11364
• Articles: @officercia • Blog: officercia.mirror.xyz • X: x.com/officer_cia
lol 😂 x.com/spreekaway/status/1803475736566612293
Guys how dare you…
#offtopic
officercia.mirror.xyz/vtVVxbV35ETiBGxm-IpcFPcsK2_ZkL7vgiiGUkeSsP0
Читать полностью…
"Recently, a vulnerability was discovered in Soft Protocol’s governor contract that could have jeopardized the ecosystem. The vulnerability, if exploited, would have allowed users to exploit the ‘voting while vesting’ functionality, potentially claiming unlimited voting power and passing malicious proposals"
The vulnerability was discovered using Glider 👀
Read the full story here 👈
Recently, I've been unsure how to operate my blog or what to write about in my articles...
So if you have any ideas, I'd love to hear them. Feel free to DM me!
• x.com/officer_cia/status/1802936955455348913
Please also advise me on new handle/nickname possibilities; however, please do not propose "crypto officer". Thank you. 🙏
#offtopic
Describe a vulnerable scenario using glide.r.xyz and find all the affected contracts deployed on a blockchain!
Thats exactly what 0xkasper did, and helped multiple projects using one query, simultaneously multiplying the payouts.
ありがとうございます! ❤️
• x.com/wakiyamap/status/1801309191010980104?1
#security #web3 #hack
5 Million Dollar bounty to the first person to identify and locate... [the UwU_Lend Exploiter] ‼️
#OSINT family, your turn next!
Proof transaction below. ⬇️
• etherscan.io/tx/0xf0d01b73aa653c551fff0383276d230347fc02c3d48b6f4ebb7dee852cbd27be
• x.com/officer_cia/status/1801332326854451300
#osint
New bug bounty platform https://r.xyz/programs has been added to the Web3 Bug Bounty Alerts channel.
Читать полностью…
Hey just want to share an update investigation into someone who is providing services to PinkDrainer:
https://medium.com/coinmonks/scam-as-a-service-pink-drainer-5b4165371916
Never get left with broken links again. Learn to seamlessly search and organise your OSINT tools! ⚒️
• www.osintteam.com/easily-find-osint-tools
Much thanks for a mention!
#security #osint
Date: 2024-05-31
Bug bounty program was added to Remedy:
Analysis (in real time) by @ETHSecurity community:
- Yeah, I believe this price oracle is UwU's: etherscan.deth.net/address/0xd252953818bdf8507643c237877020398fa4b2e8
- This is the "typical" plugged to the system, very weirdly configured etherscan.io/address/0xAC4A2aC76D639E10f2C05a41274c1aF85B772598#readContract
- I think the root cause is due to the improper design of the oracle. The oracle returns the medium value of 11 price oracles. 5 of them is the spot price of curve pool, which can be manipulated. The left 6 is hard to be manipulated. However, they depends on the price of the other stable coins.
Meanwhile, crvUSD is 0.996 while USDC is around 1.03, which is the root cause why the price jump from 98 to 103.
- Very confusing the fallback oracle was used, there was no need. But yes, that is not source of any problem, that custom feed based on dexes is…
Stay safe!
More information: x.com/officer_cia/status/1800162941540745607
#alert #security
Who are these on-chain beggars…
Читать полностью…
officercia.mirror.xyz/GX0LvoKDcC12ACXzhT3F_3PVRSfEyhE8cJYMZnoia9U
Читать полностью…
Certik security researchers allegedly hacked Kraken, refused to return funds and sent the assets through Tornado Cash - 𝕏/@tayvano_
Читать полностью…
officercia.medium.com/protecting-yourself-from-linkedin-scams-how-to-stay-safe-in-the-web3-era-25e6b0566fa6
Читать полностью…
A special message to my detractors/haters: see a psychologist immediately. Your heads need to be addressed.
#offtopic
Please like & RT! 👀🦀❤️
• https://x.com/xyz_remedy/status/1802013698619502909
#security #osint
Feel free to cross check here: https://officercia.mirror.xyz/pz1wGZmA06MHrl5HdKgSretf1Uw5H5e2YzeEBf3Tihs
#security #offtopic
⚡ Calling all Web3 Security firms ⚡
Let us join forces and together fortify our blockchain ecosystems!
We're excited to offer Glider Ethereum mainnet access to all our Web3 cybersecurity comrades. Time to level up our defense game!
Start finding bugs at scale now👉🏼 https://exty84bdiei.typeform.com/gliderpartners
Save this post if you've been scammed or hacked!!!
• x.com/officer_cia/status/1800971266049847467
#security #privacy
True that lmao 🤣
• x.com/xyz_remedy/status/1800878971615150544
#offtopic #web3
Detailed review (yet unofficial postmortem): x.com/skywinder/status/1800616345903493530
#security #web3
We need to implement something similar for Bug Bounty Hunters, WDYT?
• x.com/xyz_remedy/status/1799787781608374556?1
#security #web3
officercia.mirror.xyz/DqRTkbCToO3_YpauiR8tJGQKI-kBJfg5ZUwfUkfjDNQ
Читать полностью…
The attacker deposited much of the tokens into CurveFinance's LlamaLend protocol.
The situation and effects are being unpacked and analyzed in realtime!
• x.com/officer_cia/status/1800170718602432796
#security #web3
Attacker has executed 3 transactions and was able to get around $19.5M. But hack is still ongoing! Amount might increase. Right now attacker is swapping stolen digital assets to $ETH.
Attacker has been funded by TornadoCash 2 days ago!
#alert #security #web3
Looks like UwU_Lend is being attacked/drained right now!
So far drained around $18M!
• x.com/officer_cia/status/1800141530356928987
#alert #security #web3
WANTED Web3 researchers, authors, writers, and hunters!
Your one-of-a-kind opportunity to provide public value while increasing the number of people who read your writings. Please add them to our wiki.r.security, and let us work together to keep this place safe! ❤️
#audit #web3