Forwarded from Vladimir S. | Officer's Channel (officercia)
• x.com/osintkanal/status/1778181454339490081
#security #OSINT
Please open Telegram to view this post
VIEW IN TELEGRAM
Forwarded from Vladimir S. | Officer's Channel (Vladimir S. | officercia)
Please open Telegram to view this post
VIEW IN TELEGRAM
Cointelegraph
New Satoshi theory suggests it’s been the ‘2010 megawhale’ all along
Bitcoin’s pseudonymous inventor, Satoshi Nakamoto, could be the “2010 megawhale” that cashed out $176 million worth of Bitcoin on Coinbase, BTCparser says.
Forwarded from Vladimir S. | Officer's Channel (Vladimir S. | officercia)
SlowMist founder: we discovered that the hacker who attacked zkLend has a close connection to the hacker who attacked EraLend in July 2023, and we suspect they are the same person: x.com/officer_cia/status/1890132436589445291?12
#security #privacy #investigation
#security #privacy #investigation
X (formerly Twitter)
Vladimir S. | Officer's Notes (@officer_cia) on X
. @SlowMist_Team founder @evilcos : we discovered that the hacker who attacked @zkLend has a close connection to the hacker who attacked @Era_Lend in July 2023, and we suspect they are the same person.
Forwarded from Vladimir S. | Officer's Channel (Vladimir S. | officercia)
Dune
abstract-drain
Free crypto analytics by and for the community. Access crypto data tools and blockchain analytics with 700,000+ dashboards covering DeFi, NFTs, and onchain data. Track meme coin metrics, DEX analysis, and more across dozens of protocols like Ethereum, Bitcoin…
Forwarded from Vladimir S. | Officer's Channel (Vladimir S. | officercia)
X (formerly Twitter)
Vladimir S. | Officer's Notes (@officer_cia) on X
Investigation by Isao (@peckshield TG)
Contract: https://t.co/rX9ADhKs8o (which is associated with Cardex User Drainer) => 0.02101229 ETH for address: https://t.co/qBtx7CiMmb
Address: https://t.co/TSbywjVdl5 (received Gas from OKX multiple times) has the…
Contract: https://t.co/rX9ADhKs8o (which is associated with Cardex User Drainer) => 0.02101229 ETH for address: https://t.co/qBtx7CiMmb
Address: https://t.co/TSbywjVdl5 (received Gas from OKX multiple times) has the…
Forwarded from Vladimir S. | Officer's Channel (Vladimir S. | officercia)
Please open Telegram to view this post
VIEW IN TELEGRAM
Forwarded from Vladimir S. | Officer's Channel (Vladimir S. | officercia)
Forwarded from Vladimir S. | Officer's Channel (Vladimir S. | officercia)
Bybit hacker (following the Zachxbt and Arkham - that’s Lazarus) becomes the 14th largest ETH holder, owning approximately 0.42% of total supply—more than Fidelity, Vitalik, and over twice the amount held by the Ethereum Foundation: https://x.com/officer_cia/status/1893038960412131683?s=46
#security #investigation
#security #investigation
Forwarded from Vladimir S. | Officer's Channel (Vladimir S. | officercia)
X (formerly Twitter)
Vladimir S. | Officer's Notes (@officer_cia) on X
Lazarus Group transferred 5K ETH from the Bybit Hack to a new address and began laundering funds via eXch (a centralized mixer) and bridging funds to Bitcoin via Chainflip.
5K ETH transfer on Feb 22, 2025 6:28:23 AM
5K ETH transfer on Feb 22, 2025 6:28:23 AM
Forwarded from Vladimir S. | Officer's Channel (Vladimir S. | officercia)
This is official. Safe UI has been compromised to attack Bybit…
Link: https://x.com/officer_cia/status/1894773005961527331?s=46
#security #investigation
Link: https://x.com/officer_cia/status/1894773005961527331?s=46
#security #investigation
X (formerly Twitter)
Vladimir S. | Officer's Notes (@officer_cia) on X
Full report: https://t.co/s50GE8wjYW
Forwarded from Vladimir S. | Officer's Channel (Vladimir S. | officercia)
A dev machine of Safe was compromised. This allowed access to AWS and their S3 bucket. A malicious JavaScript was pushed to the bucket and eventually distributed. The malicious JS code targeted specifically the Bybit contract address. The JS code changes the content of the transaction during the signing process.
