMGvwA~$25MIntermediary A2HkGz4KmoZ7Zmk7HN6ndJ31UJ1qZ2qgwQxgVqQwovpZES7z73WkGcFc5XwuHsLHU6McBZhHGeG7VZvUnsvN21ipsu~$30MIntermediary B2HkGz4KmoZ7Zmk7HN6ndJ31UJ1qZ2qgwQxgVqQwovpZES57zj6DxxCeWZPj9beYKb5XjGZvgG4HqDaLLBiruFBsjM~$22M (WBTC/SOL)Intermediary C2HkGz4KmoZ7Zmk7HN6ndJ31UJ1qZ2qgwQxgVqQwovpZESENjbZEiaN6Jje2CyvSHN2pRFRQvZyoSzWPxiQfDtB5sk~$12M WETHIntermediary D37z73WkGcFc5XwuHsLHU6McBZhHGeG7VZvUnsvN21ipsu6fhfn98cRC786cSfSraLNb61GDGs7dvEVgVmwCSw1ggDLarge SOLSOL Consolidation38ubo4HbWJHKyFJYJc2Gh74dxCP7bN7Fu2Pi13KZ9rGxwWormhole Bridge~$150M USDCCross-chain bridge (x10)38ubo4HbWJHKyFJYJc2Gh74dxCP7bN7Fu2Pi13KZ9rGxwdeBridge$684,358 USDCCross-chain bridge38ubo4HbWJHKyFJYJc2Gh74dxCP7bN7Fu2Pi13KZ9rGxwCircle CCTP~$40M+ USDCCross-chain bridge4.2 Cross-Chain Bridge - Solana to Ethereum 11 bridge transactions were confirmed from the primary launderer address 8ubo4HbWJHKyFJYJc2Gh74dxCP7bN7Fu2Pi13KZ9rGxw:Bridge Protocol Count Amount Destination Chain Wormhole10~$150M USDCEthereumdeBridge1$684,358 USDCEthereumCircle CCTPMultiple~$40M+ USDCEthereumAll bridge proceeds were routed to the Ethereum primary receiver: 0xFcC47866Bd2BD3066696662dbd1C89c882105643.4.3 Ethereum Conversion and Accumulation A total of 88 transactions were identified across the 5-hop Ethereum tracing window, involving 7 unique addresses.Hop From Address To Address Amount Action 1Bridge (Wormhole/CCTP)0xFcC47866Bd2BD3066696662dbd1C89c882105643~$190M+ USDCPrimary ETH receiver20xFcC47866Bd2BD3066696662dbd1C89c8821056430xfE837a3530dD566401d35BEFcd55582af7c4dFFCLarge USDCUSDC to ETH swap wallet20xbDdAe987FEe930910fCC5aa403D5688fB440561B0xFcC47866Bd2BD3066696662dbd1C89c882105643~13,000 ETHETH holding wallet B20xFcC47866Bd2BD3066696662dbd1C89c8821056430xAa843eD65C1f061F111B5289169731351c5e57C1~19,913 ETHETH holding wallet C30xfE837a3530dD566401d35BEFcd55582af7c4dFFC0xeF4326f42f2Eb656C58fAbF8b1d3298DC2Ab80c6Large USDCDEX swap router (KyberSwap/0x/CowSwap)30xfE837a3530dD566401d35BEFcd55582af7c4dFFC0x81d40f21f12a8f0e3252bccb954d722d4c464b64~$35M+ USDCUSDC aggregation wallet5. Attack Pattern Analysis 5.1 Attack Technique Classification Technique Description Admin Key CompromiseDrift Security Council multi-sig key obtained via durable nonces attack - pre-signed transactions triggered atomically.Oracle Manipulation / Flash Collateral ExploitFake CarbonVote Token (CVT) minted (750M units), seeded with ~$500 liquidity on Raydium, listed on Drift spot market via compromised admin key to inflate oracle price. Inflated CVT used as collateral to borrow and drain all real vault assets.Automated Scripted ExecutionAll 563+ Solana transactions executed within minutes using automated scripts - no human delays between hops.DEX LiquidationJupiter DEX aggregator used to immediately convert all heterogeneous tokens (JLP, WBTC, WETH, cbBTC) into fungible USDC/SOL.Multi-Wallet LayeringFunds split across 5+ intermediary wallets simultaneously for layering before bridging.Cross-Chain Obfuscation3 bridges used simultaneously (Wormhole, deBridge, CCTP) to move funds to Ethereum and complicate tracing.Stablecoin-to-Native SwapAll USDC converted to ETH on Ethereum via 4 DEX aggregators - removes stablecoin freeze risk.Multi-Wallet ETH AccumulationETH accumulated across 3+ unlabeled wallets - classic Lazarus holding pattern.5.2 Obfuscation Strategy Assessment The laundering chain demonstrates 5-layer obfuscation:Layer 1 - Token