KODA
@0xKoda
Followers
1,972
Following
500
Media
222
Statuses
1,238
Cyber Security & Smart Contracts | Vet
Joined August 2017
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
UNRWA
• 219470 Tweets
Kutlu Olsun
• 210355 Tweets
Mustafa Kemal Atatürk
• 173610 Tweets
Yankees
• 147839 Tweets
Maroc
• 76185 Tweets
上垣アナ
• 59736 Tweets
INI THE VIEW
• 58849 Tweets
新シナリオ
• 50991 Tweets
ワイルズ
• 41772 Tweets
Liguria
• 36520 Tweets
Happy Dhanteras
• 33869 Tweets
SB19 IWAGAYWAY ANG WATAWAT
• 31806 Tweets
#SB19ReceivesMurilloVelardeMap
• 31783 Tweets
Atam
• 22665 Tweets
バチカン
• 20488 Tweets
朝ドラヒロイン
• 19793 Tweets
ルーチェ
• 18844 Tweets
HYBE APOLOGIZE TO LISA
• 18571 Tweets
NE MUTLU TÜRKÜM DİYENE
• 18299 Tweets
マイナ免許証
• 16670 Tweets
キャラクリ
• 15894 Tweets
閣議決定
• 15474 Tweets
スライム
• 15130 Tweets
蜘蛛恐怖症対策モード
• 14648 Tweets
JOYSOUND
• 12006 Tweets
Pinned Tweet
This is LLEVM.
Explore the EVM bytecode of a smart contract, decompile it and speak to it via webLLM, entirely local and in the browser.
8
26
120
October 2022 is now the biggest month in the largest year for hacks. As of the 13th, a whopping $718 MILLION has been lost to malicious actors in
#DeFi
per
@chainalysis
reports.
Lets discuss how we can make Q4 safer for all individuals and protocols alike:
4
7
40
Hey
@TGIGFestival_
you can delete us from your discord but unfortunately you cannot delete the irrefutable evidence of your negligence toward your customers.
0
2
31
Find withdrawals from Tornado Cash & Railgun using Laundry!
Following TG channels Storm Watch and Gun Watch, I endeavored to consolidate the data, facilitate searches & present it clearly.
I remain committed to building tools that make hunting threat actors more efficient.
12
5
69
CBDC’s will inherit weaker security through minimal distance to entropy, contingent on tighter controls of the infrastructure.
Expect:
1. More vulnerabilities as a function of time in the market
2. Exploits extracting larger value.
Less energy in = shorter distance to entropy.
1
4
29
@tayvano_
This makes sense, Boeing 777 = 8 filters and recirculating every 2 minutes roughly, maintaining 50% ratio.
737-800 can vary from 1 - 2 filters and recirc every 2-3 minutes.
This boils down to 777 = ~ 68 passengers /filter,
787 = 96 - 149 passengers /filter
Generally Airbus >
4
1
50
Showed a teenager my
@GhibladyMaker
collection on the weekend. They loved it and bought one on the spot, then started coding.
Kids these days..
0
3
21
New day new rug.
@dictumexchange
pulled the wool over many
@arbitrum
projects eyes.
Crypto is a nuanced, fickle thing.
Bring on 2023 and the year of better due diligence.
1
2
24
If you aren’t using Skiff I don’t know what to tell you.
Coming out soon:
@farcaster_xyz
profiles integrated into Skiff aliases - no setup requited ⚡
14
20
144
1
3
21
I built a telegram channel and bot that monitors for withdrawals >100ETH from Tornado.
For web3 security folk, monitoring withdrawals can be an important part of the hunt, so I've decided to share it here.
5
1
18
A pivotal initiative. Sam does so much behind the scenes to improve security in the space.
I'm back, did you miss me? I have some huge news!
Over the last year and a half, I've been working on something big in secret with the rest of the crypto security community. Today, we're finally ready to reveal ourselves to the world. We are
@_SEAL_Org
96
357
2K
8
6
14
There’s so much misinformation being spread throughout CT that VPNs are a viable solution to IP tracing. This is categorically false, both Gvmt and ISPs can see who is using a VPN, and use gateway enumeration to identify source IP address.
Will provide an article soon™️
2
2
19
Yesterday address 0xfa6b7e8709ddbf1a734b463ae9661760d4c438f0 withdrew 3,200 ETH from the Tornado Cash 100E router. This amounted to 32 * 100E withdrawals over a 24 hr period, before ALL the funds were sent back to Tornado cash in a series of 32 Deposits..
