critical RCE flaw (CVSS 9.9) was found in the n8n workflow automation platform - link
We printed money on Starlink + PolyMarket - link
Polymarket trading bot steal private keys -
Iink
@EthSecurity1
We printed money on Starlink + PolyMarket - link
Polymarket trading bot steal private keys -
Iink
@EthSecurity1
X (formerly Twitter)
nostylist⁺ (@fuckmenostylist) on X
We printed money on Starlink + PolyMarket.
$24k in 15 days. Two devs, no insider info, no signals, no leverage.
Sounds weird? Yeah, it did to us too at first. But when you break it down, it's almost stupidly simple.
The Setup
@Polymarket markets always…
$24k in 15 days. Two devs, no insider info, no signals, no leverage.
Sounds weird? Yeah, it did to us too at first. But when you break it down, it's almost stupidly simple.
The Setup
@Polymarket markets always…
😁6🔥2
9.4 million dollars’ worth of assets on Gnosis Chain were recovered via the December hard fork from the Balancer exploit. Gnosis Chain force other nodes to imply new chain.Rekt
@EthSecurity1
@EthSecurity1
😁9
JFIN Bridge (LCBridgev2Token) hacked for $13.4K
Type: Logic Error (Reward Calculation)
The staking reward calculation allows claiming rewards greater than the contract balance by exploiting the
TX: https://etherscan.io/tx/0xf867d1d7164ac9178d81696c989f65e817b8cab14850345ab3a1f99bbe547210
Victim: https://etherscan.io/address/0x3EbFd0EFC49a27fb633bd56013E4220EBC2c3C6d
CoinGecko: https://www.coingecko.com/en/coins/jfin-coin
@EthSecurity1
Type: Logic Error (Reward Calculation)
The staking reward calculation allows claiming rewards greater than the contract balance by exploiting the
claimReward function which pays out based on accumulated totalReward rather than actual available funds, draining all staked JFIN tokens.TX: https://etherscan.io/tx/0xf867d1d7164ac9178d81696c989f65e817b8cab14850345ab3a1f99bbe547210
Victim: https://etherscan.io/address/0x3EbFd0EFC49a27fb633bd56013E4220EBC2c3C6d
CoinGecko: https://www.coingecko.com/en/coins/jfin-coin
@EthSecurity1
Ethereum (ETH) Blockchain Explorer
Ethereum Transaction Hash: 0xf867d1d716... | Etherscan
Call 0x60806040 Method By 0xb2779442...142637751 | Success | Dec-20-2025 07:49:35 AM (UTC)
❤4🤔2
Seems trust wallet extension been compromised. If you enter pass phrase on web move your assets ASAP
@EthSecurity1
@EthSecurity1
😢10
do not use proton mail service. seems they deliver all customers data to government
@EthSecurity1
@EthSecurity1
👍12😢12👨💻3🤬1
🔥3❤1😱1
Flow blockchain Drops Rollback after $3.9M Exploit
RootCause: unathorized minting wFLOW,wETH,wBTC but validators Halted network no funds loss
@EthSecurity1
RootCause: unathorized minting wFLOW,wETH,wBTC but validators Halted network no funds loss
@EthSecurity1
🙉4
I can not focus on work until persian revolution is going on
Ahoramazda save iran
Ahoramazda save iran
🫡11😁4❤3🙉3👍1💯1
an insolvency bug in RAI's liquidation engine - link
You are thinking about rounding errors wrong - link
An AI security awesome list / learning journey - link
@EthSecurity1
You are thinking about rounding errors wrong - link
An AI security awesome list / learning journey - link
@EthSecurity1
X (formerly Twitter)
Trust (@trust__90) on X
We found an insolvency bug in RAI's liquidation engine. Through returndata-bombing, attackers could abuse a registered callback and make it unliquidatable.
Immunefi mediation confirmed the issue and recommended payout.
Then they reversed course after project…
Immunefi mediation confirmed the issue and recommended payout.
Then they reversed course after project…
❤3🔥1
yesterday Ipor hacked ~ $300K
RootCause : underlying contract delegated by the EOA account controlled by the project team through EIP-7702 contains a vulnerability that allows arbitrary external calls
@EthSecurity1
RootCause : underlying contract delegated by the EOA account controlled by the project team through EIP-7702 contains a vulnerability that allows arbitrary external calls
@EthSecurity1
😁3😢3🔥2😱2
Why fixed-rate lending never took off on-chain - link
Our main goal is to share tips from some well-known bughunters. - link
awesome Checklist - link
@EthSecurity1
Our main goal is to share tips from some well-known bughunters. - link
awesome Checklist - link
@EthSecurity1
X (formerly Twitter)
nico pei (@nicoypei) on X
Why fixed-rate lending never took off on-chain
🔥4
Zcash developers quit after board clash as ZEC drops 17% in 24H
The entire Electric Coin Company team behind Zcash resigned on January 7 after what CEO Josh Swihart described as a constructive discharge by the Bootstrap board.
According to the U.S. Department of Labor, constructive discharge refers to a situation where an employee's resignation is not considered voluntary due to an employer creating a hostile work environment or applying pressure that forces the quit.
@EthSecurity1
The entire Electric Coin Company team behind Zcash resigned on January 7 after what CEO Josh Swihart described as a constructive discharge by the Bootstrap board.
“Yesterday, the entire ECC team left after being constructively discharged by ZCAM. In short, the terms of our employment were changed in ways that made it impossible for us to perform our duties effectively and with integrity.”
According to the U.S. Department of Labor, constructive discharge refers to a situation where an employee's resignation is not considered voluntary due to an employer creating a hostile work environment or applying pressure that forces the quit.
@EthSecurity1
😱5😁2🙉2