Diversification: Stolen assets span 8 different tokens across Drift vaults.Layer 2 - Rapid DEX Conversion: All tokens immediately converted to USDC/SOL via Jupiter (removes non-fungible value).Layer 3 - Address Splitting: Funds distributed to 5+ Solana intermediary wallets in parallel.Layer 4 - Cross-Chain Bridge (x3): Three different bridge protocols used to move to Ethereum, complicating chain-of-custody tracing.Layer 5 - Stablecoin Elimination: USDC converted to ETH to remove stablecoin freeze risk from Circle/Tether.This pattern is directly consistent with the Bybit $1.5B Lazarus Group hack of February 2025 and the Ronin Bridge hack of March 2022.6. Key Addresses Reference Table Address Chain Role Identified By HkGz4KmoZ7Zmk7HN6ndJ31UJ1qZ2qgwQxgVqQwovpZESSolanaPrimary Attacker / DrainerFirst tx 8 days pre-attack; direct vault drain8ubo4HbWJHKyFJYJc2Gh74dxCP7bN7Fu2Pi13KZ9rGxwSolanaPrimary Launderer / Bridge Hub11 confirmed bridge TXs outboundmfDuWeQsHeqtFVYZ7LoExgak9dxK7Cy4DfjwjwMGvwASolanaIntermediary Wallet AReceived from primary attacker7z73WkGcFc5XwuHsLHU6McBZhHGeG7VZvUnsvN21ipsuSolanaIntermediary Wallet BReceived from primary attacker57zj6DxxCeWZPj9beYKb5XjGZvgG4HqDaLLBiruFBsjMSolanaIntermediary Wallet C (WBTC/SOL)Received from primary attackerENjbZEiaN6Jje2CyvSHN2pRFRQvZyoSzWPxiQfDtB5skSolanaIntermediary Wallet D (WETH)Received from primary attacker6fhfn98cRC786cSfSraLNb61GDGs7dvEVgVmwCSw1ggDSolanaSOL Consolidation WalletDownstream of Intermediary B0xFcC47866Bd2BD3066696662dbd1C89c882105643EthereumPrimary ETH ReceiverWormhole/CCTP bridge destination0xfE837a3530dD566401d35BEFcd55582af7c4dFFCEthereumUSDC-ETH Swap WalletDownstream of ETH primary receiver0xeF4326f42f2Eb656C58fAbF8b1d3298DC2Ab80c6EthereumDEX Swap Router (KyberSwap/0x/CowSwap)USDC-ETH conversion contract router0xbDdAe987FEe930910fCC5aa403D5688fB440561BEthereumETH Holding Wallet B (~13K ETH)Downstream of ETH primary receiver0xAa843eD65C1f061F111B5289169731351c5e57C1EthereumETH Holding Wallet C (~19.9K ETH)Downstream of ETH primary receiver0x81d40f21f12a8f0e3252bccb954d722d4c464b64EthereumUSDC Aggregation Wallet (~$35M+)Downstream of USDC-ETH swap wallet7. Exchange Deposit Analysis As of the time of this report, no labeled exchange deposit addresses have been confirmed in the traced fund flow. Funds appear to be held in unlabeled Ethereum wallets pending further laundering steps.Status Assessment Exchange deposits identifiedNone confirmed as of Apr 2, 2026.Likely next stepsTornado Cash / privacy protocol usage; further cross-chain movement (TRON, Monero); P2P OTC off-ramp.Stablecoin freeze windowCRITICAL: ~$35M USDC in 0x81d40f21f12a8f0e3252bccb954d722d4c464b64 - freeze request to Circle required immediately.ETH freeze feasibilityLow - ETH is not freezable by issuer; requires exchange cooperation when deposited.KYC feasibilityPossible if attacker deposits to a KYC exchange; continuous monitoring required.Critical note on Circle CCTP failure: ZachXBT publicly documented that Circle had approximately a 6-hour window during which stolen USDC was actively being bridged via CCTP from Solana to Ethereum. Circle failed to freeze the funds during this window, allowing the conversion of tens of millions in USDC to ETH, placing those funds beyond the reach of stablecoin issuers. Immediate remediation of Circle's incident response protocols is recommended.8. Recommendations Immediate Actions (0-24 