VERDICT —OUT OF SCOPE
Root cause is phishing — victims signed malicious transactions or approvals off-protocol. Contract logic was not the failure surface; user-side wallet hygiene was. Pre-deployment audit cannot catch this class.
▰ METHOD
PHISHING
PHISHING
Root cause
Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Forensic narrative
In the early hours of this morning, many celebrity politicians and some companies' Twitter accounts were attacked by hackers, and these Twitter accounts all published relevant digital currency phishing scam information. However, the phishing information was deleted a few minutes after it was posted. As of now, the scammers have received 12.86 bitcoins in total. Attack method (per SlowMist): Account Compromise. Reported loss: 12.86 BTC.
Primary source
https://www.bbc.com/zhongwen/simp/science-53429460 ↗Sourced from
slowmist
Technical record
- chain
- —
- protocol
- bug_class
- phishing
- date_occurred
- 2020-07-16
- loss_usd
- —
- source_id
- sm:twitter::2020-07-16
Related — same bug class· phishing