VERDICT —OUT OF SCOPE
Root cause is infrastructure (DNS / cloud / database / third-party API) compromise, not on-chain contract logic. Pre-deployment source review would not surface this; coverage lives in cloud-security + supply-chain audit, separate discipline.
▰ METHOD
INFRASTRUCTURE
INFRASTRUCTURE
Root cause
Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Forensic narrative
According to an announcement by Almanak, during today’s airdrop, operational errors and a DDoS attack caused delays in claims and failures in wallet deployment. The claim function was originally scheduled to open at 12:15 UTC, but was actually delayed until 12:35 UTC. About 1,100 users encountered a “PENDING” status issue while creating wallets.The team has restored the system, cleared the backlog, and confirmed that users’ tokens remain safe and intact. Attack method (per SlowMist): DDoS Attack. Reported loss: -.
Primary source
https://x.com/almanak/status/1999141226319155492 ↗Sourced from
slowmist
Technical record
- chain
- —
- protocol
- Almanak
- bug_class
- infrastructure
- date_occurred
- 2025-12-11
- loss_usd
- —
- source_id
- sm:almanak::2025-12-11
Related — same bug class· infrastructure