#security #investigation
#security #investigation
Forwarded from Vladimir S. | Officer's Channel (Vladimir S. | officercia)
X (formerly Twitter)
Vladimir S. | Officer's Notes (@officer_cia) on X
. @FBI released a public service announcement saying North Korea is responsible for the $1.5 billion @Bybit_Official hack.
The FBI called on private sector entities including RPC node operators, exchanges, and DeFi services to block transactions with addresses…
The FBI called on private sector entities including RPC node operators, exchanges, and DeFi services to block transactions with addresses…
Forwarded from Vladimir S. | Officer's Channel (Vladimir S. | officercia)
Forwarded from Vladimir S. | Officer's Channel (Vladimir S. | officercia)
The Bybit hacker has moved 270,000 ETH worth around $605M via THORChain and still holds 229,395 ETH worth around $514M: https://x.com/officer_cia/status/1895407702614094208?s=46
#security #investigation
#security #investigation
X (formerly Twitter)
Vladimir S. | Officer's Notes (@officer_cia) on X
The @Bybit_Official hacker has moved 270,000 ETH worth around $605M via THORChain and still holds 229,395 ETH worth around $514M, according to @lookonchain & @Cointelegraph
Forwarded from Vladimir S. | Officer's Channel (Vladimir S. | officercia)
The hacker has laundered all the 499,000 ETH ($1.39 billion) stolen from Bybit, and the whole process took 10 days. THORChain, the main channel used by the hacker to launder money, received $5.9 billion in transaction volume and $5.5 million in handling fees.
My personal advice to the Thorchain team is to contact my attorney @rata0x before it's too late. I think we can help you with a legal audit.
• https://x.com/officer_cia/status/1896749395577581970?3
#security #investigation
My personal advice to the Thorchain team is to contact my attorney @rata0x before it's too late. I think we can help you with a legal audit.
• https://x.com/officer_cia/status/1896749395577581970?3
#security #investigation
Forwarded from Vladimir S. | Officer's Channel (Vladimir S. | officercia)
Bybit attack flowchart: https://x.com/officer_cia/status/1898048649223192727?s=46
#security #investigation
#security #investigation
X (formerly Twitter)
Vladimir S. | Officer's Notes (@officer_cia) on X
A simplified flowchart of the @Bybit_Official Heist by @TalBeerySec
1. Attackers infects a Safe{wallet} Dev machine with malware,
2. Rides its session to change wallet website,
3. Changed website offer malicious Tx to ByBit signers, 4. which transfer ownership…
1. Attackers infects a Safe{wallet} Dev machine with malware,
2. Rides its session to change wallet website,
3. Changed website offer malicious Tx to ByBit signers, 4. which transfer ownership…
Forwarded from Vladimir S. | Officer's Channel (Vladimir S. | officercia)
According to Decurity’s postmortem report, after negotiations with the hacker, most of the $5 million stolen from 1inch has been returned, with the hacker keeping a portion as a bug bounty.
The attack was caused by a vulnerability in the Fusion v1 smart contract, primarily affecting those using outdated versions of the resolver. Regular users’ funds were not impacted: https://x.com/officer_cia/status/1898544905254777025
#investigation #security
The attack was caused by a vulnerability in the Fusion v1 smart contract, primarily affecting those using outdated versions of the resolver. Regular users’ funds were not impacted: https://x.com/officer_cia/status/1898544905254777025
#investigation #security
X (formerly Twitter)
Vladimir S. | Officer's Notes (@officer_cia) on X
According to @DecurityHQ postmortem report, after negotiations with the hacker, most of the $5 million stolen from 1inch has been returned, with the hacker keeping a portion as a bug bounty.
The attack was caused by a vulnerability in the Fusion v1 smart…
The attack was caused by a vulnerability in the Fusion v1 smart…
Forwarded from Vladimir S. | Officer's Channel (Vladimir S. | officercia)
Lazarus Group deposits 400 ETH (~$750K) into Tornado Cash, linked to February’s $1.4B Bybit hack, while deploying new “BeaverTail” malware targeting browsers and crypto wallets: https://x.com/officer_cia/status/1900126714086183378?1
#security #investigation
#security #investigation
X (formerly Twitter)
Vladimir S. | Officer's Notes (@officer_cia) on X
Lazarus Group deposits 400 ETH (~$750K) into Tornado Cash, linked to February’s $1.4B Bybit hack, while deploying new “BeaverTail” malware targeting browsers and crypto wallets.
H/T @leviathan_news
H/T @leviathan_news
Forwarded from Vladimir S. | Officer's Channel (Vladimir S. | officercia)
Please open Telegram to view this post
VIEW IN TELEGRAM