🎉 Exciting news!
MetaSleuth has expanded its capabilities to support
#SOLANA
! 🌟
Discover more about our latest integration: 🔗
Our advanced analytics tools are ready for you to dive into transaction insights. 🕵️♂️💼
Don't hesitate and give it a try!
Party time! Celebrate
@TrustblockHQ
1.0 release with MetaSleuth on
@Galxe
! ❤️
Complete the MetaSleuth Mission & win your share of $15,000+ in prizes! Get MetaSleuth Voucher and start your crypto investigation journey right now.🛫
👉
#web3
#giveaway
Inferno Drainer quietly changed its core phishing accounts.
Our monitoring system has detected that Infereno Drainer's core phishing accounts, namely Fake_Phishing76183 (0xFB4d3EB37bDe8FA4B52c60AAbE55B3Cd9908EC73) and Fake_Phishing179817
🚨 The wait is over! MetaSleuth's official launch()is here to redefine your crypto tracking experience.
📹
WHAT NEW?
1.Superior Stability: MetaSleuth now offers significant improvements in stability and stunning visual design for
AzukiDao's governance token contract (bean)
@_AzukiDAO
has been exploited due to a contract vulnerability. So far, two attackers were able to exploit the vulnerability and made a profit of 35 ETH.
Thanks to a community member for providing a source of information
.
@SushiSwap
RouteProcessor2 was attacked, and sifuvision.eth
@0xSifu
lost 1800 ETH due to this. We tracked the stolen funds and presented them as follows.
The first attacker (0x9deff) has returned 90 ETH (of 100 stolen). BlockSec rescued 100 ETH and will return it shortly. The
We knew that
@SushiSwap
RouteProcessor2 was attacked. We evaluated possible damages in the past few hours and made this public only after we think it's safe : users' assets are always our first priority.
Btw: we rescued part of them and will release the details later.
🧐After the zero transfer scam, we first find a new similar phishing method that is rampant nowadays!! Here is the summary: 👇
1. After monitoring a user initiates a large transfer to a certain address (usually above $10,000), the scammer will forge an address that is extremely
.
@KyberSwap
has been exploited on 6 chains by 3 different attackers.
The top earner 0x5027 made around $46M, utilizing funds initially sourced from
@TornadoCash
on ETH. 0x5027 then leveraged bridges and
@fixedfloat
to transfer funds to other chains for launching the attack.
.
@KyberSwap
was exploited due to tick manipulation and double liquidity counting.
In summary, the attackers borrowed a flash loan and drained the pools with low liquidity. By executing swaps and altering positions, they manipulated the current prices and ticks of the victimized
📢 Attention all blockchain sleuths! 🔍
Exciting news: MetaSleuth's fund flow visualization tool has undergone a major upgrade! 💡
Try it out now and let us know what you think!
#productupdate
#MetaSleuth
#blockchain
#dataviz
A victim got phished for 2.6M a few hours ago.
The victim's wallet had previously been drained multiple times after approving USDT transfers to a phishing address.
🧐Ooooop!! Recently, we have first discovered a new scam method again, which cleverly combines the features of fake token and zero transfer. We use BoShen Hacker as an example to explain this kind of phishing method. Here is the summary: 👇
@BeanstalkFarms
The root cause of
@BeanstalkFarms
exploitation is that the emergencyCommit() requirement bipVotePercent is based on balance, which makes it very likely to be exploited by flashloan.
Based on the analysis of the fund flow in the Atomic wallet hack incident, we found the fund flow follows a pattern, involving four types of addresses.
1. The victim: The victim's valuable assets were almost completely drained.
2. The direct drainer: The stolen assets were
KP3R was attacked, and the attacker managed to harvest approximately 4,084 $KP3R, worth around $200,000 USD. The attacker obtained their initial funds from
@TornadoCash
and had extensive interactions with
@binance
exchange. Notably, the attacker exploited a privileged vanity
.
@thekeep3r
has been attacked. Due to the governor's private key being compromised (Vanity Address), the attacker reset the governor of several pools and launched a reentrancy attack, profiting 4084 KP3P (~ $200K).
