3 hours ago
Projects tied to Pepe meme creator Matt Furie and the NFT workplace ChainSaw mislaid astir $1 cardinal to declaration takeover exploits past week, according to on-chain researcher ZachXBT.
On June 27, ZachXBT reported transaction records showing that the attacker seized power of the “Replicandy” declaration astatine 4:25 a.m. UTC connected June 18 by transferring ownership to the externally owned code 0x9Fca.
Two hours later, the caller proprietor withdrew mint proceeds and, astatine 5:11 a.m. the adjacent day, reopened the mint, issued caller NFTs, and dumped them into unfastened bids, pushing the level terms to zero.
On June 23, the aforesaid code took implicit 3 further ChainSaw contracts: Peplicator, Hedz, and Zogz. The atrocious histrion past repeated the mint-and-dump cycle.
ZachXBT estimated the combined theft astatine much than $310,000 and linked the funds to 3 collector addresses: 0xf6a9, 0x7e58, and 0x58f4. He traced a 2.05 ETH outgo from 0x9Fca to an speech deposit that converted to 5,007.91 USDT and was past moved to MEXC.
He subsequently mapped galore smaller monthly deposits from unrelated projects into the aforesaid speech wallet.
Two GitHub accounts, “devmad119” and “sujitb2114,” database wallets that intersect the stolen money trail.
Both accounts stock indicators that ZachXBT associated with North Korean IT workers, including Korean connection strategy settings, Astral VPN sessions, and Asia-Russia clip zones, contempt résumés that assertion US residency.
Favrr exploit follows the aforesaid payroll path
A 2nd incidental surfaced connected June 25, erstwhile the freelance services token task Favrr mislaid much than $680,000 pursuing its listing connected a DEX. On-chain investigation linked the exploit to the consolidation wallet 0x477, which received recurring payments from Favrr payroll addresses 0x1708 and 0x6412.
Gate.io deposit code 0xab7 received portion of the stolen Favrr tokens, and was antecedently funded by the suspected developer down “sujitb2114”.
Favrr announced that it would refund each archetypal decentralized offering participants, cancel its MEXC listing, and initiate a thorough audit of its codebase. The task added that it volition people a caller motorboat timeline “in the coming weeks” and advised users to debar trading impostor tokens successful the interim.
ZachXBT reported that Favrr’s main exertion officer, listed arsenic Alex Hong, deleted his LinkedIn illustration aft the exploit. Attempts to verify his enactment past with erstwhile employers were unsuccessful.
The researcher plans to merchandise aggregate information connected payroll flows to wallets tied to the aforesaid North Korean cluster, contending that basal owed diligence checks would person flagged the hires.
The stolen funds from the ChainSaw collections stay idle, portion astir Favrr proceeds person already passed done Gate.io and respective nested services.
ZachXBT said helium has not reached the teams due to the fact that their nonstop connection channels are closed, and authoritative Telegram oregon Discord rooms bash not supply interaction options.
The incidents bring renewed attraction to the risks of “shadow hiring” successful crypto projects that outsource improvement done gig-work platforms.
Investigators proceed to travel the on-chain trails, and affected communities await ceremonial statements from Furie, ChainSaw, and Favrr.
The station Pepe meme creator’s NFT projects deed for $1 cardinal arsenic declaration hijackers drain collections appeared archetypal connected CryptoSlate.
English (US) 