• bitcoinBitcoin (BTC) $ 100,442.00
  • ethereumEthereum (ETH) $ 2,214.21
  • tetherTether (USDT) $ 1.00
  • xrpXRP (XRP) $ 1.98
  • bnbBNB (BNB) $ 613.10
  • solanaSolana (SOL) $ 130.91
  • usd-coinUSDC (USDC) $ 0.999705
  • tronTRON (TRX) $ 0.262269
  • dogecoinDogecoin (DOGE) $ 0.148809
  • staked-etherLido Staked Ether (STETH) $ 2,214.52
  • cardanoCardano (ADA) $ 0.533730
  • wrapped-bitcoinWrapped Bitcoin (WBTC) $ 100,283.00
  • hyperliquidHyperliquid (HYPE) $ 35.41
  • wrapped-stethWrapped stETH (WSTETH) $ 2,665.56
  • bitcoin-cashBitcoin Cash (BCH) $ 456.15
  • leo-tokenLEO Token (LEO) $ 9.02
  • suiSui (SUI) $ 2.41
  • chainlinkChainlink (LINK) $ 11.46
  • usdsUSDS (USDS) $ 0.999582
  • stellarStellar (XLM) $ 0.225747
  • whitebitWhiteBIT Coin (WBT) $ 48.21
  • avalanche-2Avalanche (AVAX) $ 16.23
  • the-open-networkToncoin (TON) $ 2.71
  • binance-bridged-usdt-bnb-smart-chainBinance Bridged USDT (BNB Smart Chain) (BSC-USD) $ 0.999660
  • shiba-inuShiba Inu (SHIB) $ 0.000010
  • litecoinLitecoin (LTC) $ 79.45
  • wethWETH (WETH) $ 2,211.89
  • wrapped-eethWrapped eETH (WEETH) $ 2,366.77
  • ethena-usdeEthena USDe (USDE) $ 1.00
  • hedera-hashgraphHedera (HBAR) $ 0.131439
  • moneroMonero (XMR) $ 296.17
  • polkadotPolkadot (DOT) $ 3.11
  • bitget-tokenBitget Token (BGB) $ 3.99
  • coinbase-wrapped-btcCoinbase Wrapped BTC (CBBTC) $ 100,396.00
  • pi-networkPi Network (PI) $ 0.500869
  • uniswapUniswap (UNI) $ 6.20
  • daiDai (DAI) $ 0.999827
  • pepePepe (PEPE) $ 0.000009
  • aaveAave (AAVE) $ 222.35
  • ethena-staked-usdeEthena Staked USDe (SUSDE) $ 1.18
  • okbOKB (OKB) $ 49.24
  • blackrock-usd-institutional-digital-liquidity-fundBlackRock USD Institutional Digital Liquidity Fund (BUIDL) $ 1.00
  • bittensorBittensor (TAO) $ 301.27
  • susdssUSDS (SUSDS) $ 1.06
  • aptosAptos (APT) $ 3.91
  • crypto-com-chainCronos (CRO) $ 0.079551
  • internet-computerInternet Computer (ICP) $ 4.51
  • jito-staked-solJito Staked SOL (JITOSOL) $ 158.25
  • ethereum-classicEthereum Classic (ETC) $ 15.09
  • nearNEAR Protocol (NEAR) $ 1.87
  • usd1-wlfiUSD1 (USD1) $ 0.999211
  • tokenize-xchangeTokenize Xchange (TKX) $ 27.27
  • ondo-financeOndo (ONDO) $ 0.659953
  • mantleMantle (MNT) $ 0.587204
  • fasttokenFasttoken (FTN) $ 4.44
  • gatechain-tokenGate (GT) $ 15.70
  • official-trumpOfficial Trump (TRUMP) $ 8.61
  • lombard-staked-btcLombard Staked BTC (LBTC) $ 100,277.00
  • cosmosCosmos Hub (ATOM) $ 3.67
  • kaspaKaspa (KAS) $ 0.063293
  • vechainVeChain (VET) $ 0.019073
  • skySky (SKY) $ 0.072094
  • polygon-ecosystem-tokenPOL (ex-MATIC) (POL) $ 0.170330
  • fetch-aiArtificial Superintelligence Alliance (FET) $ 0.576967
  • first-digital-usdFirst Digital USD (FDUSD) $ 0.997339
  • usdtbUSDtb (USDTB) $ 0.999834
  • ethenaEthena (ENA) $ 0.234603
  • render-tokenRender (RENDER) $ 2.74
  • jupiter-perpetuals-liquidity-provider-tokenJupiter Perpetuals Liquidity Provider Token (JLP) $ 4.15