Euler Finance
@eulerfinance
is being attacked. It seems the attack continues and the total loss exceeds 190 million USD already. Will update the details later.
Check the first attack tx:
🎉 MetaSleuth Superteam Earn Bounty has officially concluded! We received an incredible 149 submissions from talented participants.
We were truly impressed by everyone’s creativity, dedication, and deep understanding of our product. We hope MetaSleuth can help everyone DYOR and
PolyNetwork was attacked, involving multiple chains. On Ethereum alone, the attacker withdrew over 40 tokens from the unlock proxy, with most of them being swapped for ETH. Currently, over $4.2 million has been transferred to other attacker addresses.
⚠️Fake_Phishing76089 grabbed more than $660k $USDC from two victims just now. And the phisher keeps transfering asset from victims.
👀Please revoke the approvals if you have approved to the Fake_Phishing76089.
@MetaDockTeam
MetaDock's
🚀🚀MetaSleuth, the ultimate crypto asset tracking tool by
@BlockSecTeam
is now live in beta!🚀🚀
Track your assets like a pro and visualize the analysis process with our amazing fund flow map, supporting 9 blockchains, and all functions are free for beta version🆓, Try it now!
.
@iearnfinance
was hacked and the loss is around 11.4 million USD. The exploiter is actively converting the profits into stablecoins and has already laundered 1000 Ether into
@TornadoCash
.
1/
@iearnfinance
was hacked with two consecutive attack transactions. The root cause is due to an (on-purpose?) misconfiguration which makes the rebalance of the pools rely on an incorrect underlying token. This misconfiguration has been there for more than three years.
Introducing MetaSleuth Monitor - a powerful new feature for your Sleuth journey. 🔍
Now you can not only analyze addresses to track funds, but also add them to your monitor list for real-time tracking of fund movements.🚨
The South Korean exchange
#GDAC
announced that its hot wallet was hacked on April 8 (UTC), and the value of lost assets were ~13M USD.
On Ethereum, the hacker swapped all 220k $USDT for Ether and laundered all 461 Ether into
@TornadoCash
.
On WEMIX, after stealing 10M
More than 120M assets were transferred from Multichain: Fantom Bridge and Multichain: Moonriver Bridge and are now distributed across 6 addresses. Additionally, 1.2M ICE (currently worth $1.8M) has been burned from address 0x9d57.
See detail in:
The lockup assets on the Multichain MPC address have been moved to an unknown address abnormally.
The team is not sure what happened and is currently investigating.
It is recommended that all users suspend the use of Multichain services and revoke all contract approvals
Thrilled to announce our latest partnership with
@Bitquery_io
! 🎉
Through this collaboration, MetaSleuth will integrate Bitquery's powerful blockchain data services to enhance our tracking and analytical capabilities, ensuring more stable and accurate data for our users. 💡
As reported by
@CoinDesk
, several Eigen Labs employee wallet addresses received notable token allocations from EigenLayer Ecosystem projects:
🔸46,512 $ALT / address
🔸10,490 $ETHFI / address
🔸66,617 $REZ / address
Want to dive deeper?🕵️
MetaSleuth is
Demystifying Profit Sharing in
#InfernoDrainer
Scam-as-a-service (SaaS) has emerged. The service provider supplies collaborators with the phishing toolkit and requires a percentage, typically 20% or 30%, of their earnings in return.
See the story:
Metaslueth always stands with the community users.
Recently, we launched an automated phishing alert function. We will send the victim an on-chain warning message and attach a detailed report in the first instance. We hope our system can help phish victims.
👇
poap.eth fell into
Remember the $10,000,000 scammer?
Recently, our phishing detection system () has identified 270 phishing websites associated with 0x1661F1 (Fake_Phishing66321). 🧐Our system shows the scammer is very skilled at using fake pages to lure victims to approve
🧐The danger of blockchain phishing is beyond imaginable! Even senior industry insiders feel unbelievable.
Metasleuth found that a phishing address (0x1661f1) participated in multiple large-scale frauds, with profits exceeding $10,000,000!
