F12

F12

Photos and videos

Tweets

Jun 12

~72M USDT frozen by Tether , part of a 120M Tron laundering run (KuCoin, instant exchanges, bridged to BTC/ETH). confirmed the inflow on-chain. h/t @zachxbt Frozen: TBzrPEsStbZAUx2SBhD4oHz8UW3FX9Ak9W Entity: TA6YHqB2xh5HhfmC7WoLQaWmqq7Vv4zCoQ

1,183

F12

F12 @f12sec

Jun 10

🚨 Raydium drained of ~$1.3M (reported by @PeckShieldAlert / Specter) Attacker funded from KuCoin → bridged Solana to ETH → laundered 810 ETH via Tornado Cash 7 ETH to FixedFloat. Tracing the on-chain flow now. 👇

6,766

F12

F12 @f12sec

Jun 10

x.com/f12sec/status/20647526…

F12 @f12sec

Jun 10

🚨 SOLVED: ~$1.3M Raydium-AMM exploit on Solana We traced every hop on-chain The bug? A FAKE LP token (supply=1) → Withdraw → 100% of the pool drained. ~$1.3M bridged via deBridge → 810 ETH straight into Tornado Cash. Here's exactly how 🧵👇

ALT ~$1.3M bridged via deBridge

ALT 810 ETH straight into Tornado Cash

654

F12

F12 @f12sec

Jun 10

ALT ~$1.3M bridged via deBridge

ALT 810 ETH straight into Tornado Cash

F12 @f12sec

Jun 10

17,688

more replies

F12

F12 @f12sec

Jun 10

$894K drain (USDC RAY): solscan.io/tx/1csN6vZKFKpeJE… RAY wSOL: solscan.io/tx/2gwZ1P37p3S396… RAY SRM: solscan.io/tx/9jBVvs6stJfpVa… RAY dust: solscan.io/tx/5877QVfgQqtNjH…

Transaction 1csN6vZKFKpeJEcwZhoiM99xoRJVY7EC3P28CE6kHYrKyrVfj2L5Sf5HfhxeBGxSsuhtFvWmkhVYXtyUAQH3s7s

Signer(s) 4WnPebowR4HHfumvNPaDjG6Pa5Hi1jxLm6xmmBq33QVk DLH1vT2SWUgb81BSUbZ5TpCoLuMCnzTamTtpHHJfSQGi EHRKa4y9kEV2LodzjBQaD7vT2xi2cqiCYDhfcNooebuJ Remove liquidity 66,836.639269 RAY and 893,700.024782...

solscan.io

1,321

F12

F12 @f12sec

Jun 10

Exploited program (unverified): solscan.io/account/27haf8L6o… "Unverified" proof (osec): verify.osec.io/status/27haf8… ETH wallet: etherscan.io/address/0x0eaba…

Raydium Liquidity Pool V3 | Account 27haf8L6oxUeXrHrgEgsexjSY5hbVUWEmvv9Nyxg8vQv | Solscan

Balance: 0.001141 SOL | View account details on Solana blockchain

solscan.io

1,122

F12

F12 @f12sec

Jun 10

Same trick, 4 pools drained: • 66,836 RAY 893,700 USDC • 74,720 RAY 5,602 wSOL • 8,621 RAY 10,692 SRM • 5,037 RAY dust Everything funneled into one wallet, then swapped to USDC

1,596

F12

F12 @f12sec

Jun 10

How it's prevented: One line , assert the LP mint passed in == the pool's stored mint. On every withdraw/deposit path. No exceptions. We catch this class with invariant checks real-time "new mint → Withdraw → vault drained to 0" alerts - F12 Security Labs

121

F12

F12 @f12sec

Jun 10

Cash-out: USDC bridged Solana → Ethereum via deBridge (giveChainId "sol") → 819.9 ETH (~$1.3M) on the attacker's ETH wallet. Then: 810 ETH into Tornado Cash (9 deposits), 7 ETH to FixedFloat, 0.65 ETH to a fresh EOA

150

F12

F12 @f12sec

Jun 10

🚨 @syscoin bridge exploit , funds recovered The ~5B SYS (~$10M) minted via the bridge flaw has been returned to recovery addresses. On-chain: 999,999,999.99 SYS → recovery address, tx ce9671d…, block 2,253,855. The rest in a second tx. Bridge stays paused pending the fix

1,830

F12

F12 @f12sec

Jun 10

Recovery txs: explorer-blockbook.syscoin.o… explorer-blockbook.syscoin.o…

206

F12

F12 @f12sec

Jun 10

🚨 @MILCplatform bridge exploit , post-mortem. Root cause: an admin private-key compromise, not a contract bug. A single EOA held DEFAULT_ADMIN MANAGER on BOTH the BSC and ETH bridges drained them, then handed admin to attacker wallets. ~$161K

2,144

more replies

F12

F12 @f12sec

Jun 10

Compromised admin 0x84Ba8F08529B6072979734b310BF0C71f06978Fb BSC attacker/admin 0x2A09414451dFeF72d1fBd84169c5189f7A950a38 ETH attacker/admin 0xffAC4a2cECc8FbB6c801B861d1Bf41C5F37f5055

149

F12

F12 @f12sec

Jun 10

BSC consolidation 0xd16ded68371d68d6ff6e003ff180230be46d17a0 Co-admin (live) 0xe0e5ce5df63f083d86620d28df3aa16a8602ef44 BSC bridge 0xCDcCc91C9a3310566035dD831Cf7D6810fb013e1 ETH bridge 0x262fBcb8dC672fD4a8471d9e25367e5Eb4901974