LNDFi
Contents
LNDFi - Rekt
In DeFi, a single admin key can make you king - or a thief.
$1.18 million vanished into digital mist on May 9th, when LNDFi's Pool Admin role fell into the wrong hands - turning a modified Aave fork into a personal withdrawal service.
A carefully orchestrated contract modification, deployed 41 days before the heist, transformed pool management functions into an express lane for outbound funds.
The exploit didn’t rely on obscure math or oracle manipulation - just one extra condition in a core access check, giving any “Pool Admin” the ability to drain user funds.
Was it nation-state infiltration or plain old negligence?
ZachXBT points to DPRK, but the blockchain tells a simpler story - admin keys leaked, contracts modified, funds drained.
In the end, does it matter who squeezed the trigger if the gun was left loaded and unattended?
Credit: LNDFi, ZachXBT, Tiancheng MaiWhen the Sonic blockchain lit up with suspicious activity on …
In DeFi, a single admin key can make you king - or a thief.
$1.18 million vanished into digital mist on May 9th, when LNDFi's Pool Admin role fell into the wrong hands - turning a modified Aave fork into a personal withdrawal service.
A carefully orchestrated contract modification, deployed 41 days before the heist, transformed pool management functions into an express lane for outbound funds.
The exploit didn’t rely on obscure math or oracle manipulation - just one extra condition in a core access check, giving any “Pool Admin” the ability to drain user funds.
Was it nation-state infiltration or plain old negligence?
ZachXBT points to DPRK, but the blockchain tells a simpler story - admin keys leaked, contracts modified, funds drained.
In the end, does it matter who squeezed the trigger if the gun was left loaded and unattended?
Credit: LNDFi, ZachXBT, Tiancheng MaiWhen the Sonic blockchain lit up with suspicious activity on …
IoC
82be4fe84c2790023906c1648e0836ada67714d9
f1b399290f027b46b517036cc65700fa61e123ff23af27dc7d009e3a72bb5034
3C5c2F4bCeC51a36494682f91Dbc6cA7c63B514C
AA8cc9afE14f3A2B200CA25382e7C87CD883a527
4b82e3485d33544561cd9a48410a605aa8892fb1
f9c1afaf46425c922deac9ce677a4352adf305952cde79bda73c3cb1c7c73fb0
74fadb3d2bdbcc215485537b69c8f25c2562981eee37c7014931941bdb39b913
8148c4243f8cb49fe80d9e23df0bafc1c6732f3e
5a94a3a114cf01f6a703dd8b840cf0a97cdf1434
0b1A51C5cbFfc636d79A072b8AA5a763CeC42eF2
5149A7696188F083297281D10293a20476252CDD
2446f9528fbf55ccf5b3e7a22fc058bda7a12131
d52f317b548bd0f67d32d35404d046e4e60f5af23dac8a502495a8714780bffe
0e192c6a1d4cad8feac85b2c5bdc5242a4ae336a5dd24ab2378d88f758e62dfa
d03b7d80cf7fcd4d14076ca53d42bcfac0115674699adecb99dd3a769d5ea41a
c0454e29835479ee80d6f42965a16dcee9bfd868
bf7e41329a2752a3d74a53762d94c6ab4f51da7a990b0363288af4afc17b098a
f1b399290f027b46b517036cc65700fa61e123ff23af27dc7d009e3a72bb5034
3C5c2F4bCeC51a36494682f91Dbc6cA7c63B514C
AA8cc9afE14f3A2B200CA25382e7C87CD883a527
4b82e3485d33544561cd9a48410a605aa8892fb1
f9c1afaf46425c922deac9ce677a4352adf305952cde79bda73c3cb1c7c73fb0
74fadb3d2bdbcc215485537b69c8f25c2562981eee37c7014931941bdb39b913
8148c4243f8cb49fe80d9e23df0bafc1c6732f3e
5a94a3a114cf01f6a703dd8b840cf0a97cdf1434
0b1A51C5cbFfc636d79A072b8AA5a763CeC42eF2
5149A7696188F083297281D10293a20476252CDD
2446f9528fbf55ccf5b3e7a22fc058bda7a12131
d52f317b548bd0f67d32d35404d046e4e60f5af23dac8a502495a8714780bffe
0e192c6a1d4cad8feac85b2c5bdc5242a4ae336a5dd24ab2378d88f758e62dfa
d03b7d80cf7fcd4d14076ca53d42bcfac0115674699adecb99dd3a769d5ea41a
c0454e29835479ee80d6f42965a16dcee9bfd868
bf7e41329a2752a3d74a53762d94c6ab4f51da7a990b0363288af4afc17b098a