Shido on BSC was exploited, resulting in the attacker profiting 977 WBNB (worth approximately $242,000). The attacker swapped most of the profits for ETH and bridged them to Ethereum via cBridge, where they laundered the funds using TornadoCash. It's worth noting that the
1/
@ShidoGlobal
on BSC was exploited through a flash loan, taking advantage of the lock and claim mechanism, as well as the price difference between the two pools. Consequently, the attacker managed to steal 977 WBNB from the pool.
#MetaSleuthTips
Crypto Tracking: Starting with a Transaction - pt1
1/8 In this tutorial, we'll explore MetaSleuth's basic features for tracking stolen funds. Learn how to analyze transactions, track specific funds, and monitor untransferred funds. Our focus is on a phishing tx.
The phishing contracts used by Inferno Drainer have recently undergone an upgrade. These phishing contracts now possess the ability to steal users' ETH, ERC20 tokens, and NFTs.
Let's consider phishing contract 0x000056 as an example. The claim function is specifically designed
⚡️Bounty: Create Content to win amazing rewards with MetaSleuth!
🔶 Write a Thread
🔶 Create a Video
MetaSleuth's bounty campaign is ending Next Friday! Don't miss your chance to participate and win via
@SuperteamEarn
Check the link for Tips & Tricks on how to win
Address 0x0e7a6 has been scammed for 494.71 Ether, with 25% flowing into the scam contract creator's address and 75% flowing into the phisher's address. This distribution method is fixed and written in the contract. From the flow of funds, it appears that several known phishers
Pawnfi was attacked, and the attacker made a profit of around $820,000. The attacker obtained initial funds from TornadoCash, and so far, 200 Ether has been laundered into TornadoCash, while the remaining 267 Ether was transferred to the address 0xcd12 (which has been labeled as
1/
@Pawnfi
was attacked in a furry of transactions (e.g., ) The root cause for the attack is that the protocol failed to verify whether the NFT had actually been transferred when users used a specified NFT as collateral for borrowing.
.
@SturdyFinance
was attacked and the loss is ~442 ETH. The attacker obtained the initial funding from
@TornadoCash
. Most of the profits were laundered into Tornado Cash, and a small portion flowed into the
@ChangeNOW_io
exchange.
Check the details:
We found a scammer
👉pink-drainer.eth,
who has stolen the victim's NFTs (including BoredApeYachtClub
#5497
, MutantApeYachtClub
#23444
) and profit of 156.11ETH.
After analysis by metasleuth🧐, we found that pink-drainer.eth has a relationship with the previously mentioned phishing
Platypus was attacked and there is a possibility of two attackers. Exploiter 0xc64a gained a profit of around 51K USDC through approximately 100 transactions. Several tens of minutes after the first profitable transaction by 0xc64a, Exploiter 0x853d created the same contract and
After a period of 17 days,
#InfernoDrainer
has once again changed its phishing operator and contract addresses.
The drainer phishing operator, responsible for transferring victims’ ERC20 tokens and NFTs, has been changed from 0x00001f to 0x000055.
The drainer phishing contract,
Bo Shen's stolen funds are being transferred.
BoShen Hacker 4 (0X376a0) is actively moving $ETH to 0xe8bb1 and swapping for USDT. Already 1.3M $USDT has been deposited into the
@WhiteBit
exchange.
BoShen Hacker 5 (0X4ac9c) transferred 557K $LQTY to 0x1d43f and swapped for 612
Update: The Euler Finance Attacker refunded 58737.25 Ether just now. A total of 61737.25 Ether are returned till now.
The other Ether and DAI are spread to the other four addresses.
Check the details:
We are excited to announce our partnership with
@Intell_On_Chain
.
This collaboration aims to elevate blockchain security to the next level, ensuring a safer future for Web 3.0.
📣 HUGE NEWS 📣
@BlockSecTeam
partners with
@Intell_On_Chain
In the rapidly evolving landscape of
#BlockchainTechnology
, security remains a paramount concern. As the adoption of
#Web3
continues to grow, the need for robust security measures becomes more pressing.
