It seems like multiple signer keys appear to have leaked in Shibaswap, causing a $2.8M loss today @Shibtoken. The attacker (https://etherscan.io/address/0... withdrew multiple times by providing legit Merkle leaf exit requests from a root signed by 10 different addresses. The "legit"
@Shibtoken 2/ After the checkpoint Mekle root was added, it lost another $1m in another large hack TX https://etherscan.io/tx/0x6df7... by keep adding the legit leaf and claim it as a legit 'exit' withdraw request.
@Shibtoken 3/ Shibaswap rootchain manager contract https://etherscan.io/address/0... uses the stored root Merkle hash in each checkpoint. Somehow, an attack could add a "legit" checkpoint root hash with signatures from 10 signers.
@Shibtoken 4/ For each exit() call in the root chain manager contract, it verifies if any request is a legitimate leaf under that root hash. As soon as the attacker controls the root hash, they can manipulate as many leaves as they want.
@TikkalaResearch @Shibtoken Jeeze. That really sucks
@TikkalaResearch @Shibtoken So many things to pay attention to in crypto... 🫣
@TikkalaResearch @Shibtoken Posting in here just to say…… I told all of you so ðŸ«
@TikkalaResearch @Shibtoken So why did he take a $bone and send it to the shibairum?
@TikkalaResearch @Shibtoken Why did they exchange 225 eth gor bone, then delegate that bone? Why would a hacker do that? Wouldn’t they steal, sell, and disappear?
@TikkalaResearch @Mr_Lightspeed @Shibtoken This is a learning opportunity... yikes!
@TikkalaResearch @Shibtoken 369D Chess
@TikkalaResearch @Shibtoken Will still hold. We must not lose sight of long-term.
@TikkalaResearch @Shibtoken So what does this mean exactly. Sorry I'm fairly new
@TikkalaResearch @Shibtoken Really sucks
@TikkalaResearch @Shibtoken @grok is it real?
@TikkalaResearch @Shibtoken @grok o co chodzi w całej tej akcji?
@TikkalaResearch @Shibtoken For people who understands news...i would say buy more shiba inu you won't regret. This is a stunt...