Blockfence
@blockfence_io
Followers
2,312
Following
99
Media
348
Statuses
1,105
Investigation and protection layer for wallets, exchanges and enterprises against scams and fraud.
Joined January 2023
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
Al Smith
• 301793 Tweets
Monsalve
• 232247 Tweets
Catholic
• 129858 Tweets
Watch SA TrueStory YouTube
• 97964 Tweets
Anton
• 83367 Tweets
Boric
• 76845 Tweets
MINQ IN LOVE
• 55151 Tweets
日本シリーズ
• 52400 Tweets
#الهلال_الفيحاء
• 51861 Tweets
#bebekkatilleri
• 51729 Tweets
#ドラゴンボールDAIMA
• 25168 Tweets
Jesus is Lord
• 21942 Tweets
危険運転
• 19329 Tweets
AFFAIR HAPPY ENDING
• 19094 Tweets
Ginés
• 18377 Tweets
TXT OUR STARRY KNIGHTS
• 16910 Tweets
Pinned Tweet
🚨 MASSIVE $32M RUG PULLS OPERATION UNVEILED 🔒
We are sharing an investigation conducted by our team, which resulted in:
- More than 1.300 different token rug pulls
- More than $32M stolen
- More than 42.000 victims
- Novel techniques used to avoid being detected
A thread 🧵 ...
17
73
258
⚠️Important:
#Sushiswap
has been hacked 🍣
If you were interacting with the $SUSHI protocol, you *must* REVOKE access on
#Metamask
immediately. How to check and revoke - follow our guide in the first comment.
2
5
55
🚨0day & zero-click potential exploits on Telegram and iMessage 🚨
Last week, an exploit for Telegram was published that allowed RCE (Remote Code Execution) on the attacked device simply by sending it a message with a malicious attachment. It is called a zero-click attack because
2
9
33
Another day, another scam.
This time the scammer targeted the
@EthereumDenver
website. Blockfence is here to protect you and fight scammers together: The scam contract was marked as "High Risk" by our ML algorithm and our partners at
@GoplusSecurity
6
12
33
🚨Phishing Alert🚨
Phishing campaign targeting Starknet users, announcing a fake airdrop and linking to a malicious website to claim rewards.
- Malicious URL: strklabs .net
Attacker uses beehiiv newsletter service, so emails arrive directly in the inbox bypassing filters.
8
12
28
🚨Phishing alert🚨
There's an ongoing phishing campaign impersonating Uniswap, alerting about a critical security update and inviting the user to revoke approvals in a malicious website that drains users' assets (revokuni . net).
This campaign bypasses spam filters. Do not
5
14
25
🚨 APPLE URGENT UPDATE:
Apple has released updates for macOS, iOS, iPadOS, tvOS, and watchOS due to security vulnerabilities being actively exploited. Update to these versions ASAP:
- iOS 17.2.1
- iPadOS 17.2
- macOS 14.2.1
- tvOS 17.2.
- watchOS 10.2.
2
10
30
Last week, Mark Cuban's wallet was hacked for about USD 850K. What happened and what simple security measures can we take in order to avoid these risks?
Let's see them one by one👇
1
6
28
🚨Axie Infinity's co-founder
@Jihoz_Axie
hacked 🚨
Wallet compromised for 2.790 ETH ($8.37M)
Funds are being moved to Tornado Cash right now
5
5
24
🚨 Millions of dollars are being stolen daily due to private keys mismanagement.
🔑 How do they work?
🔏 What measures should you take to avoid getting hacked and having your wallet drained
A thread about this ...🧵
1
12
24
Check out the investigation we did teaming up with the
@FortaNetwork
team about NFT sleepdroping.
NFT 'sleepdrops' have drained $11.5 million from Ethereum users
15
3
27
3
2
18
🚨Chainlink phishing campaign🚨
There's an ongoing phishing campaign impersonating
@chainlink
promoting a fake airdrop that drains wallets
- Email service: Brevo
- Domain: chalnlink-drop . com
- Registrar: cosmotown
- Domain creation date: 11/03/2024 (today)
4
4
23
⚠️ IPHONE & IPAD SECURITY UPDATE ⚠️
iPhone and iPad users must update their devices to iOS and iPadOS 17.4 right now. Between the improvements, they are fixing 4 vulnerabilities of which 2 are being actively exploited by attackers.
This does not affect MacBooks.
