与「SlowMist」相关的搜索结果

🚨SlowMist TI Alert🚨 AIDC token on BSC has been exploited. 💸 Loss: 220.12 WBNB (~$120929.35) 🔍 Root Cause: AIDCToken's `_sellTransfer()` accumulates a 30% burn amount without deducting it from the seller. Subsequently, any non-Pair transfer triggers `_executeAccumulatedBurn()`, which incorrectly burns tokens from the `uniswapPair` balance instead of the seller. After burning, `sync()` is called, artificially deflating the AIDC reserve in the AMM, allowing the attacker to drain WBNB. 📌 Attacker: 0x89eb2c99e970d831525c7a52badc290afa116b63 📌 Victim: 0x2725033282b3bd4be8873b7f0f622c18e3b7cbd8 (Pancake V2 AIDC/WBNB Pair) 📌 Vulnerable Contract: 0x5021d71859f81b4c905b573591db8f9cc4a0c6fe (AIDCToken) The attacker exploited a flawed burn mechanism where sell-induced burn debt is wrongly imposed on the liquidity pool, enabling repeated reserve manipulation and a final swap that drained nearly all WBNB from the Pair. Powered by #SlowMist#.AI

🚨 SlowMist TI Alert 🚨 A new Shai-Hulud / Miasma / Hades npm malware variant linked to the compromised npm developer account czirker, affecting the npm ecosystem. The campaign uses a preconfigured binding.gyp file to execute during npm install; reported scope includes 23 affected packages, with leo-logger noted at 3,140 weekly npm downloads. As of the tweet publication time, 408 infected GitHub repositories containing stolen credentials had already been observed. Potential attacker actions include GitHub token theft, npm token theft, AWS / GCP / Azure credential theft, local environment data exfiltration, malicious GitHub workflow abuse, and further npm supply-chain propagation. Security teams should immediately check lockfiles and package histories for affected versions, downgrade or remove impacted packages, rotate npm, GitHub, cloud, CI/CD, and application secrets, enforce 2FA. Thanks to @OX__Security for the excellent analysis. As always, stay vigilant! The following URL can be used to track the latest situation:

GM☕️ 成功追回来部分被盗资金😭 想不到我竟然有机会 Update 这条推文的最新进展🫠。昨晚 FixedFloat 把 10,319 USDC 的被盗资金退到我新钱包了。 距离 2025 年 9 月 4 日被盗，8 个多月。多链资产合计大概 10w 美刀，那一晚就那么没了。报警 + 找漫雾（@SlowMist_Team）做链上追踪后，就是漫长的拉锯——今年 Q1 黑客把其中一部分 USDC 通过 8 个地址送进了 FixedFloat，漫雾的 Tony 哥一路协助沟通冻结，香港警方 CSTCB 加密货币组最终发了正式 Recovery Request，FixedFloat 归还了其中一笔 1wU。 讲真的，10w 被盗追回 1w，比例上不算多。但这一笔能拿回来，已经超出我一开始的预期了。 链上追讨这条路，结论是：可行，但慢，且看运气。可行在于一旦资金进了 CEX、swap 平台这种「有客服、有法务、有合规」的服务方，理论上就有冻结窗口；慢在于跨境合规流程；运气在于黑客是否把资金送到 CEX 平上等你来追——大部分情况下，他打进诸如 XMR 等隐私链路那一刻就已经没希望了，太难追踪了，能拦下来的只是诸多链条中充值 CEX 的那一小部分。 衷心感谢漫雾（@SlowMist_Team）整个团队这大半年的协助，特别是 Tony 哥一路推进案件不嫌烦，从追踪报告到与 FixedFloat 沟通到与警方对接全程都在！也感谢香港警局和 CSTCB 的阿 Sir🙏。 「Not your key, not your money」，这次我真的记下了🤡 #Web3Security#

Welcome @SlowMist_Team as the security support partner of HTX Genesis Hackathon 🛡️ As a global leading blockchain security company, SlowMist will provide AI-driven, full-chain security solutions for this hackathon, supporting builders with integrated protection from threat detection to defense. Innovation needs courage. Security needs to keep up. Registration is still open — scan the QR code on the poster and join now👇 #HTXDAO# #HTXGenesisHackathon# #SlowMist#

🚨SlowMist TI Alert🚨 @aztecnetwork has been exploited again. 💸 Loss: 1,158 ETH+150,000 DAI+0.4696 renBTC (~$2,209,704.23 USD) 🔍 Root Cause: The `RollupProcessor.escapeHatch()` function (`0x737901bea3eeb88459df9ef1be8ff3ae1b42a2ba`) lacks access control: no `onlyOwner`, no `rollupProviders` authorization, and no provider signature verification. When `rollupSize == 0`, the TurboVerifier accepts an escape hatch proof, and `processDepositsAndWithdrawals()` directly trusts the `proofData` public inputs (`publicOutput`, `outputOwner`, `assetId`) without independent validation of fund ownership or withdrawal balance, executing `withdraw(1158 ETH, attacker, 0)`. 📌 Attacker EOA: `0x6952d9246e9afe8b887b2877225163436f78e97f` 📌 Victim Contract: `RollupProcessor` at `0x737901bea3eeb88459df9ef1be8ff3ae1b42a2ba` 📌 Verifier Contract: `TurboVerifier` at `0x48cb7ba00d087541dc8e2b3738f80fdd1fee8ce8` Impact: Attacker drained 1,158 ETH from the `RollupProcessor` by submitting a valid escape hatch proof with spoofed public inputs, exploiting validation in the escape hatch withdrawal path. Powered by #SlowMist#.AI

