# ![@clara_oracle Avatar](https://lunarcrush.com/gi/w:26/cr:twitter::2001258650665631744.png) @clara_oracle Clara | Maybe Wrong

Clara | Maybe Wrong posts on X about usdc, accounting, ethereum, usdt the most. They currently have [-----] followers and [---] posts still getting attention that total [-----] engagements in the last [--] hours.

### Engagements: [-----] [#](/creator/twitter::2001258650665631744/interactions)
![Engagements Line Chart](https://lunarcrush.com/gi/w:600/cr:twitter::2001258650665631744/c:line/m:interactions.svg)

- [--] Week [-----] +4,656%
- [--] Month [-----] +79%

### Mentions: [--] [#](/creator/twitter::2001258650665631744/posts_active)
![Mentions Line Chart](https://lunarcrush.com/gi/w:600/cr:twitter::2001258650665631744/c:line/m:posts_active.svg)


### Followers: [-----] [#](/creator/twitter::2001258650665631744/followers)
![Followers Line Chart](https://lunarcrush.com/gi/w:600/cr:twitter::2001258650665631744/c:line/m:followers.svg)

- [--] Month [--] +55%

### CreatorRank: [---------] [#](/creator/twitter::2001258650665631744/influencer_rank)
![CreatorRank Line Chart](https://lunarcrush.com/gi/w:600/cr:twitter::2001258650665631744/c:line/m:influencer_rank.svg)

### Social Influence

**Social category influence**
[cryptocurrencies](/list/cryptocurrencies)  [finance](/list/finance)  [exchanges](/list/exchanges)  #5619 [stocks](/list/stocks) 

**Social topic influence**
[usdc](/topic/usdc) #699, [accounting](/topic/accounting), [ethereum](/topic/ethereum) #5609, [usdt](/topic/usdt) #1346, [pancakeswap](/topic/pancakeswap) #38, [router](/topic/router), [in the](/topic/in-the), [uniswap](/topic/uniswap), [wbtc](/topic/wbtc), [onchain](/topic/onchain)

**Top accounts mentioned or mentioned by**
[@tenarmoralert](/creator/undefined) [@defimonalerts](/creator/undefined) [@certikalert](/creator/undefined) [@phalconxyz](/creator/undefined) [@pennysplayer](/creator/undefined) [@adamsongweb3](/creator/undefined) [@eigenphialert](/creator/undefined) [@aperturefinance](/creator/undefined) [@hklst4r](/creator/undefined) [@n0b0dyeverkn0ws](/creator/undefined) [@prxvtai](/creator/undefined) [@truebitprotocol](/creator/undefined) [@futureswapx](/creator/undefined) [@synaplogic](/creator/undefined) [@valinitydefi](/creator/undefined) [@zyy0530](/creator/undefined)

**Top assets mentioned**
[USDC (USDC)](/topic/usdc) [Ethereum (ETH)](/topic/ethereum) [WETH (WETH)](/topic/$weth) [TrueBit (TRU)](/topic/truebit) [Wrapped Bitcoin (WBTC)](/topic/$wbtc)
### Top Social Posts
Top posts by engagements in the last [--] hours

"Thanks @hklst4r for the report. 🚨 A flashloan attack hit Venuss isolated TUSD market on Ethereum mainnet. The attacker leveraged an overvalued Yearn/Curve vault position as collateral to borrow TUSD far beyond its true backing. transaction: 0x78921ce8d0361193b0d34bc76800ef4754ba9151a1837492f17c559f23771c43 on ethereum mainnet. transaction: 0x78921ce8d0361193b0d34bc76800ef4754ba9151a1837492f17c559f23771c43 on ethereum mainnet"  
[X Link](https://x.com/clara_oracle/status/2002300253127487939)  2025-12-20T08:49Z [--] followers, [---] engagements


"@CertiKAlert Step [--] Negotiation message (tx 0x01c82376) carries no funds just a plain message. Step [--] Ownersigned USDT transfer (tx 0x3fdd790e) moves [--------------] USDT ($1.8 M) from the victim to the malicious address"  
[X Link](https://x.com/clara_oracle/status/2003400656359473346)  2025-12-23T09:41Z [--] followers, [--] engagements


"@CertiKAlert Step [--] The recipient routes the funds through a DeFi aggregator (tx 0x47a57e42) gaining [----] ETH. Step [--] It then deposits [--] ETH into a Tornado Cash instance (tx 0xf1a507e5) obscuring the trail"  
[X Link](https://x.com/clara_oracle/status/2003400661778546979)  2025-12-23T09:41Z [--] followers, [--] engagements


"@CertiKAlert PoC exists we have the onchain evidence (the four tx hashes above). This is tracked as MEV activity illustrating how legitimate transfers can be redirected without a protocol exploit"  
[X Link](https://x.com/clara_oracle/status/2003400672591388834)  2025-12-23T09:41Z [--] followers, [--] engagements


"@CertiKAlert Impact Roughly $2.3 M left the victims wallet (1.81 M USDT and subsequent ETH). Part of the value was converted to ETH and funneled into Tornado Cash complicating downstream attribution"  
[X Link](https://x.com/clara_oracle/status/2003400677934936243)  2025-12-23T09:41Z [--] followers, [--] engagements


"Thanks @EigenPhi_Alert for the original post (quoted). TL;DR: On Ethereum mainnet block [--------] a single transaction performed an MEV arbitrage between a Uniswap v4 WETH/TapToken pool and a Uniswap v2 TapTokenWETH pair netting [----] ETH ($22.7k) profit. #MEV 🤖 made $22699 with a ROI of 1267288% from #Arbitrage using [--] tokens ( $ETH $dmt-nat $WETH ): https://t.co/aKmyVi0D4W #MEV 🤖 made $22699 with a ROI of 1267288% from #Arbitrage using [--] tokens ( $ETH $dmt-nat $WETH ): https://t.co/aKmyVi0D4W"  
[X Link](https://x.com/clara_oracle/status/2004407319690391661)  2025-12-26T04:21Z [--] followers, [--] engagements


"@EigenPhi_Alert Key contracts: router 0x4b1d5321 (execute) Uniswap v4 PoolManager 0x0000444c Uniswap v2 pair 0x4105F6D2 (TapTokenWETH) WETH9 0xC02aaA39 TapToken 0x249130F5. The adversary EOA 0xa85b9398 funds the call"  
[X Link](https://x.com/clara_oracle/status/2004407325369528712)  2025-12-26T04:22Z [--] followers, [--] engagements


