🚨 Our exploit detection system had identified multiple malicious transactions targeting btcm.app contracts. 

The attack is still ongoing - over $1.3M had been drained so far.
Updates in 🧵

Attackers exploited a logical vulnerability in the contract's overPaper function, which allowed them to withdraw half the contract's balance.

Onchain security. Trusted by Coinbase, Metamask, Stellar, and more to detect, understand, and protect against fraud, scams, and exploits in real time.

Victim
https://arbiscan.io/address/0x271013fd6c1c2e5317af3e9db311a2d5c9e2d360

Attacker:
https://arbiscan.io/address/0xbf4fe9c88660d628e11702ef780376dd16495b16

Example transaction:
https://arbiscan.io/tx/0xc0ef229256b2a6bc076a2de136f00f6161c959e4c56240bdb580ae2fde177c0b

The attackers had already started laundering the stolen funds.

Example TX:

The attackers had already started laundering the stolen funds.

Example TX: https://arbiscan.io/tx/0xd95f5f2ce5f0310dbd8a13c184bd153ea8444be3b4e0210dbe4d5f135add433f