VERDICT —OUT OF SCOPE
Root cause is phishing — victims signed malicious transactions or approvals off-protocol. Contract logic was not the failure surface; user-side wallet hygiene was. Pre-deployment audit cannot catch this class.
▰ METHOD
PHISHING
PHISHING
Root cause
Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Forensic narrative
23pds, the CISO at SlowMist, tweeted that the 2FA service Authy has been hacked, resulting in the theft of the phone numbers of 33 million users. If you are an Authy user, please be vigilant against phishing attacks. The official developer, Twilio, has confirmed the vulnerability. Many professionals in the crypto industry use this 2FA software, so please ensure the security of your assets. Attack method (per SlowMist): Information Leakage. Reported loss: -.
Primary source
https://x.com/im23pds/status/1809047760819400777?mx=2 ↗Sourced from
slowmist
Technical record
- chain
- —
- protocol
- Authy
- bug_class
- phishing
- date_occurred
- 2024-07-05
- loss_usd
- —
- source_id
- sm:authy::2024-07-05
Related — same bug class· phishing