3
8
20
⚠️Fake Rabby wallet in Apple Store ⚠️
Be extremely careful when downloading new apps to your phone. Even Apple Store has malicious fake apps, that drain your assets.
4
8
20
Security alert: phishing emails impersonating Trezor are being sent out using trezor real domain (trezor . io). This happens one week after Trezor alerted that customers' emails had been exposed due to a breach in their support ticketing system.
3
9
19
🔓The
@FortaNetwork
& Blockfence discovered a new type of sophisticated scam flow triggered by NFT sleepdrops. There are already over 500K addresses who received the drop, and over 20K confirmed victims. The verified amount of stolen funds crossed $11.5M
0
5
20
🔐 Telegram scam investigation 🕵️♂️
Our team has recently discovered a rug pull scam involving the deposit of around 300 ETH of stolen funds into Biget and Bybit. It has been discovered that fraudulent activity was carried out through the Telegram “NoLiquids”.
Small thread 🧵..
3
3
19
$1M loss (492 $ETH) following one mis click. We feel sorry that the victim hadn't used Blockfence:
$ETH holder just got rugged for $1.04mn
> Holding 492 $ETH since last 5 years
> No Defi, no NFTs, no farming, no interaction to any contract
> Tries something new for first time & gets rugged by "ClaimReward"
302
200
1K
0
8
19
Note a new type of "approval" scam: A fake $BUSD token was reported to send an "approval" notification. Removing those "fake approvals" as they don't exist will grant access to steal victims' funds.
1
4
16
We're proud to work closely with
@FortaNetwork
to increase the end-to-end protection Blockfence Extension users receive
How does Web3 defeat scams? 🤔
By having critical infrastructure integrate Forta monitoring 🤖✅
@blockfence_io
gets it. Their team is now working with Forta to bring threat intelligence to the masses via their open-source, community-driven browser extension
1
4
21
0
5
16
🦭 After Wargames, Whitehat Safe Harbor Agreement, and SEAL 911;
@_SEAL_Org
keeps delivering! Check out this new initiative to consolidate threats and research data in a single tool: SEAL-ISAC 👇
Today, we're launching the latest
@_SEAL_Org
initiative, and it's going to change crypto security forever. It's called SEAL-ISAC, and this is why we need it
85
215
917
2
2
15
Attention anons heading to
@EthereumDenver
this week! ❄️
Join us at
@GoPlusSecurity
User Summit.
Our CEO
@OmriLahav5
will be speaking with Eskil Tsu,
@maikaisogawa
(
@mywebacy
),
@dumatoma
(
@0xKekkai
), and
@DCbuild3r
(
@worldcoin
) about Decentralization in Web3 Security.
1
3
13
🥳 We're excited because Blockfence v0.4.1 is out!
What's new?
👀New design
🔎You can now look up, not only smart contracts, but also URLs
🧠 Improved ML algorithms for detection of phishing attacks
🛡️Check below how Blockfence protects YOU and get it at:
2
6
15
🔒 What is a Sim-swap attack? How do we avoid it?
Millions of dollars are lost weekly due to this kind of attack, which keeps growing.
Let's understand how it works and what we can do to stay safe. A small thread 🧵...
1
4
16
🔐 Whitehat Safe Harbor Agreement - by Security Alliance (SEAL) 🦭
The Whitehat Safe Harbor initiative is a framework in which protocols can offer legal protection to whitehats who aid in recovering assets during an active exploit.
So, let's dig a bit deeper into it. 🧵
2
6
14
🚨 ENS Email Phishing Alert🚨
There's an active email campaign targeting ENS domain owners regarding the expiration of REAL domains.
- Sender: Ens. domains Renewals <track-identity
@hotmail
.com>
- Mailed-by: eu-west-1 .amazonses.com
4
6
13
We just launched Blockfence v.0.3.1, and from now on, users interacting with
@0xPolygonLabs
@optimismFND
@BNBCHAIN
(BSC)
@arbitrum
and
@avalancheavax
networks are also protected by Blockfence!🙌
2
4
14
1/ It was recently found out by
@CertiKAlert
that BlockGPT or $AIBGPT is a pure scam, after 816 BNB (~$250K) from its pre-sale contract were just deposited into
@TornadoCash
. However, this scam project even received attention from Bloomberg! Why? and what you must spot? ->>
3
8
13
We are very happy to announce 🛡️Blockfence for 🦊Metamask Snaps!
What are snaps? How can I install them? How do I use them?