3
2
16
Last pass has been breached ... again, I know of at least one DeFi protocol and team that use it. Here are some details:
While passwords were encrypted, Emails were not and credit card info is yet to be seen.
Expect large-scale phishing campaigns to follow.
13
3
16
New name, new theme, new updates.
Retrace consolidates withdrawals from Tornado Cash and Railgun on Ethereum, facilitating efficient hunting. Now with a new theme, transaction hashes linking to
@MetaSleuth
for faster investigations, and search by date.
h/t
@RAILGUN_Project
4
1
17
With the Kyber Network Exploiter's recent transactions we can establish a link to various exchanges.
A Kyber exploiter related address began exploiting a vulnerability related to Thirdweb transferring 455,184,210,526 HXA from 0x…dead onward to
1
2
13
Our second guy was a little more active, having funds spread across Arbitrum and Mainnet, and deploying various contracts since August.
They been cooking for a while..
We experienced a token approval exploit from our new router and have paused our router to contain the issue.
Any funds lost due to the bug on our new router will be compensated. Your keys and wallets are safe.
We will release a detailed response after investigations conclude.
355
244
994
2
3
11
step 4 cont:
I recommend .
@skiffprivacy
provides encryption by default, but also allows you to create multiple accounts and handles. The cherry on-top? Skiff has encrypted cloud and functioning notion replacement. Sign in w/
@keplrwallet
+
@MetaMask
😉
3
2
9
> Deposit into TC
> Waiting.jpeg
> Withdraw from TC
> Transfer funds to the same address that deposited...
> Transfer more funds to a pink drainer wallet
Why waste the time and ETH 🫠
3
0
9
Best privacy platform meets farcaster
First integration now released.
If you email a Skiff user with an address that has a
@farcaster_xyz
profile, the profile info, display name, and picture are auto-populated in Skiff
2
6
61
0
4
12
Crypto users are being targeted through pirated applications distributed via torrents.
The malicious applications facilitate an asyncRAT via port 3309, and once infected hosts a clipboard hijacker which replaces users crypto addresses with those of the attacker when copied to
3
1
11
Well
@farcaster_xyz
has certainly been a smoother on-boarding experience than
@LensProtocol
, really enjoying the UX thus far. Desktop app is smooth as mustard.
Ty
@optimizoor
for the tweet that encouraged me to try it and
@dwr
for helping me jump aboard!
1
0
12
As this exploit was to do with ERC20 approvals, the exploiters wallet currently contains no ETH.
It will be interesting to see how they fund this wallet and if they can execute it prior to USDC being frozen.
OKx Dex was just exploited, with several users losing funds.
Hackers address is 0x1f14e38666cdd8e8975f9acc09e24e9a28fbc42d
The first victim transaction is 0x37ef37adf6f25438fa6011632749d68e12879952fa7f68c6d0c183a16de9c1bf
This victim unfortunately lost >15kUSDC
2
1
5
2
3
9
The OKX exploiters' address was eventually funded from 0xeb982159ec32b601b6201a0553a05745a14e8f6c at transaction 0x4c3cfdf935aef79d46510c86bad7c5099dc7ca04d5d002ba1f9abd05769132c5.
The second okx exploiter wallet 0xFacf375Af906f55453537ca31fFA99053A010239 rx'd funds via
As this exploit was to do with ERC20 approvals, the exploiters wallet currently contains no ETH.
It will be interesting to see how they fund this wallet and if they can execute it prior to USDC being frozen.
2
3
9
1
2
10
Seems there is a demand, so I will release.
@GMX_IO
report is done, next up is
@Buffer_Finance
as I try to prioritize the
#RealYield
protocols first.
Which protocol should I do next? 👇
Been doing some SWOT analysis of popular DeFi protocols, who’d be interested in seeing these publicly?
Views my own, ofc
4
0
10
2
0
11
Been doing some SWOT analysis of popular DeFi protocols, who’d be interested in seeing these publicly?
Views my own, ofc
4
0
10
Built another telegram bot monitoring withdrawals from Railgun on Ethereum.
I remain committed to building tools that make hunting threat actors more efficient.
Both the Railgun monitor channel and Tornado monitor channel are linked below.
3
1
9
Calling all DeFi Detectives and on-chain sleuths! This tool is for you.
Speed up your investigations with Defi Detective, a browser extension made by yours truely. No more copy and pasting, just install, highlight and click.