  • usdt0USDT0 (USDT0) $ 1.00
  • filecoinFilecoin (FIL) $ 2.05
  • algorandAlgorand (ALGO) $ 0.156599
  • kucoin-sharesKuCoin (KCS) $ 10.76
  • worldcoin-wldWorldcoin (WLD) $ 0.823407
  • binance-peg-wethBinance-Peg WETH (WETH) $ 2,211.25
  • arbitrumArbitrum (ARB) $ 0.264424
  • quant-networkQuant (QNT) $ 87.96
  • binance-staked-solBinance Staked SOL (BNSOL) $ 137.96
  • sei-networkSei (SEI) $ 0.203255
  • nexoNEXO (NEXO) $ 1.08
  • kaiaKaia (KAIA) $ 0.185100
  • flare-networksFlare (FLR) $ 0.015727
  • rocket-pool-ethRocket Pool ETH (RETH) $ 2,517.05
  • kelp-dao-restaked-ethKelp DAO Restaked ETH (RSETH) $ 2,316.95
  • polygon-bridged-usdt-polygonPolygon Bridged USDT (Polygon) (USDT) $ 1.00
  • jupiter-exchange-solanaJupiter (JUP) $ 0.341946
  • binance-bridged-usdc-bnb-smart-chainBinance Bridged USDC (BNB Smart Chain) (USDC) $ 0.999848
  • spx6900SPX6900 (SPX) $ 1.04
  • paypal-usdPayPal USD (PYUSD) $ 0.999766
  • celestiaCelestia (TIA) $ 1.39
  • injective-protocolInjective (INJ) $ 9.57
  • bonkBonk (BONK) $ 0.000012
  • fartcoinFartcoin (FARTCOIN) $ 0.921499
  • xdce-crowd-saleXDC Network (XDC) $ 0.055649
  • pax-goldPAX Gold (PAXG) $ 3,416.27
  • virtual-protocolVirtuals Protocol (VIRTUAL) $ 1.34
  • solv-btcSolv Protocol BTC (SOLVBTC) $ 100,363.00
  • optimismOptimism (OP) $ 0.482154
  • blockstackStacks (STX) $ 0.552556
  • tether-goldTether Gold (XAUT) $ 3,398.51
  • wbnbWrapped BNB (WBNB) $ 612.70
  • mantle-staked-etherMantle Staked Ether (METH) $ 2,367.96
  • sonic-3Sonic (S) $ 0.257950
  • stakewise-v3-osethStakeWise Staked ETH (OSETH) $ 2,322.48
  • arbitrum-bridged-wbtc-arbitrum-oneArbitrum Bridged WBTC (Arbitrum One) (WBTC) $ 100,159.00
  • story-2Story (IP) $ 2.75
  • clbtcclBTC (CLBTC) $ 101,184.00
  • syrupusdcSyrupUSDC (SYRUPUSDC) $ 1.11
  • renzo-restaked-ethRenzo Restaked ETH (EZETH) $ 2,326.82
  • vaultaVaulta (A) $ 0.470314
  • curve-dao-tokenCurve DAO (CRV) $ 0.528982
  • the-graphThe Graph (GRT) $ 0.072673
  • ousgOUSG (OUSG) $ 111.51
  • jito-governance-tokenJito (JTO) $ 2.00
  • dogwifcoindogwifhat (WIF) $ 0.673348
  • usdx-money-usdxStables Labs USDX (USDX) $ 0.997976
  • immutable-xImmutable (IMX) $ 0.357610
  • jupiter-staked-solJupiter Staked SOL (JUPSOL) $ 145.99
  • newton-projectAB (AB) $ 0.010061
  • msolMarinade Staked SOL (MSOL) $ 170.23
  • pancakeswap-tokenPancakeSwap (CAKE) $ 1.99
  • aerodrome-financeAerodrome Finance (AERO) $ 0.750584
  • ondo-us-dollar-yieldOndo US Dollar Yield (USDY) $ 1.08
  • liquid-staked-ethereumLiquid Staked ETH (LSETH) $ 2,387.99
  • usual-usdUsual USD (USD0) $ 0.997526
  • flokiFLOKI (FLOKI) $ 0.000063
  • zcashZcash (ZEC) $ 37.46
  • theta-tokenTheta Network (THETA) $ 0.593005
  • bitcoin-svBitcoin SV (BSV) $ 29.43
  • lido-daoLido DAO (LDO) $ 0.648881
  • solv-protocol-solvbtc-bbnSolv Protocol Staked BTC (XSOLVBTC) $ 100,203.00
  • the-sandboxThe Sandbox (SAND) $ 0.230284
