Cointime

Download App
iOS & Android

Cyvers: A suspicious transfer involving a stakingProxy contract on Polygon was discovered, and $613,000 was deposited into Tornado Cash

Cyvers' artificial intelligence system has detected a suspicious transfer involving a non-active stakingProxy contract on Polygon. The value of the transfer is $613,000 and has been bridged to ETH and deposited into Tornado Cash.

Comments

All Comments

Recommended for you

  • Alliance of 314: The X314 contract is suspected to have a hidden additional issuance switch, developers should pay attention to verification

    Alliance of 314 issued a statement claiming that the contract of a certain 314 project has not been open-sourced on the blockchain. As for whether other platforms have open-sourced their contracts, there is a misconception that open-sourcing on other platforms is self-submitted and does not necessarily mean that the contract is deployed on the chain, so there may be unknown hidden issuance. Additionally, the said 314 project announced that it will soon launch a trading platform, and the first requirement for logging into a centralized exchange is to open-source the contract. Open-sourcing is the first thing that any project should do to ensure investor confidence. Referring to the open-sourcing of the 0.1, 0.5, and 0.9 versions before, it can be concluded that there is hidden code in the X314 contract, and therefore it cannot be open-sourced out of fear. The biggest risk warning: after decompiling and querying ethervm, it is highly suspected that a certain 314 has a hidden issuance switch to increase mining pool output and arbitrage. The field is as follows: 0x40c10f19mint(address,uint256). The risk alert level for this switch is the highest level, and generally, ordinary developers do not set this switch.
  • Magpie: A vulnerability was found in the contract, and users are advised to cancel authorization as soon as possible

    Cross-chain infrastructure Magpie Protocol published an article stating that there is a vulnerability in the contract and urging users who have authorized its contract and still hold funds in their wallets to cancel the relevant contract authorization on each chain as soon as possible.
  • SlowMist reveals a new scam: maliciously modifying RPC node links to defraud assets

    SlowMist security team has exposed a new type of cryptocurrency scam. This scam uses the remote procedure call (RPC) function of modified Ethereum nodes to commit fraud. The specific process of the scam is as follows: the scammer induces the user to download the imToken wallet and gain the user's trust by using 1 USDT and a small amount of ETH as bait. Then, the scammer guides the user to change their ETH's RPC URL to the node controlled by the scammer. The node uses Tenderly's fork function to falsify the user's USDT balance. When the user sees the incorrect balance, they may attempt a transfer, but the scammer has already disappeared. According to SlowMist Technology's report, this type of scam exploits users' trust and negligence, resulting in asset losses. The SlowMist security team reminds users to remain vigilant when trading and avoid using untrusted RPC nodes.
  • freezingwatermelon.eth lost 19.12 stETH due to phishing

    According to PeckShield's monitoring, freezingwatermelon.eth suffered a phishing attack, resulting in a loss of 19.12 stETH (worth about $60,800).
  • Scammers use Google to promote fake Whales Market website to steal cryptocurrency

    According to a report from BleepingComputer, threat actors have discovered a method where scammers use Google's platform to promote phishing websites impersonating Whales Market in order to steal cryptocurrency. These fraudulent websites are placed as sponsored links (i.e. advertisements) at the top of Google search result pages, and despite the domain address displayed on the search result page appearing to be real, users will be redirected to the fake website upon clicking.
  • Cyvers: Hedgey suffered the same vulnerability on Arbitrum and lost about $42.8 million

    Cyvers Alerts on X platform stated that the system detected that the financial derivative agreement Hedgey Finance executed the same vulnerability on the ARB chain and gained approximately 42.8 million US dollars in profit.
  • CertiK: Hedgey vulnerability was exploited and $1.9 million was stolen

    CertiK Alert posted on social media that it has detected that the on-chain token infrastructure protocol Hedgey has been exploited and stolen approximately 1.9 million US dollars.The attacker abused the createLockedCampaign function in flash loans to obtain approval for the use of tokens on the victim's contract. The USDC, NOBL, and MASA tokens in the victim's contract have been depleted.
  • Cyvers Alerts: Multiple phishing transactions detected this morning

    Cyvers Alerts reported on X platform that multiple phishing transactions were discovered by the system this morning. The victims have approved the external owned accounts (EOA) of the phishers. We strongly recommend revoking the relevant approvals.
  • PeckShield: Chainzoom's token ZOOM on Uniswap is a scam trading pair

    PeckShield has detected a scam warning issued by Chainzoom, which states that scammers have set up a fake ZOOM/WETH trading pair on Uniswap to deceive users. Chainzoom will postpone the TGE of ZOOM and contact Uniswap to remove the fraudulent trading pair and add the correct ZOOM/WETH trading pair. Chainzoom will airdrop all ZOOM holders to protect user interests. PeckShield stated that the fake ZOOM token has already fallen by 42% in the past hour, and the fraud token deployer has interacted with Binance.
  • CertiK: Suspicious transaction activity on Chainge, approximately $60 million has been transferred to EOA addresses

    CertiK has detected suspicious activity related to Chainge Finance's transactions on the X platform. Approximately $60 million has been transferred to EOA addresses on ETH, BNB, and Arbitrum. Earlier reports suggested that the cross-chain liquidity protocol Chainge Finance was suspected of unauthorized fund transfers due to insufficient input validation.