Revela Move decompiler - link
World's first CPU-level ransomware can "bypass every freaking traditional technology - link
Bitcoin stealer malware found in official printer drivers already stole more than 9 BTC - link
Bountyhunt3rz youtube interviews the top bug bounty hunters in crypto - link
@EthSecurity1
World's first CPU-level ransomware can "bypass every freaking traditional technology - link
Bitcoin stealer malware found in official printer drivers already stole more than 9 BTC - link
Bountyhunt3rz youtube interviews the top bug bounty hunters in crypto - link
@EthSecurity1
revela.verichains.io
Revela Decompiler
Decompile Aptos and Sui smart contracts to recover Move source code.
🔥5❤1
🤔2
Visualize Foundry tests
https://tx-graph-eight.vercel.app
1. Execute Foundry test, output test trace to a JSON file
2. Upload test trace JSON and ABIs (under /out)
3. Run the visualizer
@EthSecurity1
https://tx-graph-eight.vercel.app
1. Execute Foundry test, output test trace to a JSON file
2. Upload test trace JSON and ABIs (under /out)
3. Run the visualizer
@EthSecurity1
🔥5❤2😱2👍1
Bad OPSEC Considered Harmful - link
Model Checking the Security of the Lightning Network - link
Deep Dive into DeFi Derivatives - link
@EthSecurity1
Model Checking the Security of the Lightning Network - link
Deep Dive into DeFi Derivatives - link
@EthSecurity1
Buttondown
Bad OPSEC Considered Harmful
Bad Opsec Considered Harmful I recently became aware of a GitHub repository collecting “Bad OPSEC” cases—instances where people were caught due to mistakes...
🔥5
Seems yesterday privileged emergencyWithdraw() function was used to withdraw ~520k OG tokens (~$516k) to 0x617E8e3C07bEF319F26C1682270A19e89Ea2bf75
@OG_labs
@EthSecurity1
@OG_labs
@EthSecurity1
The old contract of @ribbonfinance has been drained for a total of $2.7M.
Exploit contract: 0x3c212A044760DE5a529B3Ba59363ddeCcc2210bE
Rootcause : oracle manipulation
Theft addresses:
0x354ad0816de79E72452C14001F564e5fDf9a355e
0x2Cfea8EfAb822778E4e109E8f9BCdc3e9E22CCC9
0x255b29642d1B125a0Ce8529aae61Ad19EE636DDf
0x537dee211543CC9CdEcB8690c5Be248D5b287558
0x46300aA369A59139E70F8Ec75ee9B921e5fdfC6F
0x816f6c6cc941364e3d2DA79442310e385043B479
0xB4f7eD0d3eA5256fA5Dfb2C73a1661ffb7f7beDb
0x40B31Ae97468e9Abd56965D1a3e28DDE1c79d0A3
0xDaDfe088422335C7A49D1de2B439e29Cb90EA5Ca
0x936457bEE1366e0bf05Eb52BB4a9FFFe2e7eF465
0x936457bEE1366e0bf05Eb52BB4a9FFFe2e7eF465
0x49CC128345bCF31A02b1B2B81f836f72E24c97bC
0x354ad0816de79E72452C14001F564e5fDf9a355e
0xCf5DF51A10c097140FB3a367281A4f5313725b1F
0x4c0dc529C4252e7Be0Db8D00592e04f878e4F397
@EthSecurity1
Exploit contract: 0x3c212A044760DE5a529B3Ba59363ddeCcc2210bE
Rootcause : oracle manipulation
Theft addresses:
0x354ad0816de79E72452C14001F564e5fDf9a355e
0x2Cfea8EfAb822778E4e109E8f9BCdc3e9E22CCC9
0x255b29642d1B125a0Ce8529aae61Ad19EE636DDf
0x537dee211543CC9CdEcB8690c5Be248D5b287558
0x46300aA369A59139E70F8Ec75ee9B921e5fdfC6F
0x816f6c6cc941364e3d2DA79442310e385043B479
0xB4f7eD0d3eA5256fA5Dfb2C73a1661ffb7f7beDb
0x40B31Ae97468e9Abd56965D1a3e28DDE1c79d0A3
0xDaDfe088422335C7A49D1de2B439e29Cb90EA5Ca
0x936457bEE1366e0bf05Eb52BB4a9FFFe2e7eF465
0x936457bEE1366e0bf05Eb52BB4a9FFFe2e7eF465
0x49CC128345bCF31A02b1B2B81f836f72E24c97bC
0x354ad0816de79E72452C14001F564e5fDf9a355e
0xCf5DF51A10c097140FB3a367281A4f5313725b1F
0x4c0dc529C4252e7Be0Db8D00592e04f878e4F397
@EthSecurity1
😢5
futureSwap Hacked for $267k
rootcause : DAO arbitrary proposal
Attack transaction: https://etherscan.io/tx/0x39e584cdb52adf6b2ed5bb44bfda0e1b254cb0a3925911cc33d842feaf0a8b95
@EthSecurity1
rootcause : DAO arbitrary proposal
Attack transaction: https://etherscan.io/tx/0x39e584cdb52adf6b2ed5bb44bfda0e1b254cb0a3925911cc33d842feaf0a8b95
@EthSecurity1
Ethereum (ETH) Blockchain Explorer
Ethereum Transaction Hash: 0x39e584cdb5... | Etherscan
Call 0xf3147eb0 Method By 0xCD7C839C...0c1a8184E on 0xBc59f04f...4F17bFFA7 | Success | Dec-16-2025 07:52:47 PM (UTC)
Sherlock reported vulnerability to drake exchange - link
34 Auditing Tips for 2026 -link
@EthSecurity1
34 Auditing Tips for 2026 -link
@EthSecurity1
X (formerly Twitter)
SHERLOCK (@sherlockdefi) on X
Sherlock AI reported a High severity vulnerability in @DrakeExchange, an innovative perpetual exchange launching on Monad and currently in active development.