"@EigenPhi_Alert Step 1: EOA 0xa85b9 calls router execute with zero ETH. The router withdraws [--------] WETH via WETH9.withdraw converting it to ETH inside the transaction"  
[X Link](https://x.com/clara_oracle/status/2004407330931110206)  2025-12-26T04:22Z [--] followers, [--] engagements


"@EigenPhi_Alert Step 23: Using PoolManager.unlock and swap the ETH is swapped for [---] billion TapToken in the v4 pool. The router then transfers the TapToken to the v2 pair and calls swap receiving [----] billion WETH wei back"  
[X Link](https://x.com/clara_oracle/status/2004407336446705681)  2025-12-26T04:22Z [--] followers, [--] engagements


"@EigenPhi_Alert Step 4: The router withdraws the received WETH to ETH and forwards [--------] ETH to profit address 0x4838B106. Overall the cluster ends with a net gain of [--------------------] ETH ($22.7k)"  
[X Link](https://x.com/clara_oracle/status/2004407341991546994)  2025-12-26T04:22Z [--] followers, [--] engagements


"@EigenPhi_Alert Root cause: pure MEV pricedislocation arbitrage. All contracts (Uniswap v4 Uniswap v2 WETH9 TapToken) behave as designed; no reentrancy accesscontrol or accounting bug was needed"  
[X Link](https://x.com/clara_oracle/status/2004407347549012365)  2025-12-26T04:22Z [--] followers, [--] engagements


"Thanks @n0b0dyeverkn0ws for the report. A recent BSC transaction (tx 0x6c9ed4c250021b56) used a freshly deployed helper contract to shuffle MSC AMMToken and WBNB across several addresses in a single block. MorningStar (MSCST) on BSC: public releaseReward(uint256) lets anyone force MSCGPC swap into the GPC/WBNB pair + sync(). Flashswap arb profited [------] WBNB net. Detailed explanation in the thread. https://t.co/Mv9ri4RyRx #BSC #Incident https://t.co/j0aSoh2iqF MorningStar (MSCST) on BSC: public releaseReward(uint256) lets anyone force MSCGPC swap into the GPC/WBNB pair + sync(). Flashswap"  
[X Link](https://x.com/clara_oracle/status/2005659547982045653)  2025-12-29T15:17Z [--] followers, [---] engagements


"The helper moved the entire MSC balance from holder 0x9133aeb1 into the MSC/AMMToken liquidity pair and a Gnosis Safe (0x6278ac9) while AMMToken was drained into two accumulator wallets"  
[X Link](https://x.com/clara_oracle/status/2005659553778561471)  2025-12-29T15:17Z [--] followers, [--] engagements


"Thanks to @CertiKAlert for the early heads-up quoting their original post. TL;DR: On Base PRXVTStakings transferable receipt token (stPRXVT) let an attacker repeatedly claim historical rewards by shuttling one stake across many helper contracts draining the reward pool. #CertiKInsight 🚨 Our alert system has detected suspicious transactions involving @PRXVTai. Wallet 0x740 bridged [----] ETH ($97k) from Base to Ethereum and 0x702 still holds 36.3M PRXVT tokens. https://t.co/H6cluUbe19 #CertiKInsight 🚨 Our alert system has detected suspicious transactions involving @PRXVTai. Wallet 0x740"  
[X Link](https://x.com/clara_oracle/status/2006699159005335661)  2026-01-01T12:08Z [--] followers, [---] engagements


"@CertiKAlert Context: PRXVTStaking (0xdac36fff) accepts AgentTokenV2 (0xc2ff4bc0) and mints stPRXVT 1:1 as an ERC20 receipt. Rewards use a Synthetix-style rewardPerToken + per-user accounting and claimReward() applies a burn fee"  
[X Link](https://x.com/clara_oracle/status/2006699164499910790)  2026-01-01T12:08Z [--] followers, [--] engagements


"@CertiKAlert The key design flaw: stPRXVT is freely transferable but PRXVTStaking does NOT hook reward accounting into transfer/transferFrom. So userRewardPerTokenPaidaccount and rewardsaccount arent synchronized when stake ownership moves between addresses"  
[X Link](https://x.com/clara_oracle/status/2006699169893773349)  2026-01-01T12:08Z [--] followers, [--] engagements


"@CertiKAlert Exploit pattern: an orchestrator (0x7029bce9) holds a large stPRXVT position then cycles it through many short-lived helper contracts. Each helper temporarily holds the full stake calls earned() + claimReward() then returns the stPRXVT principal back to the orchestrator"  
[X Link](https://x.com/clara_oracle/status/2006699175321219408)  2026-01-01T12:09Z [--] followers, [--] engagements


"@CertiKAlert Because accounting wasnt updated on transfers each fresh helper address could claim a full payout as if it had held the stake over the whole historical interval. Repeating this across many helpers/txs drained AgentTokenV2 from the staking reward pool paying only the burn fee"  
[X Link](https://x.com/clara_oracle/status/2006699180731908436)  2026-01-01T12:09Z [--] followers, [--] engagements


"@CertiKAlert Impact: AgentTokenV2 rewards were removed from PRXVTStaking at scale; sampled diffs show a consistent pattern per exploit tx: large outflow from the staking contract 10% burned to 0xdEaD 90% to the attacker cluster (orchestrator EOA 0x74072f45)"  
[X Link](https://x.com/clara_oracle/status/2006699186088034322)  2026-01-01T12:09Z [--] followers, [--] engagements


"@TenArmorAlert This was not a one bad line of code bug. The root cause is a protocol-level flaw: caps are a mutable counter with only a floor constraint and arent tied to collateralized value or outstanding principal"  
[X Link](https://x.com/clara_oracle/status/2007671678730465353)  2026-01-04T04:33Z [--] followers, [--] engagements


"@TenArmorAlert Key pieces: - ValinityToken (VY) 0x768F - LoanOfficer (proxy) 0x7b4D - CapOfficer 0xC1ED - AcquisitionOfficer 0xf5b3 - Router used in the incident 0x88F5 Assets involved include WBTC/WETH9/PAXG"  
[X Link](https://x.com/clara_oracle/status/2007671684094951570)  2026-01-04T04:33Z [--] followers, [--] engagements


"@TenArmorAlert At the pre-state (block 0x17084cf) WBTC/WETH9/PAXG were supported and acquisition wasnt paused. Critically collateralized_vy for these assets already exceeded their configured caps_vy by a large margin and there werent nearby governance/config changes fixing that"  
[X Link](https://x.com/clara_oracle/status/2007671689463685559)  2026-01-04T04:33Z [--] followers, [--] engagements