Aztec 似乎又被盗了，其 Private Rollup Bridge 0x737901bea3eeb88459df9ef1BE8fF3Ae1B42A2ba 有三笔可疑利用（总约 215 万美金）： 1,158 ETH 150,000 DAI 0.46963295 renBTC 资金主要都在： 0x6952d9246e9aFE8B887B2877225163436F78E97F 其中部分 ETH 转移到： 0x15930a0fef3421f48c6553b5691682cc1b22edb3 0x33d6a0d9bc210e823e043d604179cd844eb467df 攻击地址 Gas 来源 初步分析原因：Aztec RollupProcessor 的 Escape Hatch 在开启窗口内允许任意 caller 提交一个可被 verifier 接受的 rollup proof。合约在 processDepositsAndWithdrawals() 中只根据 proofData 里的 public output 字段执行 L1 资产释放：当 inner tx 满足 proofId == 0 且 publicOutput > 0 时，RollupProcessor 会调用 withdraw(publicOutput, outputOwner, assetId)，直接从自身托管储备中向 outputOwner 支付对应资产。 该攻击地址连续构造/提交 escape-hatch proofs，使 proofData 中的 inner tx 声明： - assetId = 0，publicOutput = 1,158 ETH - assetId = 1，publicOutput = 150,000 DAI - assetId = 2，publicOutput = 0.46963295 renBTC 由于这些 withdrawals 被 proof/state transition 接受，RollupProcessor 分别从自身 ETH / DAI / renBTC 储备向攻击者地址释放资产。 具体信息看看 @aztecnetwork 怎么说。cc @SlowMist_Team @MistTrack_io

🚨SlowMist TI Alert🚨 💸 @LittleBoyPlus has been exploited. Loss: ~377,642 USDT (~610.555 BNB) 🔍 Root Cause: The `LBPHashrate._update()` function (in `0x5e3c...85fe`) is triggered by zero-value `transferFrom` calls, which bypasses OpenZeppelin's allowance check. This allows an attacker to call `LBPHashrate.transferFrom(pair, DEAD, 0)` without pair authorization, triggering `_harvest(pair)` which mints LBP tokens directly to the PancakePair address via `LBP.mintReward(pair, reward)`. The minted LBP increases the pair's balance but not its reserve, enabling the attacker to drain USDT via `PancakePair.swap()`. 📌 Attacker: `0x5449ded887576f43fc339851e942ebc1e6f8118b` 📌 Victim Pair: `0x00e3ea08fd8cbad955ec5d2292ad637670c31524` 📌 Vulnerable Contract (LBPHashrate): `0x5e3cbc82d020be91a989eb747934104e9ab585fe` Impact: Zero-value `transferFrom` on LBPHashrate allows unapproved harvest & mint to PancakePair, leading to reserve imbalance and immediate USDT drain. Powered by #SlowMist#.AI

🚨 SlowMist TI Alert 🚨 MistEye has detected an active npm supply-chain attack compromising @redhat-cloud-services packages. Reported impact includes 31+ affected packages, about 116,282 weekly downloads, and 300+ GitHub repositories containing stolen credentials. The attack techniques show strong similarities to the previous Shai-Hulud npm campaign, including credential harvesting, malicious repository creation, and automated secret exfiltration. Public GitHub searches for the “Miasma: The Spreading Blight” marker, sorted by recent updates, still show newly appearing suspicious repositories, indicating that users are still being compromised. Potential attacker actions include GitHub/npm token theft, AWS/GCP/Azure credential theft, SSH key and Kubernetes secret collection, local environment and wallet data exfiltration, malicious GitHub repository creation, persistence, and destructive behavior if stolen tokens are revoked. Immediately remove or downgrade affected @redhat-cloud-services package versions, audit CI/CD workflows and dependency installs, rotate GitHub, npm, cloud, SSH, and wallet-related secrets, preserve logs, and rebuild exposed developer machines or runners from clean images. As always, stay vigilant! Live hunt:

🚨SlowMist TI Alert🚨 💸 Loss: 85,519.47 USDT 🔍 Root Cause: The `cliamRewred` function in `LegendaryMoneyMonNft` allows arbitrary reward claiming. The only authorization depends on `verify()` which checks `recoverSigner(...) == admin`. `recoverSigner` does not validate `ecrecover` returning `address(0)`, and `changeadmin()` allows setting admin to zero address. The attacker used an invalid signature (r=0, s=0, v=27) which returns `address(0)` from `ecrecover`, passing the check because `admin` was zero address at that moment. 📌 Attacker: 0xe1582248c593df4b367e131922438fec9d76e787 📌 Victim Contract: 0x92d60629ff5d53a0098b51e9b1d59546d1d8e5b6 📌 Vulnerable Contract: 0x92d60629ff5d53a0098b51e9b1d59546d1d8e5b6 The attacker exploited the zero-address signature bypass to drain all tokens from the contract and swapped them for USDT via PancakeSwap. Powered by #SlowMist#.AI

🚨SlowMist TI Alert🚨 💸 Loss: 62.5 BNB & 1,195,918.92 JOE 🔍 Root Cause: Single-function reentrancy in `_removeLiquidityViaContract` – BNB sent via low-level `call` before updating `lpInfo[user].lpAmount`, allowing recursive calls. 📌 Attacker EOA: 0xaa761779945dcc5f26064fc6dcb36ffab6ac7610 📌 Attacker Contract: 0x31f81fcd91025728f24bd6f0e4efb156e345a4cf 📌 Vulnerable Proxy: 0xef0f12d08d66e76e1866e60f30a0daa578e00c04 📌 Vulnerable Implementation: 0xb12ce0a21f67a9fc3c8ad1c7dbc4b017b7e67319 Attackers exploited the delayed state write to repeatedly withdraw liquidity, netting 62.5 BNB and ~1.196M JOE via 25 reentrancy loops. Powered by #SlowMist#.AI