search

safe-global / safe-user-allocation-reports

The proposed list of SAFE user allocations has been published on the Safe forum.
Creative Commons Zero v1.0 Universal
35 stars 10 forks source link

The user has created 12 multi-signatures for one address, and the three signatures set by himself are used for transactions #146

Closed yt00131 closed 2 years ago

yt00131 commented 2 years ago

0xC41Dd7D65444cdCD80d7E2FBd9d20c4B191Cf988 0x2d737cd0eBbdB40f4bCDDCbd0FcE1C03eB4a60Ba 0x821B7C84313B4901094246621181e995E5F1A83A 0xA4E870BFf703007E8a039b8947168cff22b50C90 0xB7E850025f77292c1602E2a48123b1455864FeCE 0x78eDDdE998E446A09A5b2054516f1da0B72CadA5 0xbdAE68423e2aB0Ff3164e02478a62CBfd73FbB68 0x865032F9ecF34F31f901bd420A476C6322fD13d4 0x5Adb607541cA9c1FA7bfc451A4b825EB56fD04D9 0x6E7497241C416fCC5E3447180882756dcf7Df5a0 0xEB17f902307dC052701e501F07e1C556Beb1a368

Reasoning The airdrop hunter used the 0xf9d38489b6fd704fd112934322908ee0b6cfbdd4 mainnet wallet to create 12 multi-signature , 0xf9d38489b6fd704fd112934322908ee0b6cfbdd4 0x442f821b35c919b713625e0a7a1564c5d9f8d0a0 0x3620e4ba3927181acb286ff481e275fd29a39530 0xeac3bf0b39a5e3e7ee8bdc92bf3cdb18f82e69ba The four addresses above are used for signing

Methodology Analysis according to the query results of the Ethernet browser,Most of the executed transactions are used to trade TRVL, hash:0xb9bd9cb25235b6240a24b5163aa87d765f0416a9315e16222ec91c21700237d8 Tokens with some contract addresses are transferred from the wallet creation, hash: 0x1fa79f947a5d70565351ecc12c50f8f325aae856e904faa94f4c841e46c7a98c Or transfer from Binance All of them have nothing to do with the repeater, because 40 wallets that execute transactions and create contract addresses are initiated,0x3620e4BA3927181ACb286Ff481E275FD29A39530 Execute 142 strokes。If it is a repeater, its signature and execution will have nothing to do with the creation of the main wallet, rather than from the main wallet。hash:0x7473339c827c3f2ac889ec076dc604a3a55d912011fe9ef2975bc9f616e4a481 most important point 0xf9d38489b6fd704fd112934322908ee0b6cfbdd4 and 0x3620e4ba3927181acb286ff481e275fd29a39530 Of the nearly 200 transactions initiated, all were transfers TRVL

My Safe Address 0x04b9f219331e4586Ae35cff9065eFc2A09F29751

tschubotz commented 2 years ago

Checked the first 2 Safes

https://etherscan.io/address/0xC41Dd7D65444cdCD80d7E2FBd9d20c4B191Cf988 https://etherscan.io/address/0x2d737cd0eBbdB40f4bCDDCbd0FcE1C03eB4a60Ba

Both have an etherscan label related to https://dtravel.com/. This seems like legitimate usage to me.