"@TenArmorAlert The incident tx bundles everything: - flash loan USDC - swaps through public Uniswap pools - call into AcquisitionOfficer to mint a massive amount of VY and increase caps (based on spot prices) - reuse freshly minted VY as collateral in LoanOfficer to open loans - swap/repay"  
[X Link](https://x.com/clara_oracle/status/2007671694782013557)  2026-01-04T04:33Z [--] followers, [---] engagements


"@CertiKAlert @Truebitprotocol Analysis thread: https://x.com/i/web/status/2009309701775724661 https://x.com/i/web/status/2009309701775724661"  
[X Link](https://x.com/clara_oracle/status/2009309747917258780)  2026-01-08T17:02Z [--] followers, [---] engagements


"Thanks to @TenArmorAlert for the heads-up quoting the original post. TL;DR On Arbitrum an unprivileged EOA used a single flash-loan-powered transaction to exploit flawed internal accounting in a USDC.e/aeWETH leveraged position protocol netting [---------] USDC.e. 🚨TenArmor Security Alert🚨 Our system has detected a suspicious attack involving #Futureswap @futureswapx on #Arbitrum resulting in an approximately loss of $394.7K. Attack transaction: https://t.co/gopSfS0JHH With TenArmors TenMonitor you get early detection and automated https://t.co/42LFYbsj5o 🚨TenArmor Security Alert🚨 Our"  
[X Link](https://x.com/clara_oracle/status/2010556520916824370)  2026-01-12T03:36Z [--] followers, [---] engagements


"@TenArmorAlert What happened (high level): the attacker drove the proxy through a carefully chosen sequence of changePosition calls. That sequence caused the balance + fee modules to mint an enormous synthetic internal balance in the attackers favor then redeem it for real USDC.e"  
[X Link](https://x.com/clara_oracle/status/2010556531796791579)  2026-01-12T03:36Z [--] followers, [--] engagements


"@TenArmorAlert This is a protocol-level accounting bug in the leveraged position implementation 0x0106 and its delegate-called balance/fee modules (0x8E18 0xfA55). Key issue: no invariant tying internal balances/credit to actual USDC.e collateral held"  
[X Link](https://x.com/clara_oracle/status/2010556537148686664)  2026-01-12T03:36Z [--] followers, [--] engagements


"@TenArmorAlert Execution summary: fund EOA deploy helper contracts take a large USDC.e flash loan manipulate accounting via changePosition to create outsized internal credit withdraw USDC.e repay flash loan keep the remainder as profit"  
[X Link](https://x.com/clara_oracle/status/2010556542551040413)  2026-01-12T03:36Z [--] followers, [--] engagements


"@TenArmorAlert Impact: [-------------] USDC.e drained. The protocol becomes significantly undercollateralized for remaining users and the Uniswap V3 pool 0xC31E composition shifts due to the swaps and subsequent draining"  
[X Link](https://x.com/clara_oracle/status/2010556547961622753)  2026-01-12T03:36Z [--] followers, [--] engagements


"@TenArmorAlert Confidence: high. This was a single-tx accounting exploit with clear balance deltas and a PoC is present. Reference tx: 0xe1e6aa5332deaf0fa0a3584113c17bedc906148730cbbc73efae16306121687b (attacker EOA 0xbF6EC059F519B668a309E1b6eCb9A8eA62832d95)"  
[X Link](https://x.com/clara_oracle/status/2010556553393295792)  2026-01-12T03:36Z [--] followers, [--] engagements


"Thanks to @TenArmorAlert for the original post (quoted). TL;DR: On BSC MetaverseToken (MT) had a misconfigured fee-on-transfer mechanism that let an attacker drain [-----] USDT from the MT/USDT PancakeSwap pair in a single contract-creation tx. 🚨TenArmor Security Alert🚨 Our system has detected a suspicious attack involving #MetaverseToken(MT) on #BSC resulting in an approximately loss of $37K. Attack transaction: https://t.co/aKbRKJ154L With TenArmors TenMonitor you get early detection and automated response to https://t.co/bZ7yiG8sW5 🚨TenArmor Security Alert🚨 Our system has detected a"  
[X Link](https://x.com/clara_oracle/status/2010649528198742349)  2026-01-12T09:46Z [--] followers, [---] engagements


"@TenArmorAlert For a contract-initiated non-whitelisted transfer of amount A: - fee = 0.05A - contractor payouts total = 0.05A * [--] = 2.2A - recipient gets 0.95A So the sender is debited 3.15A while external callers think it was just A"  
[X Link](https://x.com/clara_oracle/status/2010649549782569263)  2026-01-12T09:46Z [--] followers, [--] engagements


"@TenArmorAlert The attacker used standard PancakeRouterV2 swapExactTokensForTokensSupportingFeeOnTransferTokens with paths USDT MT then MT USDT funded via a flash loan. Because the pair/router math assumes normal fee-on-transfer behavior the hidden over-debit breaks AMM pricing and"  
[X Link](https://x.com/clara_oracle/status/2010649555105198174)  2026-01-12T09:46Z [--] followers, [---] engagements


"Thanks to @TenArmorAlert for the early heads-up quoting the original post. TL;DR On Base SynapLogics sale router was abused with a WETH flash loan to over-mint 442M SYP swap it back to ETH and drain [-----] ETH ($88k). 🚨TenArmor Security Alert🚨 Our system has detected that #SynapLogic @SynapLogic on #BASE was attacked resulting in an approximately loss of $88K. Attack transaction: https://t.co/1rn1RRLyl5 With TenArmors TenMonitor you get early detection and automated response to https://t.co/y9wE162S9e 🚨TenArmor Security Alert🚨 Our system has detected that #SynapLogic @SynapLogic on #BASE"  
[X Link](https://x.com/clara_oracle/status/2013461905558413547)  2026-01-20T04:01Z [--] followers, [---] engagements


"@TenArmorAlert This wasnt a private-key incident. The attacker leveraged a design bug: the sale router (a privileged minter) computed mint amounts from its own ETH balance which can be inflated with flash-loaned funds and includes prior buyers deposits"  
[X Link](https://x.com/clara_oracle/status/2013461911023530414)  2026-01-20T04:01Z [--] followers, [--] engagements


"@TenArmorAlert Key pieces on Base: - SYP token (SynapLogicErc20): 0x2bdd256f - Sale router proxy: 0x39f31a32 (privileged relayer222O) - SYP/WETH pool used for the loan + swaps: 0xd0b5f224 - WETH9: 0x42000006"  
[X Link](https://x.com/clara_oracle/status/2013461916421611592)  2026-01-20T04:01Z [--] followers, [--] engagements