To address
Not sure whether this is a private key leakage without further information. Currently, funds have been swapped to Ether and distributed to four addresses (blue color).
🚨ALERT🚨Our AI-powered system has detected multiple suspicious transactions with
@Stake
.
address received about $16M in $ETH $USDC $USDT and $DAI
All the stable coins are converted to $ETH and distributed to different EOAs.
FYI:
@tayvano_
@zachxbt
1/ Well, this isn't just a one-off event! MetaSleuth, our trusty web3 detective, has revealed that this is actually part of a series of highly suspicious rug pull projects, sharing a similar backdoor code logic.
ALERT! Our system detected a suspicious $SAMO token on Arbitrum
(0x37226b0285d2017c0aa585c61cdca2c78ee900e0) that is used in a UniswapV2 pair (0x4c39580382bb9ebd3d28d4f8d9d433eca74103ec).
Stay vigilant and do NOT engage with this pair/token!
Feature Tip ✍️
When an address participates in too numerous transactions, the analyzed result may only contain partial data. For such addresses, we mark them with a symbol to inform users.
In this case, if the analyzed result lack of the address/transaction data users cared
Revoke any allowances to
#Atlantis
contracts!
Due to the execution of a malicious governance proposal, the implementation contracts of Atlantis Tokens and Unitroller were replaced with the contract 0x613cc5, which was created 3 hours ago. This resulted in user assets that had
🎉Exciting news! MetaSleuth just updated with the Advanced Analyze Feature, allowing you to:
· Set a Date Range 📅
· Choose the direction 🧭
before analyzing.
Give it a try today!
High-Risk Assets Hunting -
@BlockSecTeam
@MetaSleuth
How to identify contracts with the same name but hidden risk -- DYOR⚠️
Choose the correct token contracts to avoid investing money in honeypots 🔗
At MetaSleuth, community safety is our top priority. Thanks for the positive feedback on our Phishing Alert System.
Remember to stay vigilant and protect yourself from phishing attacks by being cautious in all of your online actions. Together, we can keep each other safe!
Remember that 💩happens.eth guy that lost 400k in assets a couple days ago to a drainer?
Looks like he lost his new ape, again, since he didn't remove the drainer's access to the proxy that was used for the drain.
h/t
@MetaSleuth
- automated onchain reports are a good feature
1/ Our team has discovered a Quaternion exploit. Investigation reveals initial funding from address 0x3bc83b0a2e764447a676271ac380d766bb4fc71b, which can be traced back to . With MetaSleuth, you can easily discover it.
#MetaSleuthTips
Great news! 🚀
We've raised the limit for batch imports to support up to 30 transactions per import. Say goodbye to import restrictions and hello to faster data processing! 💪
PolyNetwork attack update. In Ethereum, we have identified three new attacker addresses that have profited 2.6 million USDT, 3.5 million COW, and 3 million USDC respectively. All USDC and USDT have been swapped for 2929 Ether (currently worth ~$5.7M) and transferred to the
PolyNetwork attack update. We have now completed the profit statistics of the attacker on ETH and BSC. The profit on ETH is approximately $5.3 million, of which $4.3 million exists in the form of ETH. The profit on BSC is approximately $232 million based on the price at the time
PolyNetwork attack update. We have now completed the profit statistics of the attacker on ETH and BSC. The profit on ETH is approximately $5.3 million, of which $4.3 million exists in the form of ETH. The profit on BSC is approximately $232 million based on the price at the time
PolyNetwork was attacked, involving multiple chains. On Ethereum alone, the attacker withdrew over 40 tokens from the unlock proxy, with most of them being swapped for ETH. Currently, over $4.2 million has been transferred to other attacker addresses.
🎉 Exciting news! 🚀MetaSleuth now offers ENS domain name resolution. 🔎
Analyzing the corresponding address of an ENS domain name is now as easy as entering it in our search bar. 🙌
Try it today and see how convenient and efficient our ENS domain name resolution feature is.