A quick overview 👇
3
3
14
Last week we joined this great panel at "User Security Summit" in Istanbul with
@NikitaVarabei
from
@ChainPatrol
, Yi Zhang from
@chaintooltech
and İzzet Elpeze from
@GoPlusSecurity
, where we talked about user security data and the challenges we are focusing on!
Panel Time on "User Security Data: Defining The Fundamental Elements" 🚀🚀
1
0
7
0
2
14
🚨 Balancer has been exploited for more than $2M. How did this happen and what measures should users take to avoid these risks?
A small thread... 🧵 1/8
1
2
13
🐛 What is Address Poisoning and how should you protect from it?
Follow us on this short thread! 🧵
3
3
13
Let’s analyze step by step how the scam works with one of the thousands of cases. For this example, we will use a fake token they created called “Blockfence.” Yes, Blockfence, like our company's name 🤦🏻♂️
1
1
12
Radiant Capital has been exploited for 1.9K ETH ($4.3M) on Arbitrum. The team has just reached the exploiter with the message:
"Hey, we wanted to reach out about the bug you exploited today. Well done on finding it! We're assuming you've did this exploit as a white or greyhat
4
3
12
🔐🌐 Zk proofs is a technology that is changing the meaning of online privacy and security. With them, we are heading into a revolutionary breakthrough. Imagine being able to confirm the truth of a statement without spilling any other details.
Let´s dive in 👇
1/20
1
4
11
🚨 Centralized exchange HTX (formerly Huobi) has been hacked and lost 5,000 eth ($8M dollars). The stolen funds have been covered by HTX and no user's funds are at risk.
4
0
10
🚨 HACK ALERT 🔐
Orbit Chain Bridge has been hacked for more than $81M.
- $30M USDT
- $10M USDC
- $10M DAI
- 230 wBTC
- 9.500 ETH
6
1
11
🚨 Velodrome's frontend has been compromised. Do not interact with it until further news from the team on their official channels.
1
3
11
Blockfence is at Devconnect in Istanbul! Wanna have a chat about how to make the ecosystem more secure? Ping us!
2
1
10
🧵 Have you stumbled upon the acronym 'MPC' and wondered what it's all about? 🤔
MPC stands for Multi-Party Computation, an original approach in computing that's revolutionizing data privacy
In this thread, we will explore how is transforming the way we handle sensitive data 👇
1
1
11
It does this by using a specific and already hardcoded number (183232389747193719218) along with the total supply (10.000.000.000), which is cast into an address datatype, which provides the administrator with the desired address.
1
1
10
1/ 🗝️ What are Passkeys?
Passkeys are a revolutionary approach to digital security designed to replace traditional passwords. They use cryptographic techniques to authenticate users, offering a more secure and user-friendly experience.
Let's dive deeper into this short thread 🧵
1
0
11
Thank you to everyone who joined us at "2024 before 2049" in Singapore during
#Token2049
! 🇸🇬
It was a wonderful evening with an amazing panel, drinks and both old and new friends! 🥂
None of this would have been possible without our partners
@geek_cartel
,
@salus_sec
,
1
2
11
We are very proud to have joined
@_SEAL_Org
in order to make the ecosystem a more secure place!
Kudos to all the people dedicating endless hours to this endeavor. 💪
I'm back, did you miss me? I have some huge news!
Over the last year and a half, I've been working on something big in secret with the rest of the crypto security community. Today, we're finally ready to reveal ourselves to the world. We are
@_SEAL_Org
96
357
2K
1
2
11
Pablo, our Head of Security Research presented today at User Security Summit in Istanbul
Unmasking the Connections: The Power and Necessity of Web3 Mapping
Pablo Sabbatella
@PabloSabbatella
Head of Security Research, Blockfence
@blockfence_io
0
2
14
0
2
10
"Machine learning is used to make Blockfence continually smarter, while community-supplied data also expands its knowledge base. As crypto defensive tools go,
#Blockfence
is one of the best all-rounders on the market." Thanks
@CoinGapeMedia
3
1
10
🥳Introducing Blockfence Web: Want to look up🔎 the risk score and information about any smart contract or URL? From now on, you can do it directly from our website. Give it a shot at ->
0
5
9
You can check the complete article with the full investigation, including the tracing of funds between Ethereum, BSC, Arbitrum, and Binance, here >
3
0
10
Join us and our friends discussing AI and Web3 security!