1
3
9
Attempts to categorize APTs based solely on their technical prowess often fall short. The varied tactics and methodologies defining APTs call for a more nuanced understanding, one that cannot be aptly captured with simplistic, broad-brush approaches.
1
0
6
More interesting behavior following withdrawals from the TC 100E pool.
> 7 Addresses withdraw 100E each.
> Route through a dummy "WETH" contract
> Followed by an address that withdrew ~2800E in Nov
> Route 200E on-wards to addresses that deposit to Fixed Float and Mexc.
7
1
0
7
Web3 is not immune to Web2 vulnerabilities. Following the Velodrome FE compromize I created another TG channel to monitor select Web3 frontends for indicators of compromize.
1
0
6
Reminder to revoke old token approvals!
0x..3cDf0 Is deploying contracts that exploit and extract ERC20 tokens vulnerable to often predisclosed vulnerabilities and sending those tokens directly to the NFT Trader Exploiter.
Recently seen with uboost and swap0x
0
3
8
With these three addresses combined, the total withdrawal was 8000E, valued at $23.8 Million US.
Another URL to watch, using the same script
tornado-cash[.]com.
Over the last 3 days, the following addresses dominated 100E pool withdrawals:
0xfa6b7e8709ddbf1a734b463ae9661760d4c438f0
0xe901dea7a92dadb188626feb62ea475897e61f8c
0x3ba4fd5124479a7d21e9540bd8d8568121a68bd0
1
1
6
0
2
10
@bantg
Original post
Well, shit.
Encrypted traffic interception on Hetzner and Linode targeting , the largest Russian XMPP (Jabber) messaging service.
The instant messaging have been wiretapped for 3 months, on both hosting providers in Germany.
32
285
759
0
0
7
List of businesses affected by the
#optus
outage:
- Melb Metro rail
- ACT Government (phones)
- Royal Melb Hospital
- Budget Direct
- Western Syd University
- Virgin Australia (Velocity call-center)
- Commbank
- ANZ
- Tafe QLD
- Speech pathology Au
- Long seed & grain
More .👇
1
3
9
The key takeaway here is to remain vigilant and practice good OPSEC. This includes limiting behaviors that are conductive to effective phish campaigns:
1. Stop using password managers, rather, keep air-gapped records using your own obfuscation technique
2. Stop using LinkedIn
2
0
8
No mud, No lotus 🪷
2022 has exposed the mud in Defi, so the true lotus flowers can push through the surface.
Secrecy, lack of transparency and complete disregard for retail investors and employees serve no purpose moving forward.
I’m optimistic for 2023.
1
0
9
OKx Dex was just exploited, with several users losing funds.
Hackers address is 0x1f14e38666cdd8e8975f9acc09e24e9a28fbc42d
The first victim transaction is 0x37ef37adf6f25438fa6011632749d68e12879952fa7f68c6d0c183a16de9c1bf
This victim unfortunately lost >15kUSDC
2
1
5
The little contract that could:
4 days ago, 0x..87611 deployed a fake "WETH" contract 0x..fe26 after receiving funds from Fixed Float. This contract has since processed >800 ETH in deposits, these deposits come from a series of wallets that withdrew from the 100E pool over the
1
0
7
@DarknetDiaries
@JackRhysider
@naomibrockwell
At the end you mention you’ve ditched android and switched to a “privacy phone” ? Is it graphene OS?
1
0
1
The day we do away with SMS 2FA is the day the internet becomes a safer place.
1
0
7
Me: I'd like some yield on my $ARB, thanks.
Her: Low IL, No IL, Incentivized rewards, single sided staking, concentrated liquidity, non-inflationary yield, locked liq or escrowed tokens?
Me: I just want yield that tastes like real yield...
1
0
8
The rUSDCn market seems to be exploited, with the hacker deploying a contract to take advantage minting new rUSDCn, and swapping rUSDn for USDC.
(From first glance, am on phone)
1
1
6
Pretty aggressive phishing campaign happening right now, with an army of bot accounts link spoofing to appear as
@ArkhamIntel
when in reality the link goes to a separate fake account @ ArkhamIntelDAO, promoting a fake phishing site. Do not click!
0
0
5
@code4rena
Thank you for sharing the incident report, have added it to my Socials IR resource list.
1
0
7
For crypto to prevail long term we need to solve for Web2 issues. Users should not get rekt from issues on the front-end. After tackling this issue I blv the most efficient solution is wallet providers map & check url <> contract prior to signing TX.
