News list for " man cosine"
According to SlowMist founder Cosine Monitor, Starknet's on-chain lending protocol zkLend was hacked on February 12, losing more than $9.50 million. The reason for the attack is that the safeMath library used in its market contract uses direct division when performing division calculations, resulting in a rounding vulnerability in the number of zTokens that actually need to be destroyed when calculating withdrawals. The attacker is taking advantage of this vulnerability to profit. The on-chain d...
SlowMist founder Cosine tweeted, "BitmapPunks, which is driving up Ethereum Gas fees, is indeed a fully-onchain, ultra-large, hybrid collection. However, the contract is not open-source verified, and it is not carefully checked whether there is any risk."
According to the founder of Slow Mist Cosine Disclosure, the Humanity Protocol project directly stores the plaintext private key in the browser sessionStorage, provided that it is logged in by Web2, such as email, and the platform will automatically assign wallets to users. Fortunately, this is just a test network, and there is no actual harm.
SlowMist founder Cosine tweeted that the EVM (ETH/BSC/BASE) address of DEXX hackers continued to change, and many funds (including some Meme) continued to collect to the address starting with 0xffb9 from around 7:00 in the morning. On-chain data shows that the address currently holds about 440,000 US dollars in assets.
Slow Mist founder Cosine Yu X confirmed in a post that DEXX attackers are collecting scattered stolen funds on Solana and splitting them from the collection address. Some of them are starting to use Wormhole cross-chain services to cross assets to addresses starting with Ethereum 0xffe224e.
The founder of Slow Mist, Cosine Yu X, said in a post that since 2:48 am, the DEXX attackers have one after another exchanged the tokens on a batch of EVM (ETH/BASE/BSC) addresses related to the attackers for the corresponding ETH/BNB. The exchange is still going on. It should be that another script has been written to automatically do these exchange operations, and these ETH/BNB have not been transferred out yet (but relevant tests have been found).
The founder of Slow Mist, Cosine Yu X, wrote that in the early morning of this morning, various value tokens on the Solana address related to the DEXX attacker were exchanged for SOL. At present, these SOL have not been transferred out. In addition, the attacker's EVM (ETH/BSC/BASE) addresses have begun to experience abnormal tests, and there has been no large-scale abnormal.
Slow Mist founder Cosine X issued a statement saying that the attacker used the XSS vulnerability of the Cointelegraph website to trick the target user to open the Cointelegraph official website (with XSS malicious script), so: - malicious script loading execution; - The address bar is set to https://cointelegraph [.] com/not-public/drafts/article-1033 at first glance, I thought it was an official unpublished draft; - Sign in with X box; - After clicking Sign in with X, open X's third-party app ...
The founder of Slow Mist, Cosine Yu X, wrote that at around 4 a.m. this morning, various value tokens on the Solana address related to the DEXX attacker were exchanged for SOL. At present, these SOL have not been transferred out. In addition, the attacker's EVM address has not been changed for the time being.
The founder of Slow Mist, Cosine, wrote that the Sui ecological project OceansGallerie (@OceansGallerie) is indeed quite strange. The token pool is too controlled, the total amount of tokens 10 billion OCEANS, Holders is too concentrated, and the tokens have fallen dozens of times in less than a week of issuance. Now the pool is less than 20,000 dollars. The address of abnormal operations is strongly related to the address of OCEANS token issuance. According to X user @tongyiju, Cetus Protocol t...
