[GUEST ACCESS MODE: Data is scrambled or limited to provide examples. Make requests using your API key to unlock full data. Check https://lunarcrush.ai/auth for authentication information.]

# ![@lzhou1110 Avatar](https://lunarcrush.com/gi/w:26/cr:twitter::910787059501150208.png) @lzhou1110 Liyi Zhou

Liyi Zhou posts on X about 0x354ad0816de79e72452c14001f564e5fdf9a355e, strike, oracle, $27m the most. They currently have XXXXX followers and XX posts still getting attention that total XXX engagements in the last XX hours.

### Engagements: XXX [#](/creator/twitter::910787059501150208/interactions)
![Engagements Line Chart](https://lunarcrush.com/gi/w:600/cr:twitter::910787059501150208/c:line/m:interactions.svg)

- X Week XXXXX +1,052%
- X Months XXXXX +240%

### Mentions: X [#](/creator/twitter::910787059501150208/posts_active)
![Mentions Line Chart](https://lunarcrush.com/gi/w:600/cr:twitter::910787059501150208/c:line/m:posts_active.svg)


### Followers: XXXXX [#](/creator/twitter::910787059501150208/followers)
![Followers Line Chart](https://lunarcrush.com/gi/w:600/cr:twitter::910787059501150208/c:line/m:followers.svg)

- X Week XXXXX +3%
- X Months XXXXX +19%
- X Year XXXXX +17%

### CreatorRank: XXXXXXXXX [#](/creator/twitter::910787059501150208/influencer_rank)
![CreatorRank Line Chart](https://lunarcrush.com/gi/w:600/cr:twitter::910787059501150208/c:line/m:influencer_rank.svg)

### Social Influence

**Social category influence**
[cryptocurrencies](/list/cryptocurrencies)  [technology brands](/list/technology-brands)  [finance](/list/finance) 

**Social topic influence**
[0x354ad0816de79e72452c14001f564e5fdf9a355e](/topic/0x354ad0816de79e72452c14001f564e5fdf9a355e) #2, [strike](/topic/strike) #2380, [oracle](/topic/oracle), [$27m](/topic/$27m), [0x3c212a044760de5a529b3ba59363ddeccc2210be](/topic/0x3c212a044760de5a529b3ba59363ddeccc2210be), [wsteth](/topic/wsteth), [0x13ec7d467bced0d10cea5d2ac2651930ba963e4e](/topic/0x13ec7d467bced0d10cea5d2ac2651930ba963e4e), [$1244k](/topic/$1244k), [work for](/topic/work-for), [core](/topic/core)

**Top accounts mentioned or mentioned by**
[@zyy0530](/creator/undefined) [@kaihuaqin](/creator/undefined) [@hatforcesec](/creator/undefined) [@mlsec](/creator/undefined) [@summitdefi](/creator/undefined) [@jubos](/creator/undefined) [@hartcb](/creator/undefined) [@joevanloon](/creator/undefined) [@profmetatrust](/creator/undefined) [@lmcsecurity](/creator/undefined) [@defiadamz](/creator/undefined) [@ribbonfinance](/creator/undefined) [@blocksecteam](/creator/undefined) [@wakeframework](/creator/undefined)

**Top assets mentioned**
[USDC (USDC)](/topic/usdc)
### Top Social Posts
Top posts by engagements in the last XX hours

"Looked a bit into this with @Zyy_0530 this morning after we woke up. An attacker-controlled contract manipulated the Opyn/Ribbon oracle stack by abusing upgradeable price-feed proxies to push arbitrary expiry prices for wstETH AAVE LINK and WBTC into the shared Oracle at a common expiry timestamp. The attacker then redeemed large short oToken positions against the MarginPool which used these forged expiry prices in its settlement pipeline and transferred out hundreds of WETH and wstETH thousands of USDC and several WBTC to the attacker cluster across a series of redeem and redeemTo"  
[X Link](https://x.com/lzhou1110/status/1999673530661945702)  2025-12-13T02:51Z 1466 followers, 3668 engagements


"Looked into this with @Zyy_0530 there are many suspicious things. X. The #DMi contract owner keeps changing the implementation for the past X days X. The attack happened when the implementation contract was configured to 0x13Ec7d467bcED0d10CEA5D2aC2651930bA963E4e at transaction Dec-08-2025 06:17:46 AM UTC X hours before the main attack transaction. X. The implementation contract is not yet "verified" to date. will try to decompile using D23E's decompiler later. X. Then there are two additional "change implementation" transactions after the attack which did make the analysis a bit more tricky"  
[X Link](https://x.com/lzhou1110/status/1998273894847742337)  2025-12-09T06:09Z 1451 followers, XXX engagements


"Spent a little bit of time on this attack with @Zyy_0530 again (Didn't check it that thoroughly so I might be wrong) The execution trace was super long that even the @BlockSecTeam Phalcon explorer did not work for like XX mins and finally it is working. The core vulnerability I think is the way reward is derived. Rewards are based **naively** only on "how many LP tokens this address holds." If an address touches LP the contract thinks it deserves new KK. Then _updatebalance mints those rewards whenever that address is involved in a transfer. This exploit has many helper addresses (and"  
[X Link](https://x.com/lzhou1110/status/1998700436878999794)  2025-12-10T10:24Z 1466 followers, 1118 engagements


"In simple terms: The attacker first created many option products then creating the oToken for it. isPut = false False means it is a call option not a put. So the product in the screenshot is basically: A stETH call option strike 3800 USDC collateral WETH expiring on XX Dec 2025"  
[X Link](https://x.com/lzhou1110/status/1999673535325962255)  2025-12-13T02:51Z 1466 followers, XXX engagements


"The result was that the system believed stETH was far above the strike by a huge margin across multiple settlement paths. Because of this fake price burning XXX oTokens paid out XXXXXXXXXXXXXXXXXXXXX WETH. In total the attacker extracted XXX ETH"  
[X Link](https://x.com/lzhou1110/status/1999673545732030960)  2025-12-13T02:51Z 1466 followers, XXX engagements


"The tokens were first transferred to 0x354ad0816de79e72452c14001f564e5fdf9a355e : then from 0x354ad0816de79e72452c14001f564e5fdf9a355e to many other accounts: Some already went into TC: Most of the other accounts have XXXXX ETH likely the XXX is to pay transaction fee the money will go into TC XXX ETH pool"  
[X Link](https://x.com/lzhou1110/status/1999674320868770210)  2025-12-13T02:54Z 1466 followers, XXX engagements