Let’s promote a discussion.
1
0
6
@ShieldifyAnon
Finished this last year, it comes with a book, be sure to support the author . It also isn't for beginners to Rust.
0
0
7
Interesting behaviour
2
0
6
We have the perfect domain provenance technology in blockchain, the question is how do we apply it to prevent the impact of DNS takeovers?
2
1
6
Watching Railgun withdrawals via Gunwatch:
0x..6e3dd received 193.6ETH from Railgun, before bridging to Arbitrum, then bridging back to Mainnet & leaving the funds split between 0x..ABc61f & 0x..6D4B1.
1
0
4
Man won’t stop
🚨ALERT🚨Our system has detected an abnormal transaction related to the
@KyberNetwork
exploiter.
The address funded by the
@KyberNetwork
exploiter has received $50M worth of $HXA from the 0x0..000dEaD $ETH address using transferfrom function! 🤯
Address: .
5
25
99
1
1
4
Ported the Defi Security resource list over to mirror.
1
2
6
Observed remote Address 104.16.85.20:443 from
https://cdn[.]jsdelivr[.]net/npm/@ledgerhq/connect-kit@1
🚨🚨🚨 RED ALERT 🚨🚨🚨:
Do not interact with ANY dApps until further notice. It appears that a commonly used web3 connector has been compromised which allows for injection of malicious code affecting numerous dApps.
509
3K
6K
0
0
5
open connection to 224.0.0[.]252:5355 linked to an Infostealer campaign istributing LUMMA malware.
0
0
4
@crypto_condom
@Tendeeno_
Nice! Could use someone with such skill for UI design in the coming weeks.
2
0
6
1
0
6
Below are
#Lazarus
related and some
#Bluenoroff
activity, some are old but not otherwise tracked.
#Bluenoroff
campaigns have targeted MacOS devices and the crypto industry. They have also expanded to telegram, the latest post by
@AlexMasmej
explains how they were targeted.
0
0
7
An address with several CEX withdrawals sent 1,353 USDC to NFT Trader Exploiter earlier this month.
2
0
5
Most DeFi protocols lack incident response plans. So a few weeks back I began developing generic DeFi incident response plans that may serve as a starting point for the little guys. It started as a hobby & I called them DIRP's. I've now recognized their value so sharing here.
1
0
5
@RonniSalt
Hypocrisy is apparent when the shoe is on the other foot, those who once wielded power find themselves at the mercy of the very tactics they employed. The coordinated campaign is a testament to the ruthlessness and the lengths to which some wil go to maintain their grip on power
0
0
6
Watching addresses like this one withdraw from TC and directly deploy rugs on base.
0xA6950a664FBF5F63697F39Ce2A545B24fA80346d
1
0
6
While global tensions are rising it is incredibly important to block advertising on all devices, and preferably, at the router. Expect the widespread distribution of “malvertising” to increase over the coming weeks.
1
0
5
This blog dives into reverse engineering the dll, be sure to use google translate.
0
0
4
@CanteringClark
@UmamiFinance
The most forward-thinking team in DeFi IMO. They apply prudence and care in all undertakings, and do not hesitate to iterate on product launches. Completely transparent and communicate regularly.
They are ushering a new standard for both retail and institutional investors.
0
0
5
If it is anonymity you seek, endpoint obfuscation and telemetry minimization should be your priority.
I have tirelessly provided a free and OS solution for this, which has had little uptake (I have no affiliation with the service, but wish to see frens protected).
2
0
5
Have an amazing holidays.
Embrace family and share kindness.
Give yourself permission to switch off.
0
0
4
Isn’t this a sneaky one, imitating a video but sending to a drainer. Be careful out there.
+ Bonus tip: while it won’t work for Twitter, NextDNS (free) with HageZi blocklist will block most ads being served to you day to day. Fighting malvertizing is a never ending battle.
1
2
3
2
0
5
@crypto_noodles
@crypto_condom
@GMX_IO
Seriously? He has no team. One of the most respected and honest people in Defi, worth having on your side. Glad people can watch you act like this in public, only will reaffirm their fears.
0
0
5
3. Compartmentalize email addresses, providers like Skiff allow the use of aliases for online services, leverage this.
4. If you are a DeFi protocol, listen to the recommendations of your CISO, they preemptively assess risks such as these, do not downplay the impact.
1
0
4