flipside

    Try Quests to earn cryptoTry Quests to earn crypto
    Share

    Bug Exploiters

    What Will You Read?

    Paragraph

    Method

    Using website hint, I looked for suspicious addresses during the mentioned block_id. I actually found two suspicious wallets. What are my suspicious parameters:

    • Number of added and remove liquidity in a short on the same day.
    • unusual amounts in and unusual amounts out

    with those metrics, I have found these two user address:

      • osmo18qx59wy8s3ytax3e0akna934e86mw776vlzjtq
      • osmo10t26acjmemggsahq6uvyucm4tj3z0mhz23ljh2
    Loading...

    The below chart shows the total removed volume in USD. Most of the removed volume occurred in two wallets. Although the other 5 wallets were suspicious But their volume doesn't matter for this bounty and I focused on these two wallets.

    Loading...
    Loading...

    Suspicious Wallets Activties

    The Only Transfer out of Osmosis was from one of the suspicious wallets. That wallet transferred 316K Cosmos from the stolen amount to out of Osmosis, and about 99K remaining in the Osmosis.

    Swaps

    Loading...

    In the previous table, You have seen that only one transfer happened directly from Suspicious wallets to out of Osmosis. The below chart shows the remaining assets and their amounts. The rest of the amount was swapped to another token and transferred out of Osmosis. As you can see from a wallet remained, about 2.7M Osmosis, 9 BTC, 416K Cosmos(In the previous table, we have seen that about 316K transferred, So the current Cosmos balance is about 99K), and 192 Wrapped Ether. Also, the other wallet still has 172K Osmosis in its Osmo Wallet.

      • IMPORTANT NOTE: These Balance doesn't mean that currently available at the stolen Address. A few amounts were transferred to another wallet on Osmosis, not out of Osmosis.
      • IMPORTANT NOTE: As I mentioned, About 316K Cosmos was Transferred from these wallets. So the Current Cosmos balance is 99K, not 416. I calculated in the previous table.

    Off-Chain Data

    In the below image, You can see current balance in Stolen Address

    db_img
    db_img

    Thank You For Reading!

    Written by Hess

    where Discord_id: hess#0890

    and

    twitter_id: @hessaminanloo

    The total amounts in USD that were removed by those 8 addresses is about 14.5M dollars. About 13.5M dollars were removed from the 2 mentioned addresses.

    Paragraph

    Conclusion

    As I have found, The identity of the attackers is not clear. We don't know exactly who they are. About 40-50% of tokens volume is transferred out of Osmosis and still, less than 50% is in their wallets.