  • ethereum-name-serviceEthereum Name Service (ENS) $ 16.86
  • iotaIOTA (IOTA) $ 0.145498
  • saros-financeSaros (SAROS) $ 0.212171
  • galaGALA (GALA) $ 0.012382
  • nutNut ($NUT) $ 1.85
  • bittorrentBitTorrent (BTT) $ 0.00000056
  • falcon-financeFalcon USD (USDF) $ 0.999708
  • pendlePendle (PENDLE) $ 3.25
  • tbtctBTC (TBTC) $ 100,121.00
  • jasmycoinJasmyCoin (JASMY) $ 0.010807
  • pudgy-penguinsPudgy Penguins (PENGU) $ 0.008179
  • tezosTezos (XTZ) $ 0.489048
  • wrapped-hypeWrapped HYPE (WHYPE) $ 35.28
  • walrus-2Walrus (WAL) $ 0.373568
  • true-usdTrueUSD (TUSD) $ 0.998975
  • l2-standard-bridged-weth-baseL2 Standard Bridged WETH (Base) (WETH) $ 2,210.11
  • pyth-networkPyth Network (PYTH) $ 0.084835
  • super-oethSuper OETH (SUPEROETH) $ 2,209.10
  • coredaoorgCore (CORE) $ 0.486260
  • bitcoin-avalanche-bridged-btc-bAvalanche Bridged BTC (Avalanche) (BTC.B) $ 100,269.00
  • raydiumRaydium (RAY) $ 1.82
  • flowFlow (FLOW) $ 0.301836
  • syrupMaple Finance (SYRUP) $ 0.437619
  • mantle-restaked-ethMantle Restaked ETH (CMETH) $ 2,368.85
  • cgeth-hashkey-cloudcgETH Hashkey Cloud (CGETH.HASH) $ 2,312.47
  • arbitrum-bridged-weth-arbitrum-oneArbitrum Bridged WETH (Arbitrum One) (WETH) $ 2,212.71
  • decentralandDecentraland (MANA) $ 0.234103
  • dexeDeXe (DEXE) $ 7.74
  • apecoinApeCoin (APE) $ 0.551788
  • kavaKava (KAVA) $ 0.404115
  • beldexBeldex (BDX) $ 0.060949
  • chain-2Onyxcoin (XCN) $ 0.012851
  • bridged-usdc-polygon-pos-bridgeBridged USDC (Polygon PoS Bridge) (USDC.E) $ 0.999705
  • ripple-usdRipple USD (RLUSD) $ 0.999762
  • thorchainTHORChain (RUNE) $ 1.22
  • usddUSDD (USDD) $ 1.00
  • compound-governance-tokenCompound (COMP) $ 44.83
  • staked-hypeStaked HYPE (STHYPE) $ 35.29
  • hashnote-usycCircle USYC (USYC) $ 1.09
  • usdbUSDB (USDB) $ 0.999811
  • heliumHelium (HNT) $ 2.15
  • mimblewimblecoinMimbleWimbleCoin (MWC) $ 36.91
  • mantle-bridged-usdt-mantleMantle Bridged USDT (Mantle) (USDT) $ 1.00
  • apenftAPENFT (NFT) $ 0.00000039
  • binance-peg-dogecoinBinance-Peg Dogecoin (DOGE) $ 0.148707
  • ketKet (KET) $ 0.368342
  • morphoMorpho (MORPHO) $ 1.16
  • venomVenom (VENOM) $ 0.169645
  • ether-fi-staked-ethether.fi Staked ETH (EETH) $ 2,207.88
  • neoNEO (NEO) $ 4.97
  • based-brettBrett (BRETT) $ 0.035322
  • ecasheCash (XEC) $ 0.000017
  • eosEOS (EOS) $ 0.471363
  • dydx-chaindYdX (DYDX) $ 0.432315
  • stader-ethxStader ETHx (ETHX) $ 2,352.01
  • starknetStarknet (STRK) $ 0.101473
  • elrond-erd-2MultiversX (EGLD) $ 11.94
  • axelarAxelar (AXL) $ 0.336948
  • justJUST (JST) $ 0.033396
  • axie-infinityAxie Infinity (AXS) $ 2.02
  • aioz-networkAIOZ Network (AIOZ) $ 0.274783
  • grassGrass (GRASS) $ 1.12
  • conflux-tokenConflux (CFX) $ 0.063361
  • build-onBUILDon (B) $ 0.319818
  • reserve-rights-tokenReserve Rights (RSR) $ 0.005462
  • olympusOlympus (OHM) $ 19.27
  • global-dollarGlobal Dollar (USDG) $ 0.999606
  • fraxLegacy Frax Dollar (FRAX) $ 0.999069
Bitcoin

