3/7 🔍 What was the loophole(1/2)? The loopholes lie in two functions of the smart contract 'INcufi': register(address referrer) and STAKE (uint amout ,uint day,uint countryid). First, the major vulnerability is in STAKE(uint amount, uint day, uint countryid). 🔓 The user can set how many days they want to stake in the contract. However, the problem is that there is no strict checking on the minimum days of staking, meaning the user can set the day to 0, allowing them to stake and withdraw rapidly. ⏱️ Note that when the user stakes, referrers earn a commission which can be converted to BSC-USD later on. 💸 As users can stake and withdraw without any restriction, commissions to referrers will be sent out every time users stake! 🔄

6/7 📚 Attack in Action (2/3) After the setup, now the attacker abuses the vulnerability in STAKE (uint amout ,uint day,uint countryid).💥 The attacker's contract performs buyNFT which basically performs STAKE with day =0 and amount with 10,000 BSC-USD. As the attacker's contract stakes the money, Contract B (0x1521d34ae3d85e2219bff49dd8fe2809e1ad07dd) earns 1,000 AKITADEF and Contract C (0x6976d28d21cba294377257eae04761fa5ce14eaf) earns 500 AKITADEF as shown below. Contract (Oxaa47b......6d5de) is an address from INcufi that costs the fees for using this protocol.📈

1/3 🚨 Potential Price Manipulation on HIGH Token? 📅 On June 12th, @highstreetworld shared an announcement on Telegram regarding a total of 66% drop in token value. According to the team's investigation, this movement was the result of a malicious attack on their community. 🕵️♂️ They stated that "an entity has withdrawn 20 million tokens, with 9 million originating directly from a Korean exchange (Bithumb)." Additionally, the team mentioned they have no intention of harming their own project to assure investors of the token's safety. 🔍 Without giving further detail, the team shared two wallet addresses and advised investors to "remain vigilant" upon further notice. 📈 Upon our investigation, our team confirmed multiple inflow transactions to Bithumb deposits from 3:10 pm (GMT 8) on June 8th until 2:28 pm (GMT 8) on June 12th. A total of over $20 million was sent to Bithumb's deposit wallet.

2/3 🔍 Who is this mysterious attacker? 🕵️♂️ Upon our investigation of two addresses, we have identified various intermediary wallets linked with these addresses. Initially, our team pinpointed these intermediary wallets as potential wallets utilized for price manipulation. 🔍 However, upon further research, our team has concluded that these addresses belong to normal users who have been engaging in arbitrage on the Binance exchange and Bithumb (specifically, selling on Bithumb and buying on Binance). Arbitrage is the act of buying tokens in one market and selling them in another at a higher price to make a profit. 📊 Our team concluded that the related intermediary wallets are normal users mainly due to two key factors: 📈 Transactions of various tokens 📆 Conducting transactions for over 6 months or more For further details check our attachment.

1/3 🚨 Danger of Chrome Extension 2 days ago, @CryptoNakamao shared a post about his tragic loss of $1 million. Due to a malicious Chrome extension such as Aggr, which he downloaded after seeing a recommendation in TG channels, he has become a victim of cross trading. 💸 However, upon our research, it seems such malicious attacks are not the first of their kind. We found that a fake Aggr extension was launched in 2020 and eneded it's service back in 2021. 🔍 Stay vigilant and always verify the extensions you install!

2/3 🔍 How Cross Trading Happened The attack was executed by grabbing cookie data across all tabs to obtain the victim's login credentials. Upon deeper analysis by @Tree_of_Alpha, it was discovered that the extension contained malicious lines of code that sent all the cookie data to an external server. 🍪 Since cookies contain private information, including login credentials, the attacker was able to perform cross trading. 📉 For detail analysis check this article: chaincatcher.com/article/212…

5/7 🚨 Bypassing Security Alerts ft. Angel Drainer: Discover how scammers use nested smart contracts to bypass security alerts from wallet providers. This advanced technique can catch users off guard. Stay one step ahead. 🔍🔔

6/7 🌾 Restake Farming Attack ft. Angel Drainer : Our investigation into restake farming attacks on EigenLayer Protocol highlights how Angel Drainer exploits staking mechanisms to drain funds from users. Understanding these tactics is crucial for secure DeFi participation. 🌾💸

3/7 🛡️ ERC-4337 Vulnerabilities?: We explore how attackers exploit new features in ERC-4337, leading to potential security breaches. Understanding these vulnerabilities is essential for safer blockchain interactions. 🔐🚨