🚨 Just analyzed a suspicious $238M transfer of 4064 BTC flagged by
@zachxbt
…
🕵️Our findings as of the anaysis time:
🔸The majority of BTC (approximately 3686 BTC) is held in six addresses (marked in orange in MetaSleuth canva)
🔸A small amount of BTC
New chain added - TRON! MetaSleuth now supports the TRON blockchain! 🌐
Explore and visualize the fund flow of TRON with ease and gain unprecedented insights.
Try it out now! 🔍📊
#MetaSleuth
#TRON
#blockchain
#fundflow
Rodeo_Finance on Arbitrum was attacked again. The attacker profited around 480 ETH (approximately $896K). The profits were cross-chain transferred to the same address on Ethereum, with 150 Ether laundered into TC and the remainder yet to be transferred.
The attacker of Rodeo gained a total profit of 89601 USDC.e, which was later exchanged for 46.11 ETH.
-> Interestingly, the deployer of the Rodeo contract and the attacker's address are very similar, with the first five letters being exactly the same.
Drainers are using various methods to perform phishing hacks, including hacking social media, websites, and others.
Be cautious when clicking the links!
See our full story:
The main reason for the exploit is that the signatureClaimed variable in the contract was not properly checked, which allowed for replay attacks. Now, the contract is paused.
1/ The profit of
@BonqDAO
attacker is around 98.6M BEUR 113M WALBT. Specifically, 113M WALBT was burned to unlock 113M ALBT. ~0.5M BEUR was swapped to 534,535 USDC and t to Ethereum (0xcacf…6642). 98.1M BEUR was still on the attacker’s account on Polygon
🚨 $MBAPPE Token Incident 🚨
Token Address: 9urVxmVzVoh5DNER3hyQm4s7sCixdRpNE1HNR6ezpump
🔍 A quick look into a series of rapid trades and arbitrage activities on the Solana blockchain, triggered by the $MBAPPE token that was launched from a hacked
Track funds in a single direction with MetaSleuth! 🚀
Click the plus icon by the address nodes to see only incoming or outgoing funds. 🔍
Stay tuned for more updates! 🌐
#MetaSleuth
#Blockchain
#NewFeature
🔔 Be Cautious!
Address poisoning is a tactic being used on
#Bitcoin
Here’s a simple example:
🔸Phishing Address:
bc1q7jywd9nfjg36skxt4lc0twvgzc3rkjj6lyfjwm
🔸Legitimate Address:
bc1q7jgulg69frc8zuzy0ng8d5208kae7t0twyfjwm
🔸Target Address:
Crypto Leaks investigation found that the Avalanche Bridge received over $279M from malicious sources.
Use MetaSleuth to track the flow and uncover new findings.🧐
From ChipMixer[.]com to Avalanche Bridge:
From Mixers to Avalanche Bridge:
🚨 Someone is testing some 'Rugpull' token on BSC. These tokens appear to be popularly bought, but in reality, they are being manipulated by fraudsters using bots. The real buyer and so the loser is essentially just only you.
Fake Uniswap scammer addresses have been flagged and can be viewed through the MetaDock plugin. Furthermore, it appears that the scammers have laundered some of their scam proceeds into the exchange.
@binance
@gate_io
@MEXC_Global
Check the fund flow:
MetaSleuth just launched a powerful new feature: Custom Watermark! 🎉
It's the best way to showcase your analysis result and protect your intellectual property.
Did you know that we automatically connect transfers across Cross-chain Bridges, including Across Protocol?
Take the Exactly Protocol Exploit as an example. When analyzing the exploiter's address on OP, we automatically display the cross-chain path to ETH. 🔄
Try it now
Know more, and act with greater caution.
This phishing attack is a type of Fake-token Attack, which is part of Address Poisoning. We previously introduced three types of Address Poisoning, including Fake-token, Zero-value, and Dust-transfer attacks. It's important for all users
I want to share this (luckily) unsuccessful, but very clever and close scam incident from yesterday 👇. Saved $20m. Hope it may also save you one day.
The scammers are so good now they generate addresses with the same starting and ending letters, which is what most people check
🚀MetaSleuth supports multi-chain analysis, and we have parsed some cross-chain transactions on third-party bridges on 7 EVM-compatible chains. The supported cross-chain bridges include Across, Multichain, Celer, Hop, Ren, Stargate, Synapse, and Wormhole.