hours) Priority Action Target Entity Target Address CRITICALFreeze remaining USDC - Contact Circle immediatelyCircle0x81d40f21f12a8f0e3252bccb954d722d4c464b64CRITICALMonitor ETH holding wallets - Flag all outbound TXsOn-chain monitoring0xAa843eD65C1f061F111B5289169731351c5e57C1, 0xbDdAe987FEe930910fCC5aa403D5688fB440561BCRITICALExchange pre-alert - Notify all major CEXs (Binance, Coinbase, Kraken, OKX) of attacker addressesAll major exchangesAll Ethereum holding walletsCRITICALOFAC/FBI referral - Submit DPRK attribution evidence for sanctions designationUS Government agenciesAll identified attacker addressesHIGHTether freeze request - USDT held in Solana intermediary walletsTetherSolana intermediary walletsHIGHBridge KYC request - Wormhole, deBridge records for bridge hub addressWormhole Foundation, deBridge8ubo4HbWJHKyFJYJc2Gh74dxCP7bN7Fu2Pi13KZ9rGxwOngoing Investigation Actions Priority Action Details HIGHContinue tracing 0x81d40f21f12a8f0e3252bccb954d722d4c464b64~$35M+ USDC - trace downstream hops to find exchange deposit.HIGH6fhfn98cRC786cSfSraLNb61GDGs7dvEVgVmwCSw1ggD - large SOL consolidation unresolvedTrace Solana SOL wallets.MEDIUMLazarus Group known to bridge to Tron for final off-rampMonitor Tron/XRP chains.MEDIUMTornado Cash monitoringSet up monitoring for ETH holding wallets depositing to Tornado Cash contracts.MEDIUMPre-attack address OSINTFull OSINT on HkGz4KmoZ7Zmk7HN6ndJ31UJ1qZ2qgwQxgVqQwovpZES; test swaps on OKX may reveal KYC-linked accounts.9. Conclusion The Drift Protocol exploit represents a highly sophisticated, well-planned state-sponsored attack consistent with North Korea's Lazarus Group. The attacker demonstrated advanced knowledge of Drift's internal architecture, Solana's durable nonce mechanism, and DeFi bridging infrastructure. The attack was executed with near-perfect operational security: pre-staged wallets, automated transaction scripting, multi-bridge simultaneous execution, and immediate stablecoin-to-native conversion.Fund recovery feasibility assessment:~$35M USDC in 0x81d40f21f12a8f0e3252bccb954d722d4c464b64 is recoverable if Circle acts immediately.~32,913+ ETH (~$70M+) in Ethereum holding wallets is partially recoverable if CEX deposits are detected before further laundering.Solana SOL holdings are partially recoverable via exchange cooperation.Converted ETH is at risk of imminent Tornado Cash deposit or further cross-chain movement.Overall recovery window: CRITICAL (24-72 hours). Immediate multi-stakeholder coordination between Drift Protocol, Circle, Tether, Wormhole Foundation, major CEXs, FBI, and OFAC is essential to maximize recovery probability.Crime type determination: Organized cybercrime / state-sponsored theft - DPRK Lazarus Group (High Confidence, per Elliptic).This report was generated by SentinelTX Blockchain Forensic Intelligence Platform. All findings are based on publicly available on-chain data and open-source intelligence. This report is intended for law enforcement, compliance, and legal proceedings use. Appendix: Fund Flow Diagram (Diagram reference included in the original report structure) (Diagram reference included in the original report structure)

