The Dolomite Exchange suffered an exploit of its old contracts on Ethereum, resulting in a loss of approximately $1.8 million in USDC. The attackers utilized a loophole in the TradeManager contract, bypassing reentrancy guards and exploiting the batchTransfer function of the TradeDelegate contract. This allowed them to transfer tokens approved to the contract from users, leading to a loss of ~$1.9m. In response, Dolomite confirmed that the hack did not impact their current product on the Arbitrum chain. Additionally, the AirDAO team reported a theft from their AMB/ETH Uniswap pool, losing 35.2 million AMB tokens and 125.51 ETH (totaling approximately $880K) due to a social engineering scam. Efforts are underway to identify the hacker and retrieve the stolen funds. Meanwhile, a wallet associated with BlackRock's new institutional crypto fund received 0.97 unsolicited ETH via Tornado Cash, potentially creating legal issues. This incident underscores the vulnerabilities and regulatory challenges within the cryptocurrency ecosystem.
1/ A wallet associated with BlackRock’s onchain BUIDL fund was dusted with 0.97 ETH that had passed through Tornado Cash, a U.S. government sanctioned entity. Dust attacks involve sending unsolicited tokens for the purpose of scamming, doxxing, or simply memeing. https://t.co/p6aBjXnWI6
📥 A wallet associated with Blackrock’s fund received Tornado Cash-dusted ETH. 💫 @carlosdomingo has a suggestion for an Ethereum Improvement Proposal that could prevent these situations for other institutions wanting to use Ethereum. Listen now: https://t.co/l9MC2actY5 https://t.co/fE7FYqd7eb
AirDAO exploited via social engineering attack March 20, 2024 https://t.co/SpUsMzvhY0 https://t.co/Tb8mvYxMFN
Exploiters who hacked Heco Bridge laundered the stolen assets through the controversial cryptocurrency mixer Tornado Cash https://t.co/CQWPa1GstO
Here’s another #ImmunefiAnalysis for one of the hacks in early 2024: On Jan 13, 2024, @Wise_Token was exploited for 178 ETH ($466k). This is a novel attack vector, in which the attacker used the protocol's own rounding logic to manipulate share price and incur bad debt. https://t.co/WhFh3dPvKZ
JUST IN: HECO BRIDGE HACKERS SEND $145 MILLION WORTH OF $ETH THROUGH TORNADO CASH $TORN
Heco Bridge exploiters launder over $145 million in ether via Tornado Cash https://t.co/pxXfeTXftl
🚨 A #HECO Chain exploiter anonymized ~40,392 $ETH using Tornado Cash, aiming to obscure $145.7M in stolen funds. @peckshield reports 19 transactions in 8 days to Tornado addresses, with most funds to a single address. https://t.co/PtuN6NXPCq
#PeckShieldAlert As of today (22 Mar. 2024, UTC), #HECOBridge exploiters - labeled addresses - have transferred ~$40,391.8 $ETH (equivalent to ~$145.7m) to #TornadoCash within the last 8 days https://t.co/ZfrDvbRQCm
#PeckShieldAlert #Phishing endian.eth has fallen victim to a phishing, resulting in a loss of 5 #NFTs, including #Azuki #4222 (LAST SALE: 13 $ETH) & #Beanz #11594 on #blur https://t.co/ueBKsZTstm
#PeckShieldAlert #FTX / #Alameda - labeled address has transferred ~1.5K $ETH (worth ~$5.23m) to 0xCeF8...4003 & ~100K $HT (worth ~$85.5K) to #FalconX https://t.co/glncpwfTpB
Dolomite exchange exploited for $1.8 million March 20, 2024 https://t.co/wk4tVX6p6d https://t.co/N4cJhz0INW
Blackrock wallet getting dusted with Tornado ETH lmao man this kind of shit is exactly what the early Internet felt like
CORRECTION: A wallet associated with @BlackRock's new institutional fund received 0.97 unsolicited ETH via Tornado Cash within hours of the fund launching; the wallet was not controlled or owned by BlackRock itself.| @httpsageyd reports https://t.co/xAtU5Xrte4 https://t.co/OZlASxujWD
CORRECTION: A wallet associated with @BlackRock’s new institutional fund received 0.97 unsolicited ETH via Tornado Cash within hours of the fund launching; the wallet was not controlled or owned by BlackRock itself. @httpsageyd reports https://t.co/nhSi4qkctI https://t.co/nDbfcmlcU2
BlackRock getting sent 0.97 ETH via Tornado Cash is great This will force the boomers in charge to fix the OFAC rules The most bullish outcome
Whoever dusted the Blackrock account with Tornado Cash’d ETH is hilarious. 👏🏼
🌪 .@BlackRock’s new institutional crypto fund received 0.97 unsolicited ETH via Tornado Cash within hours of launching, potentially creating legal problems for the world’s largest asset manager. ✍️ by @httpsageyd 🗒 via @ArkhamIntel 🗞 Read more: https://t.co/ZCMbGbETla https://t.co/e2tMT19ret
🌪.@BlackRock’s new institutional crypto fund received 0.97 unsolicited ETH via Tornado Cash within hours of launching, potentially creating legal problems for the world’s largest asset manager. ✍️ by @httpsageyd 🗒 via @ArkhamIntel 🗞 Read more: https://t.co/dAQ1gRyQcW
⚠️@Dolomite_io old contracts exploited (quickly resolved) The exploitation of old contracts highlights critical legacy risks. Dolomite’s swift action is commendable, yet it stresses the importance of continuous monitoring. @mamorudotai ensures proactive detection and… https://t.co/iskvq0pdrh
🚨The Dolomite Exchange faced a $1.8M exploit, Attackers utilizied the “callFunction” for arbitrary calls. A loophole in the TradeManager contract allowed bypassing reentrancy guards, leading to the theft. Dive deeper into this incident: https://t.co/N8sH6qJiqS
Lmfao. -Gov bans tornado cash & any crypto addresses that interact with it -Blackrock opens a crypto fund -random internet person sends funds from tornado cash -blackrock’s entire fund now illegal??? https://t.co/CmnS9JwTiC
#PeckShieldAlert #JustinSun - labeled address that deposited 120K $ETH (worth ~$480M) into the restaking protocol #EtherFi, has claimed 25K $ETHFI (worth ~$102K). https://t.co/9tlgOHkVKJ https://t.co/cbcJcios29
On March 20, the community-governed L1 blockchain @airdao_io suffered an exploit of ~$880K in which it lost 35.2m AMB tokens and 125.51 ETH from the AMB/ETH Uniswap pool. Hacker’s Address Which Received Stolen Funds https://t.co/mAY3iNrUDL Exploited Address:… https://t.co/Ad2sDRvGt8 https://t.co/1UPsqnHb0u
A community-governed layer one blockchain AirDAO has reportedly suffered a hacker attack, resulting in a loss of 126.5 ETH and 41.61 million AMB tokens https://t.co/fiqJo19TNJ
Defi Protocol Dolomite @Dolomite_io on the Arbitrum chain has been exploited for ~💰$1.8m in USDC. The exploit happened to an old Dolomite contract from 2019 on #ethereum. In an official tweet, Dolomite confirmed that the hack did not impact their current product on Arbitrum.… https://t.co/llMz3MXiWf
The AirDAO team stated that 35.2 million AMB tokens and 125.51 ETH were stolen from its AMB/ETH Uniswap pool. The hackers gained access to LP through a social engineering scam that included a malicious attachment in an email purporting to be from a partner.…
#PeckShieldAlert @airdao_io has reported that they suffered a hack,resulting in the loss of 126.5 $ETH & 41.61M $AMB. The hacker has transferred the stolen funds to #MEXC, #ChangeNOW and #KuCoin https://t.co/W8rnC6oKeg https://t.co/WLdvAlnbeg
🚨SlowMist Security Alert🚨 @airdao_io was exploited, including 126.5 $ETH and 41.61 million $AMB. According to @MistTrack_io , the hacker address interacts with multiple platforms, such as #Binance, #MEXC, #ChangeNOW, #KuCoin, and #BitMart. We have blocked the relevant… https://t.co/z2s7Mj6LCU
The AirDAO team has identified a theft of 35.2m AMB tokens and 125.51 ETH from our AMB/ETH Uniswap pool. We are working with exchanges and relevant authorities to identify the hacker and retrieve all stolen funds. If the hacker returns the funds immediately we will pay a white… https://t.co/lGWrT6ZCWJ
#PeckShieldAlert An address,0x2341...c02a, fell victim to a phishing scheme, resulting in a loss of a total of ~500K worth of cryptos, including 117 $stETH &5.7K $LINK #PinkDrainer https://t.co/P7CKXfalbW
#PeckShieldAlert An address, 0xB51e...178F, has fallen victim to a phishing scheme, resulting in a loss of 10 $WBTC (worth ~$673,640) #PinkDrainer https://t.co/pVcWxCTsAX
🚨SlowMist Security Alert🚨 @TemplePharmacy_ seems like a rug pull. They said on March 21 that “a total of 32,097 $SOL was raised and details will be released tomorrow.” But 4 hours later, the address (44N1...MUBN) started transferring funds. We will continue to follow up on… https://t.co/nBZuA9IK3B
The old contracts of @Dolomite_io on Ethereum suffered an approval attack, resulting in a loss of ~$1.9M. The hacker exploited the batchTransfer function of the TradeDelegate contract to transfer tokens approved to the contract from users. The batchTransfer function can only be… https://t.co/SwnwwEvszA https://t.co/kXZsIXPtkI
#PeckShieldAlert Dolomite Exchange's old contracts were exploited for ~$2m. The exploiter has swapped the stolen $USDC for ~541.5 $ETH (~$1.9m) & 94k $DAI https://t.co/Oc0y6LNbEd https://t.co/9qoPloDhiy