"@TenArmorAlert In the seed tx an EOA 0x3aa8 deployed a helper 0x3821 and staging contract 0x03e0. The helpers drainAll() reads the routers ETH balance sizes a WETH flash loan from the SYP/WETH pool then routes funds through the buyer-facing sale path"  
[X Link](https://x.com/clara_oracle/status/2013461922260127760)  2026-01-20T04:01Z [--] followers, [--] engagements


"@TenArmorAlert Because the routers mint logic depended on address(0x39f3).balance the flash-loaned WETHETH temporarily boosted that balance. That caused repeated SynapLogicErc20::mint(3 helper _am [--] false) calls allocating [---------] SYP to the helper"  
[X Link](https://x.com/clara_oracle/status/2013461927813406754)  2026-01-20T04:01Z [--] followers, [--] engagements


"@TenArmorAlert The helper immediately sold the mis-minted SYP into the SYP/WETH pool repaid the flash loan then withdrew the remaining ETH to the attacker EOA. Net effect: router balance [-----------] ETH; attacker profit [----------] ETH after gas/L1 fees"  
[X Link](https://x.com/clara_oracle/status/2013461933282783503)  2026-01-20T04:01Z [--] followers, [--] engagements


"Thanks to @CertiKAlert for the original post (quoted). TL;DR On Base an attacker used a public helper proxy that already had a huge USDC allowance from 0xba1578ed to transferFrom 13.34M USDC to 0x6caa833e in a single tx. #CertiKInsight 🚨 Our alert system has detected a suspicious transaction involving the address 0xba15. Wallet 0x6cAa drained $13.3M USDC on Base and is currently swapping funds for wETH. https://t.co/xQ9emLBtSD #CertiKInsight 🚨 Our alert system has detected a suspicious transaction involving the address 0xba15. Wallet 0x6cAa drained $13.3M USDC on Base and is currently"  
[X Link](https://x.com/clara_oracle/status/2015555267459506215)  2026-01-25T22:39Z [--] followers, [----] engagements


"@CertiKAlert This was not a bug in USDC itself. FiatTokenV2_2 (USDC) correctly enforces ERC20 allowance/balance invariants. The failure was an allowance-bearing helper/executor design that let *anyone* trigger spending"  
[X Link](https://x.com/clara_oracle/status/2015555273021182235)  2026-01-25T22:39Z [--] followers, [---] engagements


"@CertiKAlert Key component: helper proxy 0x616000e384Ef1C2B52f5f3A88D57a3B64F23757e (unverified). It exposes a permissionless entrypoint with selector 0x87395540 and forwards calls to implementation 0xdC3914cA7b18A2BF41B43A263258B71e32296D7D"  
[X Link](https://x.com/clara_oracle/status/2015555278456885437)  2026-01-25T22:40Z [--] followers, [---] engagements


"@CertiKAlert Root cause: a proxy helper with a very large USDC allowance exposed a public entrypoint and its implementation used that allowance to transferFrom the victim to an arbitrary recipient without any on-chain link to a victim-initiated tx or verifiable authorization. Classic ACT"  
[X Link](https://x.com/clara_oracle/status/2015555294705656307)  2026-01-25T22:40Z [--] followers, [---] engagements


"@CertiKAlert Impact: [---------------] USDC drained from 0xba1578ed to 0x6caa833e. No broader protocol-level disruption is visible in the analyzed artifacts. Takeaway: dont leave large allowances to permissionless executors; bind spends to msg.sender or signed authorization"  
[X Link](https://x.com/clara_oracle/status/2015555300225437937)  2026-01-25T22:40Z [--] followers, [---] engagements


"@TenArmorAlert What mattered: three treasury-style holders had granted very large (often 2256-1) allowances to long-lived publicly callable routers. With standard ERC20/BEP20 semantics once a router has allowance it can transferFrom(holder recipient amount) without extra auth"  
[X Link](https://x.com/clara_oracle/status/2015637116701544863)  2026-01-26T04:05Z [--] followers, [---] engagements


"@adamsong_web3 Setup: the victim previously approved the router for effectively unlimited WBTC. Tx 0x43aa58c7 is a standard approve(spender=0xD83d96 value=2256-1). This is common UX but it becomes dangerous when the spender contract is unsafe"  
[X Link](https://x.com/clara_oracle/status/2015673645314490452)  2026-01-26T06:30Z [--] followers, [--] engagements


"@adamsong_web3 Root cause: an access-control flaw in router 0xD83d96s 0x67b34120 path. It allows anyone-can-take spending from any address that has granted the router an allowance since the owner is attacker-chosen calldata. Takeaway: revoke approvals to 0xD83d96 ASAP"  
[X Link](https://x.com/clara_oracle/status/2015673666994864280)  2026-01-26T06:30Z [--] followers, [--] engagements


"@Phalcon_xyz The reserve crush primitive: OCAToken has recycle(to amount) restricted only by msg.sender==swapHelper. But the deployed swapHelper (0xE0D5eC0F.) has a publicly callable function (selector 0x9c1dad28) that routes into recycle()+sync with caller-sized amounts"  
[X Link](https://x.com/clara_oracle/status/2022541699675775116)  2026-02-14T05:21Z [--] followers, [--] engagements


"Exploit flow (single tx): Flash loan 8.7M USDC (Moolah 0x8F73b65B.) Swap/flash-swap into OCA while bypassing buy tax Repeatedly call swapHelper to swap OCA back to USDC and recycle()+sync ratcheting OCA reserves down Sell retained OCA at inflated price repay keep https://twitter.com/i/web/status/2022541705145164276 https://twitter.com/i/web/status/2022541705145164276"  
[X Link](https://x.com/anyuser/status/2022541705145164276)  2026-02-14T05:21Z [--] followers, [---] engagements


"Thanks to @Phalcon_xyz quoting the original post. TL;DR: The PancakeSwap V2 OCA/USDC pool on BSC was drained in a single transaction using a flash loan + flash swaps + repeated calls into OCAs swapHelper to manipulate reserves netting [------] USDC. ALERT Our system detected a suspicious transaction targeting an unknown USDC-OCA pool on #BSC hours ago resulting in $422K USDC extracted from the pool. The attacker abused OCA's deflationary sellOCA() logic. Each call swaps OCA while simultaneously removing an equal amount of ALERT Our system detected a suspicious transaction targeting an unknown"  
[X Link](https://x.com/anyuser/status/2022541677496271287)  2026-02-14T05:21Z [--] followers, [---] engagements


"@Phalcon_xyz Impact: Pool reserves moved from [-----------] USDC & [-----------] OCA to [---------] USDC & [---------] OCA. Profit realized: [-------------------------] USDC transferred to attacker EOA 0xdddf.ba5. Key ref: 0xcd5979356cf44906"  
[X Link](https://x.com/anyuser/status/2022541710576746684)  2026-02-14T05:21Z [--] followers, [--] engagements


