SlowMist

Not long after the last announcement of the “Another Airdrop Scam, But With a Twist,” we’ve identified a very similar scam based on reports from victims.

According to the reports of many victims, transfers of 0 USDT from unrecognized addresses continued to show in the address transaction history of TRON network users, with the TransferFrom function being called in each instance.

Clicking on a random transaction to view its details, as depicted in Pic 1 for the transaction with tx 701e7 in the

This series is a case study of the MistTrack investigate service.

Overview

Hackers attacked a project and transferred all stolen funds to TornadoCash, prompting the project party to seek assistance from MistTrack.We discovered the withdrawal address set by performing an analysis of TornadoCash transactions and demixing the funds from other users. After a few days of waiting, some of the stolen funds were finally transferred to an exchange. We sent an on-chain message to the hacker’s withdrawal

Recently, several users reported that their assets had been stolen. At first, they were unsure how their funds had been stolen, but upon closer inspection, we discovered that this was a new type of airdrop scam.

Many of the victims’ addresses were constantly airdropped with tiny amounts of tokens (0.01 USDT, 0.001 USDT, etc.), and they were most likely targeted because their addresses were involved in high-value transactions and trade volume. The last few digits of the attacker’s address are ne

Background

Celer Network officials stated on August 18 that between 3:45 and 6:00 Beijing time, certain cBridge users were directed to malicious smart contracts. Initially, the cBridge front-end interface was suspected of being compromised by DNS attack.

Completely different from the previous cross-chain bridge hacking incidents such as Nomad, Wormhole, Ronin, Harmony, etc., this attack was not caused by bugs in smart contracts and cross-chain protocols or the intrusion of related servers, and