On Oct. 25, El Dorado Exchange
@ede_finance
(https://bscscan.com/address/0xf1d7e3f06af6ee68e22bafd37e6a67b1757c35a9), a GMX fork, lost ~$80k
rootcause: an ELP (LP token) accounting bug. Attacker exploited a mismatch between LP valuation and position accounting, minting ELP from thin air.
@EthSecurity1
@ede_finance
(https://bscscan.com/address/0xf1d7e3f06af6ee68e22bafd37e6a67b1757c35a9), a GMX fork, lost ~$80k
rootcause: an ELP (LP token) accounting bug. Attacker exploited a mismatch between LP valuation and position accounting, minting ELP from thin air.
@EthSecurity1
BNB Smart Chain Explorer
Address: 0xf1d7e3f0...1757c35a9 | BscScan
Contract: Verified | Balance: $45,579.66 across 1 Chain | Transactions: 69 | As at Jan-06-2026 07:16:18 AM (UTC)
EthSecurity
On Oct. 25, El Dorado Exchange @ede_finance (https://bscscan.com/address/0xf1d7e3f06af6ee68e22bafd37e6a67b1757c35a9), a GMX fork, lost ~$80k rootcause: an ELP (LP token) accounting bug. Attacker exploited a mismatch between LP valuation and position accounting…
2025-recap.decurity.io
Defimon 2025 Recap - Decurity
Defimon's 2025 DeFi security recap: 10 major exploits detected in real-time, totaling millions in losses. From deprecated contracts to ERC-4626 attacks, discover the patterns that defined the year of old code vulnerabilities and rounding issues.
🔥7
critical RCE flaw (CVSS 9.9) was found in the n8n workflow automation platform - link
We printed money on Starlink + PolyMarket - link
Polymarket trading bot steal private keys -
Iink
@EthSecurity1
We printed money on Starlink + PolyMarket - link
Polymarket trading bot steal private keys -
Iink
@EthSecurity1
X (formerly Twitter)
nostylist⁺ (@fuckmenostylist) on X
We printed money on Starlink + PolyMarket.
$24k in 15 days. Two devs, no insider info, no signals, no leverage.
Sounds weird? Yeah, it did to us too at first. But when you break it down, it's almost stupidly simple.
The Setup
@Polymarket markets always…
$24k in 15 days. Two devs, no insider info, no signals, no leverage.
Sounds weird? Yeah, it did to us too at first. But when you break it down, it's almost stupidly simple.
The Setup
@Polymarket markets always…
😁6🔥2
9.4 million dollars’ worth of assets on Gnosis Chain were recovered via the December hard fork from the Balancer exploit. Gnosis Chain force other nodes to imply new chain.Rekt
@EthSecurity1
@EthSecurity1
😁9
JFIN Bridge (LCBridgev2Token) hacked for $13.4K
Type: Logic Error (Reward Calculation)
The staking reward calculation allows claiming rewards greater than the contract balance by exploiting the
TX: https://etherscan.io/tx/0xf867d1d7164ac9178d81696c989f65e817b8cab14850345ab3a1f99bbe547210
Victim: https://etherscan.io/address/0x3EbFd0EFC49a27fb633bd56013E4220EBC2c3C6d
CoinGecko: https://www.coingecko.com/en/coins/jfin-coin
@EthSecurity1
Type: Logic Error (Reward Calculation)
The staking reward calculation allows claiming rewards greater than the contract balance by exploiting the
claimReward function which pays out based on accumulated totalReward rather than actual available funds, draining all staked JFIN tokens.TX: https://etherscan.io/tx/0xf867d1d7164ac9178d81696c989f65e817b8cab14850345ab3a1f99bbe547210
Victim: https://etherscan.io/address/0x3EbFd0EFC49a27fb633bd56013E4220EBC2c3C6d
CoinGecko: https://www.coingecko.com/en/coins/jfin-coin
@EthSecurity1
Ethereum (ETH) Blockchain Explorer
Ethereum Transaction Hash: 0xf867d1d716... | Etherscan
Call 0x60806040 Method By 0xb2779442...142637751 | Success | Dec-20-2025 07:49:35 AM (UTC)
❤4🤔2
Seems trust wallet extension been compromised. If you enter pass phrase on web move your assets ASAP
@EthSecurity1
@EthSecurity1
😢10
do not use proton mail service. seems they deliver all customers data to government
@EthSecurity1
@EthSecurity1
👍12😢12👨💻3🤬1
🔥3❤1😱1
Flow blockchain Drops Rollback after $3.9M Exploit
RootCause: unathorized minting wFLOW,wETH,wBTC but validators Halted network no funds loss
@EthSecurity1
RootCause: unathorized minting wFLOW,wETH,wBTC but validators Halted network no funds loss
@EthSecurity1
🙉4
I can not focus on work until persian revolution is going on
Ahoramazda save iran
Ahoramazda save iran
🫡11😁4❤3🙉3👍1💯1
an insolvency bug in RAI's liquidation engine - link
You are thinking about rounding errors wrong - link
An AI security awesome list / learning journey - link
@EthSecurity1
You are thinking about rounding errors wrong - link
An AI security awesome list / learning journey - link
@EthSecurity1
X (formerly Twitter)
Trust (@trust__90) on X
We found an insolvency bug in RAI's liquidation engine. Through returndata-bombing, attackers could abuse a registered callback and make it unliquidatable.
Immunefi mediation confirmed the issue and recommended payout.
Then they reversed course after project…
Immunefi mediation confirmed the issue and recommended payout.
Then they reversed course after project…
❤3🔥1
yesterday Ipor hacked ~ $300K
RootCause : underlying contract delegated by the EOA account controlled by the project team through EIP-7702 contains a vulnerability that allows arbitrary external calls
@EthSecurity1
RootCause : underlying contract delegated by the EOA account controlled by the project team through EIP-7702 contains a vulnerability that allows arbitrary external calls
@EthSecurity1
😁3🔥2😱2😢1