Rounding errors have been the source of some major security incidents in Web3 recently, and Sherlock…
Rounding errors have been the source of some major security incidents in Web3 recently, and Sherlock…
🔥6❤1
yearn finance, railgun, an unverfied contract hacked. oops☹️
X (formerly Twitter)
TenArmorAlert (@TenArmorAlert) on X
🚨TenArmor Security Alert🚨
Our system has detected a suspicious attack involving #RelayAdapt on #ETH, resulting in an approximately loss of $108.7K.
It appears that someone failed to execute the @RAILGUN_Project shield using the RelayAdapt contract, and…
Our system has detected a suspicious attack involving #RelayAdapt on #ETH, resulting in an approximately loss of $108.7K.
It appears that someone failed to execute the @RAILGUN_Project shield using the RelayAdapt contract, and…
😨6😢1
On Oct. 25, El Dorado Exchange
@ede_finance
(https://bscscan.com/address/0xf1d7e3f06af6ee68e22bafd37e6a67b1757c35a9), a GMX fork, lost ~$80k
rootcause: an ELP (LP token) accounting bug. Attacker exploited a mismatch between LP valuation and position accounting, minting ELP from thin air.
@EthSecurity1
@ede_finance
(https://bscscan.com/address/0xf1d7e3f06af6ee68e22bafd37e6a67b1757c35a9), a GMX fork, lost ~$80k
rootcause: an ELP (LP token) accounting bug. Attacker exploited a mismatch between LP valuation and position accounting, minting ELP from thin air.
@EthSecurity1
BNB Smart Chain Explorer
Address: 0xf1d7e3f0...1757c35a9 | BscScan
Contract: Verified | Balance: $42,772.57 across 1 Chain | Transactions: 69 | As at Dec-19-2025 08:45:50 AM (UTC)
EthSecurity
On Oct. 25, El Dorado Exchange @ede_finance (https://bscscan.com/address/0xf1d7e3f06af6ee68e22bafd37e6a67b1757c35a9), a GMX fork, lost ~$80k rootcause: an ELP (LP token) accounting bug. Attacker exploited a mismatch between LP valuation and position accounting…
2025-recap.decurity.io
Defimon 2025 Recap - Decurity
Defimon's 2025 DeFi security recap: 10 major exploits detected in real-time, totaling millions in losses. From deprecated contracts to ERC-4626 attacks, discover the patterns that defined the year of old code vulnerabilities and rounding issues.
🔥7
critical RCE flaw (CVSS 9.9) was found in the n8n workflow automation platform - link
We printed money on Starlink + PolyMarket - link
Polymarket trading bot steal private keys -
Iink
@EthSecurity1
We printed money on Starlink + PolyMarket - link
Polymarket trading bot steal private keys -
Iink
@EthSecurity1
X (formerly Twitter)
nostylist⁺ (@fuckmenostylist) on X
We printed money on Starlink + PolyMarket.
$24k in 15 days. Two devs, no insider info, no signals, no leverage.
Sounds weird? Yeah, it did to us too at first. But when you break it down, it's almost stupidly simple.
The Setup
@Polymarket markets always…
$24k in 15 days. Two devs, no insider info, no signals, no leverage.
Sounds weird? Yeah, it did to us too at first. But when you break it down, it's almost stupidly simple.
The Setup
@Polymarket markets always…
😁6🔥2
9.4 million dollars’ worth of assets on Gnosis Chain were recovered via the December hard fork from the Balancer exploit. Gnosis Chain force other nodes to imply new chain.Rekt
@EthSecurity1
@EthSecurity1
😁9
JFIN Bridge (LCBridgev2Token) hacked for $13.4K
Type: Logic Error (Reward Calculation)
The staking reward calculation allows claiming rewards greater than the contract balance by exploiting the
TX: https://etherscan.io/tx/0xf867d1d7164ac9178d81696c989f65e817b8cab14850345ab3a1f99bbe547210
Victim: https://etherscan.io/address/0x3EbFd0EFC49a27fb633bd56013E4220EBC2c3C6d
CoinGecko: https://www.coingecko.com/en/coins/jfin-coin
@EthSecurity1
Type: Logic Error (Reward Calculation)
The staking reward calculation allows claiming rewards greater than the contract balance by exploiting the
claimReward function which pays out based on accumulated totalReward rather than actual available funds, draining all staked JFIN tokens.TX: https://etherscan.io/tx/0xf867d1d7164ac9178d81696c989f65e817b8cab14850345ab3a1f99bbe547210
Victim: https://etherscan.io/address/0x3EbFd0EFC49a27fb633bd56013E4220EBC2c3C6d
CoinGecko: https://www.coingecko.com/en/coins/jfin-coin
@EthSecurity1
Ethereum (ETH) Blockchain Explorer
Ethereum Transaction Hash: 0xf867d1d716... | Etherscan
Call 0x60806040 Method By 0xb2779442...142637751 | Success | Dec-20-2025 07:49:35 AM (UTC)
❤4🤔2
Seems trust wallet extension been compromised. If you enter pass phrase on web move your assets ASAP
@EthSecurity1
@EthSecurity1
😢10
do not use proton mail service. seems they deliver all customers data to government
@EthSecurity1
@EthSecurity1
👍11😢8👨💻2