Archived tweet

Tweet thread by CertiK:

#CertiKSkynetAlert @Narwhal_fyi announced that they experienced an exploit. However, on-chain links suggest a possible exit scam. Bsc: 0x8A2DF808CCb0DB866C5C152412D1718929143f53 In total, we have accounted for ~$1.5m with ~$1m deposited into @TornadoCash Tweeted at 9:43 AM · Jan 8, 2024 1/ The price chart of NRW shows two major drops. One on the 5th Jan, the other 7th Jan. Tweeted at 1h 2/ The drop on 5th Jan was caused by EOA 0xEa55BAEF29dc70799fAec4E2896b4D16A750E568 who received NRW tokens from multiple wallets. All purchasing wallets received funding from 0x28B38A8B0b5AbEcE315a5064495056ad158DDDfF Tweeted at 1h 3/ 0x28B38A8B0b5AbEcE315a5064495056ad158DDDfF was initially funded by 0xfc8Cd26F86E6169e95A0256004B5c8FD1a6EFdDF which received funds via FixedFloat. 0xfc8 also funded the NRW deployer. Tweeted at 1h 4/ The 7th Jan drop was caused by 0x9481b7c8f83A7BB3E8e3648b453d6Eb59dFFcC30 which called `withdraw` on unverified contract 0x814304B1e200b4D36B26f53358BbBA6D6136B2F5 Contract was created by 0x6eA which was also funded by 0xfc8C Tweeted at 1h 5/ The NRW was swapped for ETH and bridged to the Ethereum Network. 0x9481b7c8f83A7BB3E8e3648b453d6Eb59dFFcC30 deposited 375 ETH into TornadoCash, and also received ETH from 0xEa55BAEF29dc70799fAec4E2896b4D16A750E568 Tweeted at 1h 6/ Funds are also located in eth: 0xe07bCffac8cEC86886B49b509A4924182D2596d3 and eth: 0x51eF9B64e5Bc4A23C522ECE8769De87b022d3c41 Tweeted at 1h 7/ An overview of the suspicious links can be seen below Tweeted at 1h #CertiKSkynetAlert Looks like ~$3m USDT stolen from 0xe7B0 at 3am UTC this morning 0xe7B0 approved a malicious user to spend their USDT The funds have been transferred to @TornadoCash Tweeted at Jan 5

Tweet #2

Image #1:

Image

Tweet #8

Image #1:

Image

Tweet #9

Links: