VERDICT —OUT OF SCOPE
Root cause is phishing — victims signed malicious transactions or approvals off-protocol. Contract logic was not the failure surface; user-side wallet hygiene was. Pre-deployment audit cannot catch this class.
▰ METHOD
PHISHING
PHISHING
Root cause
Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Forensic narrative
NFT collector SOL Big Brain lost about $1.5 million. Attackers compromised the Telegram account of a portfolio company founder and used it to send messages to SOL Big Brain, which double-checked that the sender was indeed the company founder and followed instructions. However, the attackers have set up a contract that uses wallets that allow phishing to drain SOL Big Brain. He lost $740,000 in stablecoins, $550,000 in ETH, and $200,000 in GEAR tokens. Attack method (per SlowMist): Phishing Attack. Reported loss: $ 1,500,000.
Primary source
https://twitter.com/0xQuit/status/1695153575087727057 ↗Sourced from
slowmist
Technical record
- chain
- —
- protocol
- SOL Big Brain
- bug_class
- phishing
- date_occurred
- 2023-08-26
- loss_usd
- $1,500,000
- source_id
- sm:sol-big-brain::2023-08-26
Related — same bug class· phishing