Home
About
    Follow
      LeaderboardGlossaryContributeNewsletterStore

      Archived tweet

      Back

      Tweet thread by CertiK:

      #CertiKSkynetAlert 
@Narwhal_fyi
 announced that they experienced an exploit. However, on-chain links suggest a possible exit scam.

Bsc: 0x8A2DF808CCb0DB866C5C152412D1718929143f53

In total, we have accounted for ~$1.5m with ~$1m deposited into 
@TornadoCash 
Tweeted at 9:43 AM · Jan 8, 2024

1/ The price chart of NRW shows two major drops. One on the 5th Jan, the other 7th Jan. 
Tweeted at 1h

2/ The drop on 5th Jan was caused by EOA 0xEa55BAEF29dc70799fAec4E2896b4D16A750E568 who received NRW tokens from multiple wallets.

All purchasing wallets received funding from 0x28B38A8B0b5AbEcE315a5064495056ad158DDDfF 
Tweeted at 1h

3/ 0x28B38A8B0b5AbEcE315a5064495056ad158DDDfF was initially funded by 0xfc8Cd26F86E6169e95A0256004B5c8FD1a6EFdDF which received funds via FixedFloat.

0xfc8 also funded the NRW deployer. 
Tweeted at 1h

4/ The 7th Jan drop was caused by 0x9481b7c8f83A7BB3E8e3648b453d6Eb59dFFcC30 which called `withdraw` on unverified contract 0x814304B1e200b4D36B26f53358BbBA6D6136B2F5

Contract was created by 0x6eA which was also funded by 0xfc8C 
Tweeted at 1h

5/ The NRW was swapped for ETH and bridged to the Ethereum Network.

0x9481b7c8f83A7BB3E8e3648b453d6Eb59dFFcC30 deposited 375 ETH into TornadoCash, and also received ETH from 0xEa55BAEF29dc70799fAec4E2896b4D16A750E568 
Tweeted at 1h

6/ Funds are also located in eth: 0xe07bCffac8cEC86886B49b509A4924182D2596d3 and eth: 0x51eF9B64e5Bc4A23C522ECE8769De87b022d3c41 
Tweeted at 1h

7/ An overview of the suspicious links can be seen below 
Tweeted at 1h

#CertiKSkynetAlert 

Looks like ~$3m USDT stolen from 0xe7B0 at 3am UTC this morning

0xe7B0 approved a malicious user to spend their USDT

The funds have been transferred to 
@TornadoCash 
Tweeted at Jan 5

      Tweet #2

      Image #1:

      Image

      Tweet #8

      Image #1:

      Image

      Tweet #9

      Links:

      • https://skynet.certik.com/alerts/security/0abd2e26-cb12-4a22-8687-ab7221e02b04

      Text is licensed under a Creative Commons Attribution 3.0 Unported License. All attribution can be found on the attribution page.

      Source code | Contribute