The cryptocurrency community has been alerted to several security incidents and vulnerabilities across different platforms. PeckShield reported that an exploiter transferred approximately 1K ETH, valued around $3.6M, to TornadoCash from the HECO Bridge. Additionally, a fraudulent token named SLERF plummeted by -100%, with its deployer swapping 123,336,949,297,868 Scam $SLERF for approximately 469K USD, highlighting a rug pull incident. ParaSwap disclosed a critical vulnerability affecting users who approved the Augustus V6 contract, urging users to revoke permissions immediately. This vulnerability was exploited using a UniswapV3 callback, allowing the fromAddress to be set to anything, with CertiK listed as the auditor on ParaSwap's website. Dolomite Exchange's old contracts were also exploited, resulting in a loss of around $2m, with the exploiter converting the stolen USDC to approximately 541.5 ETH (~$1.9m) and 94k DAI. Furthermore, two addresses fell victim to phishing schemes, losing a total of around $673,640 worth of cryptos, including 117 stETH, 5.7K LINK, and 10 WBTC.
#PeckShieldAlert An address,0x2341...c02a, fell victim to a phishing scheme, resulting in a loss of a total of ~500K worth of cryptos, including 117 $stETH &5.7K $LINK #PinkDrainer https://t.co/P7CKXfalbW
#PeckShieldAlert An address, 0xB51e...178F, has fallen victim to a phishing scheme, resulting in a loss of 10 $WBTC (worth ~$673,640) #PinkDrainer https://t.co/pVcWxCTsAX
#PeckShieldAlert Dolomite Exchange's old contracts were exploited for ~$2m. The exploiter has swapped the stolen $USDC for ~541.5 $ETH (~$1.9m) & 94k $DAI https://t.co/Oc0y6LNbEd https://t.co/9qoPloDhiy
btw even if you didnt get drained today on the paraswap exploit you should still revoke approvals if you had them otherwise you'll forget and 4 months later you might do a swap for the approved token and it will get insta-drained as soon as the swap completes
Revoke the approvals asap to avoid loss. https://t.co/xQbnH4UItj
Seems like Dolomite Exchange's old contracts have been exploited!!! $1.8m in USDC has been stolen! Exploit tx: https://t.co/PdllvPGAr4 Exploiter address: https://t.co/NlFLNSbmu1 Revoke approvals to Dolomite's old contract ASAP: https://t.co/qIAZr1JNAJ https://t.co/MiDivtRFkh
🚨SECURITY ALERT🚨 There has been a critical vulnerability found in @paraswap 👇 Situations like this show how important real-time monitoring and proactive threat intelligence are. @mamorudotai, incubated by @zokyo_io, could have provided early detection, preventing such… https://t.co/02s4nH1tRt
Paraswap disclosed a critical vulnerability today. Using a UniswapV3 callback the fromAddress could be set to anything. CertiK is listed as an auditor on their website. Stay the fuck away from CertiK. If you were audited by CertiK in the past, PLEASE consider a new audit. https://t.co/UhKeBxasn3
Paraswap disclosed a critical vulnerability today. Using a UniswapV3 callback the fromAddress could be set to anything. CertiK is listed an an auditor on their website. Stay the fuck away from CertiK. If you were audited by CertiK in the past, PLEASE consider a new audit. https://t.co/Fu4YkwNqTP
Paraswap disclosed a critical vulnerability today. Using a UniswapV3 callback the fromAddress could be set to anything. The auditor? CertiK... This isn't even funny anymore. Stay the fuck away from CertiK. If you were audited by CertiK in the past, PLEASE consider a new audit https://t.co/NfdoZYulcB
If you have interacted with ParaSwap V6 please follow the instructions in the tweet below and revoke access asap. https://t.co/bxzoIRRsvK
🚨Please revoke the permissions of the AUGUSTUS V6 contract using a service like @RevokeCash asap: 0x00000000FdAC7708D0D360BDDc1bc7d097F47439 https://t.co/i8u8qQmzGF
1/ ERC-20 approve() idiocy strikes at ParaSwap Revoke again, just make sure you are not scam revoking https://t.co/hcHW470W9J
Attention Paraswap Users! ⚠️ Revoke ParaSwap contract approvals NOW to protect your funds! https://t.co/x1me8SjvOf
#PeckShieldAlert @paraswap reported that they discovered a critical vulnerability affecting users who approved the Augustus V6 contract. Please *REVOKE* PERMISSIONS TO THE AUGUSTUS V6 contract: 0x00000000FdAC7708D0D360BDDc1bc7d097F47439 https://t.co/KjDOxkT24e
#PeckShieldAlert #Slippage A fraudulent token named #SLERF has plummeted by -100%. The deployer address 0xbE1e...4c08 has swapped 123,336,949,297,868 Scam $SLERF for ~469K $USD *Note*: The #rugpull token shares the same name as the legitimate ones https://t.co/jMnqQQtbTw
#PeckShieldAlert #SLERF has reported that the site was DDOSed, and the Telegram channel is being botted https://t.co/Ln4FqMJ8ag
#PeckShieldAlert #HECOBridge Exploiter - Labeled address has transferred ~1K $ETH (worth ~$3.6M) to #TornadoCash https://t.co/I12NCxoYst