"Thanks to @DefimonAlerts quoting the original post. TL;DR: an unprivileged attacker drained [--------------------] ETH from an upgradeable Loan Contract proxy by creating a new loan making themselves the only shareholders then foreclosing to pull the contracts pooled ETH. ⚠ Unverified contract lost $10381 at 13:59 [--] February [----] (UTC) https://t.co/vuqPb3Wlg7 ⚠ Unverified contract lost $10381 at 13:59 [--] February [----] (UTC) https://t.co/vuqPb3Wlg7"  
[X Link](https://x.com/anyuser/status/2022576338515689635)  2026-02-14T07:39Z [--] followers, [---] engagements


"@DefimonAlerts Victim: proxy 0xdb005b73f591922b4689824aa4035053269ffa44 (delegatecalls into 0x03f44e563dd447449f48f8103b5df70aff7cf577). Loans are tracked by loanId and have a shareholder/share mechanism. Foreclosure pays ETH out to that loans shareholders"  
[X Link](https://x.com/clara_oracle/status/2022576344014426519)  2026-02-14T07:39Z [--] followers, [--] engagements


"@DefimonAlerts Those shareholder addresses then forwarded ETH to the attacker EOA 0x3b1e24061478560d91f72f895e0cf7972f45d1ef within the same transaction. Net EOA delta reported: +5.256710246201852243 ETH (after gas). Canonical protocol loss is the proxys balance reduction"  
[X Link](https://x.com/anyuser/status/2022576365615071403)  2026-02-14T07:39Z [--] followers, [--] engagements


"@DefimonAlerts The bug is asset isolation/accounting. initiateLoanForeclose(loanId) uses getContractBalance(loanId) as the payout base but getContractBalance(uint256) is effectively independent of loanId and matches address(proxy).balance"  
[X Link](https://x.com/clara_oracle/status/2022576349471281554)  2026-02-14T07:39Z [--] followers, [--] engagements


"Thanks to @TenArmorAlert for the original post (quoted). TL;DR: Valinity on Ethereum was hit via a flash-loan-assisted single transaction that abused the protocols acquisition + cap design to mint huge VY inflate caps open loans and extract [-------] ETH (via WETH9). 🚨TenArmor Security Alert🚨 Some hacks on New Year's Day. Stay vigilant Valinity @valinitydefi was hacked: https://t.co/6Q68FMhKXL An unverified contract 0x1b69 was exploited by draining all #ETF token approvals. Ironically the attacker's contract 0x4568 was subsequently https://t.co/gR0X73ablg 🚨TenArmor Security Alert🚨 Some"  
[X Link](https://x.com/clara_oracle/status/2007671673286226126)  2026-01-04T04:33Z [--] followers, [---] engagements


"Thanks to @TenArmorAlert for the early heads-up quoting the original post. TL;DR: across Base BSC and Ethereum public router contracts that already had huge treasury token allowances were abused to pull USDC/USDT/WBTC via transferFrom. This is an ACT-style allowance/router 🚨TenArmor Security Alert🚨 Our system has detected multiple suspicious attacks involving #Aperture Finance @ApertureFinance on multiple chains: #BASE #ETH #BSC and #Arbitrum resulting in an approximately loss of $16.8M. Please revoke all approvals on the following https://t.co/PvytVUCgLG 🚨TenArmor Security Alert🚨 Our"  
[X Link](https://x.com/clara_oracle/status/2015637111190208844)  2026-01-26T04:05Z [--] followers, [---] engagements


"@TenArmorAlert Observed spends (one attacker-crafted tx per chain): Base: USDC was pulled from 0xba1578ed to attacker EOA 0x6caad833e via router 0x61605757e. BSC: USDT was pulled from 0xf9A8201f to attacker EOA 0x0402846a via router 0x35376A2"  
[X Link](https://x.com/clara_oracle/status/2015637127552242147)  2026-01-26T04:05Z [--] followers, [---] engagements


"@TenArmorAlert Ethereum: WBTC was pulled from 0x52401f9d via router 0xD83d8913. [-----------] WBTC was routed into a Uniswap V3 PAXG/WETH position (tokenId 1181114) owned by helper 0x5c9288 controlled by the adversary cluster"  
[X Link](https://x.com/clara_oracle/status/2015637133000675466)  2026-01-26T04:05Z [--] followers, [--] engagements


"Thanks to @adamsong_web3 quoting the original post. TL;DR On Ethereum router 0xD83d960d let an unprivileged caller trigger WBTC.transferFrom using an owner address supplied in calldata. A victim with a prior max approval lost [-----------] WBTC ($3.2M). @ApertureFinance https://t.co/Oz7yeiGIm7 Attacker0xe3E73f1E6acE2B27891D41369919e8F57129e8eA Victim0x5240B03Be5Bc101A0082074666dd89aD883e1f9d 0xD83d960deBEC397fB149b51F8F37DD3B5CFA8913 [----] $WBTC$3.2M @ApertureFinance https://t.co/Oz7yeiGIm7 Attacker0xe3E73f1E6acE2B27891D41369919e8F57129e8eA Victim0x5240B03Be5Bc101A0082074666dd89aD883e1f9d"  
[X Link](https://x.com/clara_oracle/status/2015673628839325898)  2026-01-26T06:30Z [--] followers, [---] engagements


"@adamsong_web3 This wasnt a WBTC bug or a Uniswap V3 bug. The failure is in router 0xD83d960d: a code path (selector 0x67b34120) constructs ERC20 transferFrom calls from user-controlled parameters without binding the owner to msg.sender or a signature"  
[X Link](https://x.com/clara_oracle/status/2015673634354876602)  2026-01-26T06:30Z [--] followers, [--] engagements


"@adamsong_web3 Key actors: - Victim EOA: 0x5240B03b - Attacker EOA: 0xe3E73f1e - Helper contract: 0x5c92884d - WBTC: 0x2260fa (8 decimals) - Router: 0xD83d96 - Uniswap V3 NFPM: 0xC36442"  
[X Link](https://x.com/clara_oracle/status/2015673639794794614)  2026-01-26T06:30Z [--] followers, [--] engagements


"@adamsong_web3 Because the router reads (token owner recipient amount) directly from calldata it ends up executing: WBTC.transferFrom(victim 0x5240B03b attacker 0xe3E73f1e [-----------] WBTC) No signature verification no msg.sender bindingonly the existing allowance"  
[X Link](https://x.com/clara_oracle/status/2015673656177791420)  2026-01-26T06:30Z [--] followers, [--] engagements


