Slow Mist: Over $95M in stolen funds from the Nomad incident still remain in 3 addresses

[Slow Mist: More than $95 million in stolen funds remained in 3 addresses in the Nomad incident] On August 2, SlowMist monitoring showed that more than $95 million in stolen funds remained in the Nomad attack 3 addresses. Among them, 0xB5C55f76f90Cc528B2609109Ca14d8d84593590E still has 1084 ETH, 1.2 million DAI, 103 WBTC and other encrypted assets of about 8 million US dollars. This address is also responsible for transferring 10,000 WETH to another address and transferring other USDC; the second address assets.

At present, after slow fog has been combed, address 3 cannot be connected with the other two addresses, but these attacks have the same pattern.

Other news:

Slow Mist: GenomesDAO Hacked Brief Analysis: According to the hacktivist in the Slow Mist area, the @GenomesDAO project on MATIC was attacked by hackers, resulting in unexpected withdrawal of funds in its LPSTAKING contract. The SlowMist security team conducts the analysis for the following reasons:

1. Since the initialized function of the LPSTAKING contract of GenomesDAO is publicly callable and has no permission and cannot be repeatedly initialized, the attacker uses the initialized function to set the stakingToken of the contract to a fake LP token created by the attacker.

2. Then the attacker uses the stake function to mortgage fake LP tokens to obtain a large number of LPSTAKING mortgage certificates.

3. After obtaining the certificate, set the stakingToken of the contract to the original real LP token through the initialize function again, and then destroy the LPSTAKING certificate through the withdraw function to obtain the real LP collateral in the contract.

4. Finally, send LP to DEX to remove liquidity and make profit.

This incident is because the LPSTAKING contract of GenomesDAO can be initialized arbitrarily and repeatedly to set key parameters, resulting in the malicious depletion of collateral in the contract. [2022/8/7 12:07:06]

SlowMist: The ACOWriter contract of the decentralized options protocol Acutus has an external call risk: According to the news from the SlowMist area, on March 29, 2022, the ACOWriter contract of Acutus was attacked, and the _exchange and The exchangeData parameters are all externally controllable, and the attacker can use this vulnerability to make any external calls. At present, the attacker has used this method to steal about 726,000 US dollars in assets of some users who have authorized the contract. The SlowMist security team reminds users who have used the contract to cancel the authorization of the contract quickly to avoid the risk of asset theft. [2022/3/29 14:25:07]

Voice | SlowMist: There are multiple vulnerabilities in Ghostscript: According to the news from SlowMist, Google Project Zero issued a warning for multiple vulnerabilities in Ghostscript. Remote attackers can use the vulnerabilities to execute arbitrary code on the target system and bypass security restrictions. Ghostscript 9.26 and earlier are affected. Software vendors have provided patches. [2019/1/24]