-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathattackers_swap_observation.txt
79 lines (72 loc) · 4.6 KB
/
attackers_swap_observation.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
1) Peak Defi Attack(Mainnet)
i) Attacker swapped WBTC =>ETH (0.024 => 0.309)
https://etherscan.io/tx/0x799e0960d5051ba6d11eeccb2804cac026b1beffcab61194ad41a8020eec1e36
ii) Attacker swapped MATIC =>ETH (32,508 => 23)
https://etherscan.io/tx/0xcf7d42d06ee67f68b78439b9dc52f27f89d54448e8593de0d422300d043834b7
iii) Attacker swapped BAT =>ETH (29,832 => 6.11)
https://etherscan.io/tx/0xba4c2dcacda4cad0a4c5725f3d2a2e35633fd02820025cd536af37123cda083a
iv) Attacker swapped LINK =>ETH (831.8 => 4.5)
https://etherscan.io/tx/0x2f40c4167ca44eeb3c519fb3d19d488a58005f0393930bd6014b918353de8ca8
v) Attacker swapped SUSHI =>ETH (5,083 => 6.06)
https://etherscan.io/tx/0x5983334753be11dd7267b0e6b7fa87c11a0dd3c7886790c4a01780f031192e1b
OBSERVATIONS
Total ETH received by attacker after swap = 40
5 different Tokens were swapped over 5 txs
The swaps occcured over 94 blocks (15899279 to 15899373)
The swaps took a total time of 19 minutes (Nov-04-2022 09:15:59 PM +UTC to Nov-04-2022 09:34:47 PM +UTC)
Swaps occured on both uniswap and sushiswap dexes
2) Rabby.io
i) Attacker swapped USDT => USDC => ETH (24,778 => 24,773 => 19.3)
https://etherscan.io/tx/0xddffcfd4a7d85d701f9e3485f88b3966bb589507706b76bc293460ba96bc2ef4
ii) Attacker swapped USDC => ETH (46,926 => 36.6)
https://etherscan.io/tx/0x20c7d62953253a0c7718322ede8aec763a74176330898e35797914f81f920379
iii) Attacker swapped QNT => ETH (28.8 => 3.41)
https://etherscan.io/tx/0x977b20b1d5efbffbb887b691bdbdcf5b125043580508b0c7e08f94502e32a94a
iv) Attacker swapped INST => ETH (5000 => 2.52)
https://etherscan.io/tx/0x5a923b1ec06a3fecbe45fd8d92b422ac10f739cc0f1975e55df2065b16a90029
v) Attacker swapped LINK => ETH (342.6 => 1.93)
https://etherscan.io/tx/0x01f6056983f7c628d0885ef9bb688dc0e76fa04e3725513c86cc1a02f87b2016
vi) Attacker swapped MANA => ETH (2,500 => 1.27)
https://etherscan.io/tx/0x83bc28327242875dff6f0b6e6b326689e5275f08790a78430b7417670a7b5005
vii) Attacker swapped MUSE => ETH (154 => 0.87)
https://etherscan.io/tx/0x73740eac0e2dded281d07a6f2450c205a363d8fc45b2658df891614921480a14
ix) Attacker swapped SPELL => ETH (558,610.9 => 0.4)
https://etherscan.io/tx/0x3d6a8c4b4adf226941019aabefb4597d874548130ee456ee08d3d66c6b4e3d22
x) Attacker swapped eQUAD => ETH (20,500 => 0.23)
https://etherscan.io/tx/0x3337dc0d6d522bc4f1511973d1e7e4abe2af10e89832dc6fe9e3810b799bf024
xi) Attacker swapped HOP => ETH (2,014.6 => 0.193)
https://etherscan.io/tx/0x5d9f93dfec49749ab96c22362e59f417f24fbf0b3898193720ddad3b5abf47ac
xii) Attacker swapped RUNE => ETH (145.6 => 0.16)
https://etherscan.io/tx/0xfda7f4796f3006d84a0505545b42b769c62aa59b36d2765e2d0f0f15d6c16ede
xiii) Attacker swapped MATIC => ETH (131.4 => 0.082)
https://etherscan.io/tx/0x2a704a7ad3c351425d80240f55538ec52609459b03cadbb1b452fe0a848fa93e
xiv) Attacker swapped RADAR => ETH (14,495 => 0.08)
https://etherscan.io/tx/0x187492ce08d5b2216f49e36a19a925afee9785400b2ab35ceccc0a6dec070aef
xv) Attacker swapped CXO => ETH (6,000 => 0.85)
https://etherscan.io/tx/0x5380ec778bd40ab4bb3498cb37e375787a912bb884b050ad11210ee768cf6b18
xvi) Attacker swapped SWIV => ETH(7,000 => 0.66)
https://etherscan.io/tx/0x246e6a0f4ab3e98b8390e01c41947487608fd79a9e7cf0efd29d0f7f106f2328
xvii) Attacker swapped MULTI => ETH(233 => 0.66)
https://etherscan.io/tx/0x17eba94b0403163d2fcca8fece5cd01cd15af97356da257d2c2424b8d4d897d3
xvii) Attacker swapped CNC => ETH(39.42 => 0.13)
https://etherscan.io/tx/0x88abb9726424828d477575d9a069a4ba417ce196fffb4702b6f006e3994c5352
xviii) Attacker swapped LUNA => ETH(11,900,235 => 2.55)
https://etherscan.io/tx/0xedcc55e48bed7846f95841dde7041184e2d5e75b93eacee23e0cf6c118222b58
OBSERVATIONS
Total ETH received by attacker after swap = ~71.895
18 different native swaps occured. swaps occured majorly on 1inch v4 router
Swaps occured over 639 blocks, from 15724706 to 15725345
swaps took a total time of ~128 minutes (Oct-11-2022 11:55:59 AM +UTC to Oct-11-2022 02:04:23 PM +UTC)
The ETH was laundered with tornando cash afterwards
Dexible attack
https://etherscan.io/address/0x684083f312ac50f538cc4b634d85a2feafaab77a (should detect this also)
BonqDAO attack
https://etherscan.io/address/0xcAcf2D28B2A5309e099f0C6e8C60Ec3dDf656642
ROE Finance exploit
https://etherscan.io/address/0x67a909f2953fb1138bea4b60894b51291d2d0795
Rubic Exploit (for this, the attacker called the contract so token sender was the tx 'to' not tx 'from'
https://etherscan.io/txs?a=0x001b91c794dfeecf00124d3f9525dd32870b6ee9
DFX Finance exploit
https://etherscan.io/address/0x14c19962e4a899f29b3dd9ff52ebfb5e4cb9a067
SudoRare exploit
https://etherscan.io/address/0xbb42f789b39af41b796f6c28d4c4aa5ace389d8a