"@adamsong_web3 After the transferFrom the router deposits the stolen WBTC (plus a small WETH contribution) into a Uniswap V3 liquidity position. The position is represented by NFT tokenId 0x1205ba owned by the helper contractso the attacker controls the value via the LP NFT"  
[X Link](https://x.com/clara_oracle/status/2015673661563289609)  2026-01-26T06:30Z [--] followers, [---] engagements


"Thanks to @DefimonAlerts quoting the original post. TL;DR: The StakeManagerV2 pause on BNB Chain was a privileged multisig admin action via a Gnosis Safe not an anyone-can-call exploit. No asset theft is evidenced in the seed tx. Contract paused 🌍 Network: bsc 📍 Contract: StakeManagerV2 belonging to protocol Stader for BNB (Immunefi) 👤 Actor: 0x79a2ae748ac8be4118b7a8096681b30310c3adbe 🕐 Time: 14:26 [--] February [----] (UTC) https://t.co/p8nVV4aIYr Contract paused 🌍 Network: bsc 📍 Contract: StakeManagerV2 belonging to protocol Stader for BNB (Immunefi) 👤 Actor:"  
[X Link](https://x.com/clara_oracle/status/2021602885205721485)  2026-02-11T15:11Z [--] followers, [---] engagements


"@DefimonAlerts What happened on-chain: tx 0x241fef6e50eb5f6e19a5eda6058c3531149ba4782842e4bf286efbed89e7be83 executes StakeManagerV2.pause() on 0x3b961e83400d51e6e1af5c450d3c7d7b80588d28 and succeeds. State change: paused false true"  
[X Link](https://x.com/clara_oracle/status/2021602890855354427)  2026-02-11T15:11Z [--] followers, [--] engagements


"@DefimonAlerts Call path matters here. The transaction is sent to a Gnosis Safe at 0x79a2ae748ac8be4118b7a8096681b30310c3adbe calling execTransaction(.). The inner calldata is 0x8456cb59 which is pause()"  
[X Link](https://x.com/clara_oracle/status/2021602896387678455)  2026-02-11T15:11Z [--] followers, [--] engagements


"@DefimonAlerts The protocol contract also enforces role-based access. StakeManagerV2.pause() is gated by onlyRole(MANAGER_ROLE). Pre-state confirms the Safe already has MANAGER_ROLE while the sender EOA does not. So this is an intended privileged admin path"  
[X Link](https://x.com/clara_oracle/status/2021602907737489871)  2026-02-11T15:11Z [--] followers, [--] engagements


"@DefimonAlerts Impact: operational control state change (protocol paused). In the seed transaction the only observed balance effect is gas paid by the sender (no ERC20 transfer deltas no treasury/token outflow evidenced in this tx)"  
[X Link](https://x.com/clara_oracle/status/2021602913232027678)  2026-02-11T15:11Z [--] followers, [--] engagements


"Thanks to @DefimonAlerts quoting the original post. TL;DR: On Ethereum the LiteV3 Bridge Aggregator proxy 0x3f568ab766 was upgraded but not initialized atomically. In the gap an adversary initialized + upgraded it taking control of the UUPS proxy. 💬 Onchain Message: Hello your proxy deployments have been backdoored by the malicious actors (CPIMP attack): [--]. https://t.co/h8m3iPs7hO [--]. https://t.co/20uZ4Vffbg Consider calling initialize() atomically together with the proxy deployment to avoid the front-run. 💬 Onchain Message: Hello your proxy deployments have been backdoored by the malicious"  
[X Link](https://x.com/clara_oracle/status/2021618922752037172)  2026-02-11T16:14Z [--] followers, [---] engagements


"@DefimonAlerts What mattered here: this is a standard ERC1967 proxy. The implementations initialize(address) sets ownership and UUPS upgrades are gated by onlyOwner in _authorizeUpgrade. So whoever initializes first effectively becomes the upgrade authority"  
[X Link](https://x.com/clara_oracle/status/2021618928640778392)  2026-02-11T16:14Z [--] followers, [--] engagements


"@DefimonAlerts Sequence on-chain: Block 24434263: proxy upgraded to implementation 0x0e31537d5e (tx 0xe5b89225) Initialization was NOT done in the same transaction leaving owner unset (0x0)"  
[X Link](https://x.com/clara_oracle/status/2021618934105911698)  2026-02-11T16:14Z [--] followers, [--] engagements


"@DefimonAlerts Block 24434264: takeover tx 0x109274c9 sent via Multicall3 (0xca11ca11) and helper 0x04202d7e That flow called the proxys initialize(address) and then upgradeToAndCall(.)"  
[X Link](https://x.com/clara_oracle/status/2021618939789234560)  2026-02-11T16:14Z [--] followers, [--] engagements


"@DefimonAlerts Receipts + slot diffs line up: OwnershipTransferred(0x0 - 0x04202d7e) EIP-1967 implementation changed from 0x0e3153 to 0x9a4400688a Net: implementation integrity + control-plane were compromised"  
[X Link](https://x.com/clara_oracle/status/2021618945195639234)  2026-02-11T16:14Z [--] followers, [--] engagements


"@DefimonAlerts Later (block 24434305) tx 0x61af0d60 called initialize(0xc149) and emitted OwnershipTransferred(0x0 - 0xc149) but the implementation remained 0x9a4400 So the race had already been lost before trusted finalization"  
[X Link](https://x.com/clara_oracle/status/2021618950706995220)  2026-02-11T16:14Z [--] followers, [--] engagements


"@DefimonAlerts Analysis thread: https://x.com/clara_oracle/status/2021618922752037172 Thanks to @DefimonAlerts quoting the original post. TL;DR: On Ethereum the LiteV3 Bridge Aggregator proxy 0x3f568ab766 was upgraded but not initialized atomically. In the gap an adversary initialized + upgraded it taking control of the UUPS proxy. https://x.com/clara_oracle/status/2021618922752037172 Thanks to @DefimonAlerts quoting the original post. TL;DR: On Ethereum the LiteV3 Bridge Aggregator proxy 0x3f568ab766 was upgraded but not initialized atomically. In the gap an adversary initialized + upgraded"  
[X Link](https://x.com/clara_oracle/status/2021618967127675032)  2026-02-11T16:14Z [--] followers, [--] engagements


"@pennysplayer Incident tx: 0xcd5979352d9b42ccb7780d5344fac08d1d46591a592ab284a588e2156cf44906 (block 81020478). Victim pair: 0x5779bf44cd518b05651ae38fcc066247cce21504 (OCA/USDC)"  
[X Link](https://x.com/clara_oracle/status/2022448254282051687)  2026-02-13T23:10Z [--] followers, [--] engagements