How automated bots and shared infrastructure revealed a 10-month-old organized crime syndicate.The blockchain never forgets, but it can be incredibly complex to navigate. Recently, ChainBounty conducted a deep-dive forensic investigation into a significant asset theft involving $SUBY and other Solana-based tokens. What began as a single incident report evolved into the discovery of a professional, long-standing scam infrastructure that has now led to an active criminal investigation by the Cyber Crime Investigation Division in Seoul, South Korea.1. The Incident: Precision and AutomationOn May 30, 2025, a victim’s wallet was drained of approximately 8.2 million $SUBY tokens, along with $SSE and $DAW. The speed of the transfer was alarming.Our forensic analysis revealed that this wasn’t a manual operation. The assets were moved to an intermediary wallet (46S5bgHq...) and immediately processed through automated scripts. These bots executed swaps into stablecoins and distributed funds across multiple "hop" wallets with 0-second latency, ensuring the trail became as fragmented as possible within minutes.2. Identifying the “Cash Out” InfrastructureBy tracing the flow of stolen assets, we identified two primary exit points: Bitget Exchange and FixedFloat (a mixing service). While some deposits to these platforms occurred shortly before or after the specific $SUBY theft, our “Infrastructure Analysis” proved a definitive link. We discovered a massive, interconnected network:27 Common Fee Payers: A cluster of wallets consistently funded the gas fees for the attack wallets.63 Shared Addresses: These wallets acted as a central hub for multiple thefts over a 10-month period.The Forensic Anomaly: Why tracking the criminal organization is more effective than tracking the tokens aloneThis confirms that the attackers are not “lone wolves” but an organized syndicate operating a “Scam-as-a-Service” model on the Solana network.3. The Evidence: The Smoking GunThe most compelling evidence of organized crime was the Machine-like Transfer Patterns. Our timeline analysis showed batch processing intervals of exactly 15 to 28 seconds. This level of synchronization is only possible through a dedicated command-and-control (C2) botnet designed for money laundering.Through our investigation, we identified over $142,430 USDT funneled through the Bitget deposit addresses associated with this specific group.Press enter or click to view image in full sizeInhuman execution: Batch processing and mechanical intervals confirm the use of laundering bots.4. Active Investigation and Next StepsChainBounty has officially submitted this forensic package to the Seoul Metropolitan Police Agency. The investigation is currently focused on:KYC De-anonymization: Working with Bitget to identify the account holders behind the identified deposit addresses.Cross-Chain Tracking: Tracing funds that exited via FixedFloat into Ethereum and Bitcoin.Asset Freezing: Coordinating with exchanges to blacklist and freeze the identified criminal infrastructure.Conclusion: Vigilance in the Web3 EraThis case is a stark reminder that in the world of DeFi, your digital footprint — and that of the hackers — is permanent. At ChainBounty, we are committed to turning the tide against these scam networks.We urge the community to stay vigilant. Do not click on suspicious partnership links or authorize “blind signings” in your wallet. The scammers are professional, but so is our pursuit of justice.Join the Fight. Follow our investigation and report suspicious activities at our community: 🔗 https://community.chainbounty.io 📧 For inquiries: [email protected]

Gm