-
Notifications
You must be signed in to change notification settings - Fork 38
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
FN Suspicious funding detector #658
Comments
The issue here was the that the bot contains a max value threshold (the reasoning being that an attacker wouldn't need to much funds transferred in order to execute an attack) and in these cases it was exceeded. The threshold on each chain were the following:
and after discussing with @salort-forta, we decided to 20x the ETH values (bringing them to around $5000) and then updating the rest of the chains threshold to also be around $5000 at the time of the update.
The updated bot has been deployed. |
@Vxatz could you confirm that we did have the same issue here? |
@Ivan1905, yes it's the same issue. The account was funded with 1 ETH and our max value threshold was 0.07 ETH (It's now 1.4 ETH) |
@Vxatz could you confirm we have the same case here? |
Hi @Ivan1905, this case is different, we didn't get an alert for the funding tx of the attacker because we don't monitor ChangeNOW in the hops bot (I think the decision was made because ChangeNOW is frequently used as a legit funding source) |
Hi @Vxatz this seems to be the same case, right? https://bscscan.com/tx/0xefe58a14fc0022872262678b358aaae64a26fe2389d09093eb14752ea99415e9 Attacker seems to be funded by another address which was funded by Changenow |
That's right. |
Hi there,
Attaching a few examples.
Case 1: Attacker was: https://bscscan.com/txs?a=0xb6911DEE6a5b1c65Ad1aC11A99AeC09C2Cf83c0e
which was funded by: https://bscscan.com/txs?a=0x06b8cc57c7156875385085d6a6bd59db87d9c72a&p=2 - which was funded by changenow. Suspicious Funding Detector did not fire.
Case 2: attacker was: https://bscscan.com/txs?a=0x6951EB8a4A1DAb360F2230Fb654551335d560ec0
which was funded by: https://bscscan.com/address/0xc35a04a5dce3d31649e97159f53247fb9e1c3bd7#internaltx which was funded by TC. Suspicious Funding Detector did not fire.
Case 3: Attacker was: https://etherscan.io/address/0xFcd4ACBc55DF53fBc4C9D275e3495B490635f113 which was funded by: https://etherscan.io/address/0xc9037673e12e9f240f1015f7e57611489dc4f5bc which was funded by tc. Suspicious Funding Detector did not fire.
The text was updated successfully, but these errors were encountered: