Calculated from recorded token losses using historical USD prices at the incident time.
0x222e674fb1a7910ccf228f8aecf760508426b482EthereumAt Ethereum block 24449245, an unprivileged adversary realized an ACT exploit by calling helper contract 0xc8540a70aa191651d7cf8ed854ea3d346c897b2a, which then invoked c87c router 0xc87c815c03b6cd45880cbd51a90d0a56ecfba9da with forged victim payer context. The exploit transaction is 0x54bb31a5a1f5cb4d47f89d11d55c5e64e0de7b06956ba7c21d2062950357ccd5, and the attacker deployment transaction is 0xb944c628443e62cc4445850c2e174a4dd799805ffacc4661f7efead369d6b86e.
The critical exploit predicate is satisfied when USDT.transferFrom(victim, ddbb_pool, amount) is executed through c87c callback flow while transaction sender is not the victim. In the exploit, TetherToken::transferFrom(0x222e..., 0xDdBB..., 13906718432) is executed inside uniswapV3SwapCallback, and the victim is drained from 13906718432 USDT to 0.
This is classified as ACT (is_act=true) because execution requires only public on-chain state plus permissionless transactions. Attacker value changes are deterministic in evidence: before exploit, attacker had USDT 0 and ETH 19582320258858240 wei; after exploit, attacker had USDT 13801642298 and .
ETH 49765498299821006 weiThe vulnerable component is unverified c87c router bytecode at 0xc87c815c03b6cd45880cbd51a90d0a56ecfba9da, with relevant selectors:
0x8943ec02 (tokenReceived(address,uint256,bytes))0x1a9d82d5 (exactInputSingle(...))0xfa461e33 (uniswapV3SwapCallback(...))Victim context:
0x222e674fb1a7910ccf228f8aecf760508426b4820x2c760082a052607cd36bd6cd46f705d752ae35430e92c16ce8f0be73d03dde4f with allowance 900719925474099124449244: victim USDT balance=13906718432, allowance to c87c =9007199234740991Adversary context:
0x4fd9669fb676ea2ace620afb6178ae300ecfd8a90xc8540a70aa191651d7cf8ed854ea3d346c897b2anonce 0 from attacker computes helper address)Root cause category is ATTACK. The core issue is unauthenticated payer injection in c87c tokenReceived: payer context is set from attacker-controlled calldata and then attacker-provided bytes are delegatecalled in c87c context. This allows downstream callback logic to execute ERC20 transferFrom using a spoofed payer (victim).
The violated invariant is explicit: callback-driven transferFrom(payer, ...) must derive payer from authenticated source, not untrusted external arguments. The code-level breakpoint is c87c selector 0x8943ec02, where call_sender is set from arg0 and arbitrary payload is executed via delegatecall without trusted-caller validation. During exploit execution, the delegated path reaches swap callback and triggers USDT.transferFrom(victim, pool, 13906718432).
Because victim had both nonzero balance and nonzero allowance to c87c, and because attacker could call tokenReceived directly, the exploit is permissionless and deterministic.
The decompiled c87c tokenReceived path shows attacker-controlled payer write plus delegatecall:
function Unresolved_8943ec02(address arg0, uint256 arg1, uint256 arg2) public returns (uint256) {
...
call_sender = (uint96(call_sender)) | (address(arg0));
token_sender = msg.sender | (uint96(token_sender));
...
(bool success, bytes memory ret0) = address(this).Unresolved_(var_g); // delegatecall
...
}
Trace evidence from exploit tx 0x54bb31a5... confirms the exact unauthorized flow:
0xC87C...::tokenReceived(0x222E..., 0, <payload>)
-> 0xC87C...::exactInputSingle(...) [delegatecall]
-> 0xC87C...::uniswapV3SwapCallback(..., 13906718432, ...)
-> TetherToken::transferFrom(0x222E..., 0xDdBB..., 13906718432)
Deterministic state effects in the same trace include:
0xc555...) transitions from 0x33ce7aee0 to 0.0x0f0b...) decreases by exactly 13906718432.Exploit preconditions (all satisfied at block 24449244):
tokenReceived with crafted payload.The adversary execution is a two-transaction ACT sequence:
0xb944c628..., block 24449241)0xc854....0x54bb31a5..., block 24449245)tokenReceived(victim, 0, payload).USDT.transferFrom(victim, pool, 13906718432).Observed adversary-related accounts:
0x4fd9669fb676ea2ace620afb6178ae300ecfd8a90xc8540a70aa191651d7cf8ed854ea3d346c897b2aVictim/protocol entities:
0x222e674fb1a7910ccf228f8aecf760508426b482 (is_verified=false as EOA)0xdac17f958d2ee523a2206206994597c13d831ec70xc87c815c03b6cd45880cbd51a90d0a56ecfba9da0xddbb864c2541e27152dbb87037ece852afb1faf5Measured loss:
USDT 13,906,718,432 (token units)Participant-focused exploit deltas from state diff:
0x4fd9...: +13,801,642,298 USDT, +30,183,178,040,962,766 wei native0x222e...: -13,906,718,432 USDT0xddbb...: +105,076,134 USDT, -30,473,086,523,329,718 wei WETHFee and valuation details:
289,908,482,366,952 weiUSDT 0, ETH 19582320258858240 weiUSDT 13801642298, ETH 49765498299821006 wei0x54bb31a5...): artifacts/collector/seed/1/0x54bb31a5a1f5cb4d47f89d11d55c5e64e0de7b06956ba7c21d2062950357ccd5/trace.cast.logtokenReceived path: artifacts/collector/iter_1/contract/1/0xc87c815c03b6cd45880cbd51a90d0a56ecfba9da/decompile_sol/decompiled.sol0x23b872dd): artifacts/collector/iter_1/contract/1/0xc87c815c03b6cd45880cbd51a90d0a56ecfba9da/disassembly/disassembled.asm0x2c760082...): artifacts/collector/iter_1/tx/1/0x2c760082a052607cd36bd6cd46f705d752ae35430e92c16ce8f0be73d03dde4f/calldata_decoded.txtartifacts/collector/iter_1/state_diff/1/0x54bb31a5a1f5cb4d47f89d11d55c5e64e0de7b06956ba7c21d2062950357ccd5/state_diff_participants_normalized.jsonartifacts/collector/iter_1/state_diff/1/0x54bb31a5a1f5cb4d47f89d11d55c5e64e0de7b06956ba7c21d2062950357ccd5/prestate_diff_raw.jsonartifacts/collector/iter_1/state_diff/1/0x54bb31a5a1f5cb4d47f89d11d55c5e64e0de7b06956ba7c21d2062950357ccd5/balance_diff_prestate.json