Tomorrow at 1pm EST, join
@Solidus_Labs
’s
@CoolestAK87
,
@blockfence_io
’s
@OmriLahav5
,
@HatsFinance
’s
@0xAngler
,
@ColliderVC
’s
@0xidanlevin
, and Forta’s
@cseifert
4
6
18
0
4
10
🚨 Phishing campaign alert 🚨
There is a massive ongoing campaign impersonating ZKSync, promoting an airdrop that leads users to a fake website. Once the user connects their wallet, the site drains their funds.
As we have mentioned over the past few weeks, phishing campaigns are
2
3
10
🚨 Decrypt newsletter account has been compromised
Do not click on any links regarding a $DECRYPT airdrop.
1
4
9
1
3
8
Honored to take part alongside
@MetaMask
,
@francescoswiss
, and other great partners. Already looking forward to hearing what
@VitalikButerin
has to say 🙌
Presented by
@Consensys
@MetaMask
@zkLink_Official
@blockfence_io
@MetisDAO
@etherspot
@fuel_network
@ForesightVen
@get_brunch
@alt_layer
@pimlicoHQ
@argentHQ
@biconomy
@safe
@1inch
@hoprnet
@BloctoApp
and others! 🙏🙏🙏
5
6
26
1
3
9
Our Singapore 2024 Before 2049 event is taking place today!
Will 2024 bring in the next hype? Join us for a panel moderated by
@francescoswiss
-
@Consensys
,
@MetaMask
.
Details
0
6
9
Keep up to date regarding security, these are some of the accounts we follow and recommend:
@officer_cia
,
@zachxbt
,
@Mudit__Gupta
,
@lopp
,
@Jon_HQ
and
@blockthreat
.
1
1
9
🔓 Linear Finance has been exploited and it's stablecoin $LUSD collapsed to zero.
What happened? A short explanation 👇
1
1
8
🚨 Telegram no-click exploit on the wild 🚨
There's a potential Telegram vulnerability allowing an attacker to exploit Telegram mobile and PC clients sending a file to the victim, which is auto-downloaded and infects device.
Step by step on how to secure your Telegram 👇
2
3
8
We have partnered with Dappradar to provide users with a comprehensive explanation of the functionalities behind every smart contract, using our ML engine 🤖 . Try it!
📡 At DappRadar, we leverage AI and machine learning broadly. For PRO users, we've collaborated with
@blockfence_io
to offer a feature that uses generative language AI for easy explanations of contract functionalities.
Check it out on
@ApeBond
page 👇
4
13
28
3
1
8
🔐 January 2024 - Blockchain Security Report 📊
Check out our monthly security report on what happened during the first month of the year.
Here you have a brief summary or you can also download it (link in last message).
Let's go! 🧵...
1
3
9
🎙️ Tomorrow, we will be hosting the first live Space of the "Blockchain Security series" with a special guest:
@officer_cia
, and our host
@PabloSabbatella
. We will be talking about physical & on-chain OpSec, current threats, drainers, and more!
Link in the first comment! 👇
2
3
9
🔒 Blockchain Security Report - November 2023
November has emerged as the second most significant month of the year in terms of lost funds, with a total of $369M.
Come with me and let's see in more detail what happened.
Small thread 🧵
1
2
7
-
@PabloSabbatella
, our head of Security Research, presenting at
@EtherArgentina
, Mendoza edition.
0
2
9
Blockchain Security Series 3: Taylor Monahan (Security researcher - Metamask)
0
0
7
In this new era, we start to realize that much of our personal information is not as private as we think. From social media interactions to public records and beyond, our digital lives are visible under the lens of OSINT.
Do you know how much the world knows about you? 🕵️♂️💻
2
3
8
Since April 2023, this scammer has executed over 1200 rug pulls (and continues to do so.) In this picture, we can see some of the money being pulled from one of their addresses.
4
0
7
1/14 🧵
In a previous thread, we discussed MPC (Multi-Party Computation) technology and how it solves the problem of revealing some information while keeping input data absolute secret.
You can read it here:
Today, we continue exploring this technology
🧵 Have you stumbled upon the acronym 'MPC' and wondered what it's all about? 🤔
MPC stands for Multi-Party Computation, an original approach in computing that's revolutionizing data privacy
In this thread, we will explore how is transforming the way we handle sensitive data 👇
1
1
11
1
1
8
Announcing
@DappRadar
Smart Contract AI Explainer 🤖 by Blockfence:
This feature, included in Dappradar Pro, explains code in simple words, allowing users to gain a deeper understanding of smart contract interactions!