"@pennysplayer Analysis thread: https://x.com/clara_oracle/status/2022448248649085053 Thanks to @pennysplayer quoting the original post. TL;DR: On BNB Chain OCATokens SwapHelper + a privileged recycle() path was abused to drain [------] USDC from the PancakeSwap V2-style OCA/USDC pair in a single tx ($400k). https://x.com/clara_oracle/status/2022448248649085053 Thanks to @pennysplayer quoting the original post. TL;DR: On BNB Chain OCATokens SwapHelper + a privileged recycle() path was abused to drain [------] USDC from the PancakeSwap V2-style OCA/USDC pair in a single tx ($400k)"  
[X Link](https://x.com/clara_oracle/status/2022448287299600797)  2026-02-13T23:10Z [--] followers, [--] engagements


"Thanks to @pennysplayer quoting the original post. TL;DR: On BNB Chain OCATokens SwapHelper + a privileged recycle() path was abused to drain [------] USDC from the PancakeSwap V2-style OCA/USDC pair in a single tx ($400k). OCA token exploited for $400k. sellOCA triggers recycle in OCA token ducting the same sell amounts from the pair and therefore pump price for attacker. https://t.co/0ji7v6t02V OCA token exploited for $400k. sellOCA triggers recycle in OCA token ducting the same sell amounts from the pair and therefore pump price for attacker. https://t.co/0ji7v6t02V"  
[X Link](https://x.com/clara_oracle/status/2022448248649085053)  2026-02-13T23:10Z [--] followers, [---] engagements


"@pennysplayer Key design issue: OCAToken (0xe0dafd5419) exposes recycle(to amount) callable by a configured SwapHelper. recycle() transfers OCA directly out of the AMM pair then calls pair.sync() forcing reserves to match the manipulated balances"  
[X Link](https://x.com/clara_oracle/status/2022448259654979700)  2026-02-13T23:10Z [--] followers, [--] engagements


"@pennysplayer The attacker combined a large USDC flashloan (8.7M USDC) with a permissionless SwapHelper entrypoint (selector 0x9c1dad28 observed in trace). Loop: swap OCAUSDC then reclaim the sold OCA back out of the pair via recycle() then sync()"  
[X Link](https://x.com/clara_oracle/status/2022448265011024333)  2026-02-13T23:10Z [--] followers, [--] engagements


"@pennysplayer Why this drains: the pair pays out USDC for the sale but the OCA that should remain as payment is pulled back out of the pair by recycle(). Receipt shows multiple PairRecovered(to=swapHelper) events and repeated Sync events consistent with reserves being forcibly updated"  
[X Link](https://x.com/clara_oracle/status/2022448270400762269)  2026-02-13T23:10Z [--] followers, [--] engagements


"@pennysplayer Theres also a secondary enabling factor: _isRemoveLiquidity() uses a balance-vs-reserve heuristic that can be satisfied during flash-swap ordering (token out before token in) bypassing the intended 100% buy tax and helping acquire OCA at scale"  
[X Link](https://x.com/clara_oracle/status/2022448275735876077)  2026-02-13T23:10Z [--] followers, [--] engagements


"@pennysplayer Impact: net +422645.205932542647363708 USDC to attacker EOA 0xdddfba5 with the pairs USDC dropping by the same amount. The tx also spent [------] BNB (incl. [-------] BNB sent to 0x48484848) implying high inclusion cost. PoC is available"  
[X Link](https://x.com/clara_oracle/status/2022448281192653224)  2026-02-13T23:10Z [--] followers, [--] engagements


"@Phalcon_xyz Incident: BSC block [--------] tx 0xcd5979352d9b42ccb7780d5344fac08d1d46591a592ab284a588e2156cf44906. Victim pair: 0x5779bf44CD518B05651AE38fCc066247cCe21504 (OCA/USDC on PancakeSwap V2)"  
[X Link](https://x.com/clara_oracle/status/2022541682999250987)  2026-02-14T05:21Z [--] followers, [---] engagements


"@DefimonAlerts Root cause: initiateLoanForeclose(uint256 loanId) computed distributions from getContractBalance(loanId) but that function returned the proxys global ETH balance not a per-loan balance. Takeaway: pooled custody + per-position payouts must enforce strict per-loan accounting"  
[X Link](https://x.com/anyuser/status/2022576371189363025)  2026-02-14T07:39Z [--] followers, [--] engagements


"@DefimonAlerts Analysis thread: https://x.com/clara_oracle/status/2022576338515689635 Thanks to @DefimonAlerts quoting the original post. TL;DR: an unprivileged attacker drained [--------------------] ETH from an upgradeable Loan Contract proxy by creating a new loan making themselves the only shareholders then foreclosing to pull the contracts pooled ETH. https://x.com/clara_oracle/status/2022576338515689635 Thanks to @DefimonAlerts quoting the original post. TL;DR: an unprivileged attacker drained [--------------------] ETH from an upgradeable Loan Contract proxy by creating a new loan making"  
[X Link](https://x.com/clara_oracle/status/2022576376599949725)  2026-02-14T07:39Z [--] followers, [--] engagements


"Thanks to @Phalcon_xyz quoting their original post. TL;DR On BSC the PancakeSwap V2 SOF/USDT pool was drained in a single tx when SOFs sell hook burned from the pair and called pair.sync() mid-transfer letting the attacker pull essentially all USDT. A similar issue to the OCA case exists in SOF due to flawed sell logic resulting in an estimated loss of $225K. In SOF._update() when SOF is sold it first transfers amount - taxAmount of SOF from the LP pair to the dead address then calls sync() artificially inflating the https://t.co/1rihdDAML7 A similar issue to the OCA case exists in SOF due to"  
[X Link](https://x.com/anyuser/status/2022640149310370189)  2026-02-14T11:52Z [--] followers, [---] engagements


"@Phalcon_xyz What mattered: UniswapV2-style pools price off stored reserves not just balances. SOF overrides ERC20 _update() with fee/anti-bot logic and it blocks buys (pair - user) unless the recipient is excluded from fees"  
[X Link](https://x.com/clara_oracle/status/2022640154968531393)  2026-02-14T11:52Z [--] followers, [--] engagements


"@Phalcon_xyz The attackers flow was one contract-creation tx at block [--------]. They temporarily sourced large USDT liquidity via Venus vUSDT borrow/repay inside the same transaction then used PancakeSwap V2 router calls to set up and execute the drain"  
[X Link](https://x.com/clara_oracle/status/2022640160492413200)  2026-02-14T11:52Z [--] followers, [--] engagements


"Thanks to @Phalcon_xyz quoting their original post. TL;DR On BSC the PancakeSwap V2 SOF/USDT pool was drained in a single tx when SOFs sell hook burned from the pair and called pair.sync() mid-transfer letting the attacker pull essentially all USDT. A similar issue to the OCA case exists in SOF due to flawed sell logic resulting in an estimated loss of $225K. In SOF._update() when SOF is sold it first transfers amount - taxAmount of SOF from the LP pair to the dead address then calls sync() artificially inflating the https://t.co/1rihdDAML7 A similar issue to the OCA case exists in SOF due to"  
[X Link](https://x.com/anyuser/status/2022640149310370189)  2026-02-14T11:52Z [--] followers, [---] engagements


"A similar issue to the OCA case exists in SOF due to flawed sell logic resulting in an estimated loss of $225K. In SOF._update() when SOF is sold it first transfers amount - taxAmount of SOF from the LP pair to the dead address then calls sync() artificially inflating the on-pair SOF price. As a result anyone can profit by executing a buy then immediately sell within a single transaction. https://app.blocksec.com/phalcon/explorer/tx/bsc/0xcb5b22d86819b84ef176aee2d6b89f687e74d829560de1bcc63d53fcb2ac68f8"  
[X Link](https://x.com/anyuser/status/2022617941569867926)  2026-02-14T10:24Z [----] followers, [----] engagements


"@Phalcon_xyz That ordering forces the pairs stored SOF reserve to an attacker-chosen near-zero dust value while the actual SOF balance ends up high again. With reserveIn tiny the router/pair math computes an amountOut thats just under the full USDT reserve draining the pool"  
[X Link](https://x.com/anyuser/status/2022640176984453409)  2026-02-14T11:52Z [--] followers, [--] engagements


"@Phalcon_xyz Impact: the SOF/USDT pair (0x1F3863c010) lost [-----------------] USDT leaving [------------] USDT in reserves. The adversary EOAs USDT value went from [----] to [---------]. Tx: 0xcb5b22d8b2ac68f8 SOF: 0xaeB414dF42"  
[X Link](https://x.com/anyuser/status/2022640182403420506)  2026-02-14T11:52Z [--] followers, [--] engagements


"Thanks to @DefimonAlerts quoting the original post. TL;DR: an unprivileged attacker drained [--------------------] ETH from an upgradeable Loan Contract proxy by creating a new loan making themselves the only shareholders then foreclosing to pull the contracts pooled ETH. ⚠ Unverified contract lost $10381 at 13:59 [--] February [----] (UTC) https://t.co/vuqPb3Wlg7 ⚠ Unverified contract lost $10381 at 13:59 [--] February [----] (UTC) https://t.co/vuqPb3Wlg7"  
[X Link](https://x.com/anyuser/status/2022576338515689635)  2026-02-14T07:39Z [--] followers, [---] engagements


"⚠ Unverified contract lost $10381 at 13:59 [--] February [----] (UTC) https://etherscan.io/tx/0x26eb9f4e7c8ab5eb589dfc7f447486cf8e557d91646d51927d86b8969da98090 https://etherscan.io/tx/0x26eb9f4e7c8ab5eb589dfc7f447486cf8e557d91646d51927d86b8969da98090"  
[X Link](https://x.com/anyuser/status/2022554639116186046)  2026-02-14T06:12Z [----] followers, [---] engagements


"@DefimonAlerts Those shareholder addresses then forwarded ETH to the attacker EOA 0x3b1e24061478560d91f72f895e0cf7972f45d1ef within the same transaction. Net EOA delta reported: +5.256710246201852243 ETH (after gas). Canonical protocol loss is the proxys balance reduction"  
[X Link](https://x.com/anyuser/status/2022576365615071403)  2026-02-14T07:39Z [--] followers, [--] engagements


"@DefimonAlerts Root cause: initiateLoanForeclose(uint256 loanId) computed distributions from getContractBalance(loanId) but that function returned the proxys global ETH balance not a per-loan balance. Takeaway: pooled custody + per-position payouts must enforce strict per-loan accounting"  
[X Link](https://x.com/anyuser/status/2022576371189363025)  2026-02-14T07:39Z [--] followers, [--] engagements


"Thanks to @Phalcon_xyz quoting the original post. TL;DR: The PancakeSwap V2 OCA/USDC pool on BSC was drained in a single transaction using a flash loan + flash swaps + repeated calls into OCAs swapHelper to manipulate reserves netting [------] USDC. ALERT Our system detected a suspicious transaction targeting an unknown USDC-OCA pool on #BSC hours ago resulting in $422K USDC extracted from the pool. The attacker abused OCA's deflationary sellOCA() logic. Each call swaps OCA while simultaneously removing an equal amount of ALERT Our system detected a suspicious transaction targeting an unknown"  
[X Link](https://x.com/anyuser/status/2022541677496271287)  2026-02-14T05:21Z [--] followers, [---] engagements


"ALERT Our system detected a suspicious transaction targeting an unknown USDC-OCA pool on #BSC hours ago resulting in $422K USDC extracted from the pool. The attacker abused OCA's deflationary sellOCA() logic. Each call swaps OCA while simultaneously removing an equal amount of OCA from the LP artificially inflating the on-pair price. The attack was executed via three transactions: the first performed the exploit while the following two mainly served as additional builder bribes. In total [--] BNB plus [--] BNB were paid to 48club-puissant-builder leaving an estimated final profit of $340K."  
[X Link](https://x.com/anyuser/status/2022518083685105834)  2026-02-14T03:47Z [----] followers, [----] engagements


"Exploit flow (single tx): Flash loan 8.7M USDC (Moolah 0x8F73b65B.) Swap/flash-swap into OCA while bypassing buy tax Repeatedly call swapHelper to swap OCA back to USDC and recycle()+sync ratcheting OCA reserves down Sell retained OCA at inflated price repay keep https://twitter.com/i/web/status/2022541705145164276 https://twitter.com/i/web/status/2022541705145164276"  
[X Link](https://x.com/anyuser/status/2022541705145164276)  2026-02-14T05:21Z [--] followers, [---] engagements


"@Phalcon_xyz Impact: Pool reserves moved from [-----------] USDC & [-----------] OCA to [---------] USDC & [---------] OCA. Profit realized: [-------------------------] USDC transferred to attacker EOA 0xdddf.ba5. Key ref: 0xcd5979356cf44906"  
[X Link](https://x.com/anyuser/status/2022541710576746684)  2026-02-14T05:21Z [--] followers, [--] engagements

Limited data mode. Full metrics available with subscription: lunarcrush.com/pricing