
According to on-chain analyst LMKFUN, Bybit attackers are exchanging ETH for DAI through multiple decentralized exchanges, including OKX decentralized exchange. The data shows that the attackers have transferred about $3.64 million worth of Ethereum to another address, and conducted two-way transactions and transfers of DAI tokens at that address.
Slow Mist Cosine said that it has followed up the Infini hacking incident for the first time. The attacker is very technical and understands smart contract operations, so it is possible to steal the funds in its Vault and related strategies with a private key, stealing twice: 11,455,666 USDC and 38,060,996 USDC.
CAT Protocol sent a letter to the protocol attackers on the X platform, saying it has gathered significant leads about the attempted attack and is working with security companies and law enforcement agencies such as SlowMist to track down and hold those responsible accountable. If the attacker's intention is to expose the vulnerability, encourage responsible and ethical engagement and contact via email, CAT Protocol is willing to reward such disclosure within the scope of the policy.
According to MistTrack, the DEXX event attackers are currently exchanging assets and bridging to Ethereum, as of now: There is still a balance of $620,000 in the 0xFFB9 address, which is distributed across the Ethereum and BNB chains and the Base chain. DEXX hackers have transferred 6212.4 ETH to Tornado Cash.
According to Scam Sniffer, most Solana wallet attackers actively use third-party domains to bypass the wallet blacklist. (For example, register an expired DAPP domain, now exploiting XSS vulnerabilities). If you see a DAPP pop-up with a second window (or redirect) asking to connect in another window, double check that it is secure.
ZachXBT, a detective on the chain, wrote on the X platform: "Radiant attackers have been long ETH on Hyperliquid through multiple addresses and have made about $600,000 so far."
Slow Mist founder Cosine Yu X confirmed in a post that DEXX attackers are collecting scattered stolen funds on Solana and splitting them from the collection address. Some of them are starting to use Wormhole cross-chain services to cross assets to addresses starting with Ethereum 0xffe224e.
The founder of Slow Mist, Cosine Yu X, wrote that in the early morning of this morning, various value tokens on the Solana address related to the DEXX attacker were exchanged for SOL. At present, these SOL have not been transferred out. In addition, the attacker's EVM (ETH/BSC/BASE) addresses have begun to experience abnormal tests, and there has been no large-scale abnormal.
SlowMist Cosine revealed on the X platform that the DEXX attacker started testing the token exchange ETH operation of the EVM chain half an hour ago.