‘Sherlock missed it’: Cork hacker slams audit firms in on-chain messages

By admin
0 2

‘Sherlock missed it’: Cork hacker slams audit firms in on-chain messages

The hacker behind last month’s $12 million exploit of Cork Protocol has weighed in on a debate between squabbling crypto security audit firms.

Messages left on-chain from the hacker’s address appear to set the record straight about the root causes of the incident and lament the clout-chasing of some auditors in the wake of such attacks.

The comments came in response to a post made on Wednesday by Jack Sanford, CEO of security audit firm Sherlock. Sandford accuses competitors Spearbit and Cantina of missing the vulnerability and covering up their failures.

In the first message, the hacker states “sherlock missed it.” Minutes later, they moved 4,530 ether — currently valued at $11.6 million — to a new address.

The debate

On May 28, a16z-backed Cork Protocol announced a “security incident affecting the wstETH:weETH market” and a temporary pause of all markets. The post-mortem report that followed stated that “the attacker exploited an access control vulnerability in the Cork Hook, which none of our audits flagged.”

However, Sanford’s post points to the commit hashes submitted in various auditors’ reports, as evidence that the supposed vulnerability did not fall within their scope.

He then highlights Cantina’s failure to provide such hashes and how Spearbit is yet to release their report publicly, despite it being overdue.

In the initial message left by the hacker, they seemingly correct the assumed root cause of the exploit, stating “uniswap hook is not problem,” pouring cold water on the idea that the bug was only present in later versions of the code.

The dressing-down

The attacker then followed up with “a really big bombshell,” written in Estonian, in which they appear to contradict themselves by stating that “Sherlock didn’t miss it,” and that “there are many ways to take DS, not just the Uniswap hook.”

He warns that all companies that missed the initial bug “should not be trusted.”

Somewhat ironically, the hacker’s main beef appears to be with blockchain security companies that capitalize on the attention brought by hacks.

Firms that “failed to detect the real problem” in their assessments allegedly include Dedaub, Three Sigma, Halborn, Blocksec, and many others.

The hacker says firms that look for promotion by releasing analysis before the official post-mortem “are not recommended.”

In a final message, sent hours later, the hacker doubles down on its attack on audit firms that “write nonsense about bugs to promote their brands and profit from the efforts of others.”

They call out Dedaub’s Neville Grech in particular, accusing him of “promoting your brands by analyzing bugs that you can’t detect yourself.”

The Cork Protocol culprit?

The content of these later messages suggests the hacker may well be a member of the security researcher community with an axe to grind. Others certainly seem to think so.

If so, it wouldn’t be the first time suspicions were raised about an established figure in the scene being a blackhat. Earlier this year, Nick L. Franklin, a prolific researcher who claimed to have “analyzed every major blockchain hack,” was linked to the $50 million Radiant Capital hack.

Source

admin 15256 posts 0 comments
You might also like More from author

Leave A Reply

Your email address will not be published.

Verified by MonsterInsights