Phalcon

Phalcon

148 Twitter followers

Follow

Security Development Suite for DeFi Projects. Powered by @BlockSecTeam Phalcon Browser: http://phalcon.xyz

Posts

.@HoldstationW was reported compromised due to a project wallet takeover, with estimated losses of ~$100K. Multiple assets valued at ~$66K, including #WLD, #USD1, #BNB, and #BERA, were drained across World Chain, BSC, Berachain, and zkSync, consolidated on Ethereum (22.41 ETH), and ultimately bridged to Bitcoin (0.755 BTC). The team has posted an on-chain message and is attempting to negotiate with the attacker.

ALERT! Our system just detected a suspicious transaction targeting an unknown contract on #BSC, resulting in ~$100K in losses. The root cause appears to be a "burn pair" design flaw. Exploitation via two reverse swaps: 1. Swap 1: drained 99.56% PGNLZ tokens from the pool, leaving roughly the amount later sold. 2. Swap 2: sold PGNLZ; transferFrom triggered burns (99.9% PGNLP) + sync, pumping PGNLP price, then used the manipulated position to drain almost all USDT from the pool. 🟦 Found by #PhalconSecurity, 🟦 Analyzed via #PhalconExplorer.

Seems that: 1. 0x9cb8d9BaE84830b7f5F11ee5048c04a80b8514BA belongs / is related to @0xswapnet: swapnet-1.gitbook.io/docs/refe...… 2. 0xbeef63AE5a2102506e8a352a5bB32aA8B30B3112 belongs / is related to @ApertureFinance: github.com/Aperture-Finance/un...… twitter.com/Phalcon_xyz/status...

.@Sagaxyz__ was reportedly attacked, with a large amount of Saga Dollar (D token) minted. The attacker bridged the stolen assets to Ethereum, swapping part into ETH (2,000+ ETH, worth $6M+) and deploying the rest into Uniswap v4 LP positions (worth $800K+). Total value is over $6.8M. The root cause remains unclear, and the chain has been paused for investigation. sagaevm.sagaexplorer.io/addres...… etherscan.io/address/0x2044697...… twitter.com/Phalcon_xyz/status...

. @makinafi suffered an exploit on Ethereum, resulting in a loss of 5,107,871 USDC. The root cause was that `DUSDUSDC.getSharePrice()` incorrectly relied on the pool's spot price when calculating the LP asset value (i.e., the function `Frax Finance: MIM-3LP3CRV-f Token.calc_withdraw_one_coin()` to obtain the price). This allowed the attacker to manipulate the pool's price, artificially inflating the LP's value and thus conducting an arbitrage attack. Found by #PhalconSecurity, Analyzed via #PhalconExplorer.

. Looks the contract of @SynapLogic was hacked, with a loss around 186k. Vulnerability summary: The implementation contract 0xC859 failed to validate critical parameters in swapExactTokensForETHSupportingFeeOnTransferTokens (0x670a3267). The function is supposed to accept native token payment (msg.value) and mint SYP to the buyer. However, attackers could arbitrarily control the “whitelist” logic via the 3rd input parameter, and specify any whitelist revenue-share address. What's worse, the contract distributes native token revenue shares by ratio but does not check whether the total payout exceeds the actual payment (msg.value). This allows an attacker to set a payout address such that the distributed native tokens are greater than the payment, extracting profit in native token while still receiving freshly minted SYP.

YO protocol (@yield) was reported to suffer a bizarre swap on #Ethereum: ~$3.84M stkGHO ended up as only ~$122K USDC. The team has taken actions including buying GHO and re-depositing stkGHO into the vault. Our investigation suggests the discrepancy may have resulted from two compounding factors: 1. Bad output quote by the initiator, which effectively disabled slippage protection. 2. Abnormal routing via executePath parameters. The paths passed into executePath routed the swap through pools with extremely high fee tiers and very thin liquidity, leading to massive fee extraction and severe price impact. app.blocksec.com/explorer/tx/e...…

ALERT! Our system detected a suspicious transaction targeting @futureswapx’s contract on #Arbitrum a few hours ago, resulting in an estimated loss of ~$395K. We have attempted to contact the team, but have not received a response so far. The attacker appears to have drained funds through multiple changePosition operations, eventually withdrawing a large amount of USDC. Since the contract is not open-sourced, the exact root cause still requires further investigation. Based on on-chain behavior, we suspect the incident may be related to unexpected stableBalance accounting changes during earlier position updates, which later allowed USDC to be released when removing collateral.

Loading..