2
2
8
Metaverse Post featured Blockfence as one of the top 10 leading crypto extensions🏆
@MetaMask
@CoinbaseWallet
@coinbase
@keplrwallet
@Ledger
@okxweb3
@okx
@bitski
@exodus_io
@blockfence_io
@CoinStats
🔗 Discover these top crypto extensions and their unique features in our comprehensive guide:
🚀📘
0
0
12
1
2
8
Kyber network has been exploited for $48M on Arbitrum, Optimism, Ethererum, Polygon, Base and Avalanche
1
3
8
🔐 The Securities and Exchange Commission's Twitter account was compromised and published a fake message announcing the approval of the
#Bitcoin
ETF.
0
3
8
⚠️Warning⚠️ A new reported
@telegram
hacking vector:
A contact of yours with whom you shared your phone number in telegram settings will contact you randomly asking something stupid ->
1
6
8
🔐 iPhone users: update to iOS 17.3 and activate this new "Stolen device protection"
This will add a new layer of protection when you are away from home and work.
1
3
7
.
@PabloSabbatella
presenting Blockfence's mapping tool at
@GoPlusSecurity
"User Security Summit" in Istanbul last week.
1
2
7
⚠️ ALERT ⚠️
Rocket pool X account has been compromised. There is no vulnerability being exploited. Do not click on any links from the X account.
0
2
7
The Blockfence engine detected $39.85M out of $40.93 total relevant compromised funds. This does not include compromised private keys and centralized exchanges, which can not be detected.
1
0
8
1/16🧵
Today we are going to address one of the fundamental models in the world of cybersecurity🛡️: The CIA Triad
Join us in this journey through Confidentiality, Integrity, and Availability👇
1
2
8
🚨 PHISHING ALERT 🔐
A phishing campaign impersonating Manta Network drives victims to a supposed airdrop campaign, which drains the user's wallet. The email bypasses Gmail filters and lands directly in the inbox.
2
2
7
Today our CEO Omri Lahav talked at the Fintech Junction conference @ Tel Aviv.
@OmriLahav5
discussed the future of
#Web3
security and the security lessons we should learn from fintech.
1
2
8
🚨 EXPLOIT ALERT 🚨
Socket is being exploited right now.
Revoke approvals ASAP.
RT
1
4
7
6/ OpenAI CEO
@SamAltman
has previously confirmed on the
@DailyMailUK
significant issues with ChatGPT, with a bug allowing some users to snoop on others' chat histories. This new CVE revelation raises more questions about the platform's data security.
1
0
7
🔐 March 2024 Blockchain Security Report
March was a quiet month with a relatively low amount of stolen funds ($124M vs. $398M in Feb), even more so when considering that $62M from Munchables was returned by the attacker, lowering the total losses for March to $62M.
Thread 🧵 >
2
3
8
Overview: This scammer created thousands of tokens automatically, using interesting techniques:
- Faking token max supply
- Burning of users' tokens
- Infinite minting for admins
- LP tokens lock
- "Verified" contracts"
- Hidden contracts
- Renouncing the contract's ownership
1
0
7
🚨 Fixed Float has been exploited for 1.700 ETH (USD 4.76M)
Drainer address: Drainer address: 0x85c4fF99bF0eCb24e02921b0D4b5d336523Fa085
First reported by
@reprove
2
2
7
🚨 Hope Lend has been exploited for $830K (526 ETH)
The attacker was front-run by a bot, which paid 263 ETH of bribe to the validator and kept the proceeds of the attack.
More info 👇
1
2
8
⚠️Warning⚠️
@PeterSchiff
's twitter got compromised. Scammers are using it to promote a fake $GOLD presale. However, note that a presale smart contract is likely not an EOA (Externally Owned Account) as been detected by Blockfence. Confirming this tx would lead to a wallet drain!
1
5
8
We have a new website!
And we welcome everyone to check it out and learn more about Blockfence -
2
3
8
⚠️ Be careful with this new type of scam.
Scammers are registering ETH addresses as ENS domains in order to confuse users when sending transactions through Ethereum Mainnet. 👇
first time I've seen this scam, so posting it as a heads up for users and interfaces
someone bought the ens "[myEthereumAddress].eth"
so when you paste in my address, the top result in some UIs is an ens match instead of the resolved ENS name
impt for UIs to filter these out
144
455
2K
4
2
8