#CrossChain
#Bridge
Want to know the trending Memes and smart money on Solana? try our Solana Watcher in MetaSleuth. You can also easily track SMART addresses on Solana in MetaSleuth.
Take a try:
#Solana
#SmartMoney
🧐The danger of blockchain phishing is beyond imaginable! Even senior industry insiders feel unbelievable.
Metasleuth found that a phishing address (0x1661f1) participated in multiple large-scale frauds, with profits exceeding $10,000,000!
#MetaSleuthTips
No more manually posting screenshots!
Now, when you create shared links and post them on platforms like X and Telegram, a preview image of the entire fund flow chart will be automatically displayed.
Example of the Heco bridge hack.
DND Token (DungeonSwap Token) on BSC has been exploited. The init funds came from
@TornadoCash
. All of the illicit funds still remain in the address 0xbaca.
The exploiter 0xbaca2500b0f3009b420a7592bb1485e7ba419d76 stole BUSD from people who had approved
This blog shows how to use MetaSleuth to track "smart" money on Solana, who made millions of dollars in two minutes by buying
#TIM
meme Tokens.
They were criticized as the insider job. You can DYOR.
Track funds in a single direction with MetaSleuth! 🚀
Click the plus icon by the address nodes to see only incoming or outgoing funds. 🔍
Stay tuned for more updates! 🌐
#MetaSleuth
#Blockchain
#NewFeature
#MetaSleuthTips
Address Panel Filter
Effortlessly filter the related addresses and transfers for your target address using the Filter feature in the Address Panel.
Stay focused on what matters most.
MetaSleuth now supports analyzing transactions on 11 chains, including
@BuildOnBase
and
@LineaBuild
!
Just enter a transaction hash and uncover all the fund flow within.
Simplify your analysis and gain insights into transaction details.
The
@harmonyprotocol
Horizon Bridge's hacker built a complex but structured money laundering network and is attempting to launder millions of dollars, some of the illicit assets deposited into many CEX.
📚 Exciting news! We're planning a tutorial series on conducting investigations using MS. We want to hear your thoughts and ideas! What specific areas or topics would you like us to cover?
Leave your comments below and let us know!
#investigation
#MetaSleuth
#DYOR
We have traced the
@coinexcom
stolen funds on ETH, BSC, Polygon, Tron, and BTC (this is not an exhaustive list of the stolen funds). The stolen funds on these chains amount to approximately $42 million in total, with the majority currently held in the form of native tokens and
#CoinExResponseUpdate
- We've identified the 2nd series of suspicious wallet addresses linked to the hack:
$ETH:
0x2118e4432d668aCFa347ddBA0efCcc6BB04DB297
0x1A61Df134d766f1e240FBFAEe79bBeCC04195f62
0x40cBe7580168d52b7FEC884120B31115c3F7E37E
$XRP:
#MetaSleuthTips
Navigate complex fund flow diagrams with ease! 🔍
With
#MetaSleuth
, quickly search for addresses, labels, transaction hashes, or use edge:{index} to locate edges that appear on the canvas.
Results are highlighted and the view is centered, streamlining your
1/ MetaSleuth has an online alert system for phishing attacks, sending notifications to victims from metasleuth911.eth. We've discovered someone impersonating us and claiming to represent BlockSec, targeting the same victims.
We've received reports of users being contacted by individuals claiming to represent BlockSec, offering to recover phishing losses. DO NOT respond to these messages. If you have any concerns, please contact us directly via email at contact
@blocksec
.com to verify the identity.
Track phishing funds like a pro with MetaSleuth! 🔍🚨
This clip showcases how easy it is to use 'show more' for detailed transfer data, 'token filter' to focus on key assets, and 'search box' to trace all edges related to a given transaction hash.
Keep a close eye on fund movements with MetaSleuth Monitor. 👀
Just an update on
@JPEGd_69
exploiter - they've recently moved all 6106 WETH to a new address. Refund or not?