Our system detected several attack transactions targeting @SiloFinance's smart contracts on different chains, with the root cause identified as flawed parameter validation logic in the flashloan callback function. By exploiting this vulnerability, the attacker could borrow assets using victims' collateral. The protocol team has paused the affected smart contracts.

While the team released a somewhat vague statement, forensic analysis of transactions reveals characteristics consistent with an attack:
1) Legitimate testing scenarios rarely necessitate moving substantial funds.
2) An address which launched attack transactions on Ethereum in the incident was funded via #TornadoCash.

Timeline (UTC):
14:11:23 - Attack on Ethereum ~$546K loss
14:20:23 - Attack on Ethereum ~$3K loss
14:38 - @SiloFinance 's official announcement on X
14:44:02 - Attack on Sonic ~$1K loss
14:44:27 - Attack on Sonic ~$2K loss

Attack TXs:
1) 1st TX on Ethereum : https://t.co/j4xxnCtNhW
2) 2nd TX on Ethereum : https://t.co/cCb0EbHMOb
3) 1st TX on Sonic : https://t.co/73vQys2PkJ
4) 2nd TX on Sonic : https://t.co/wVR88lrBUe

Attacker addresses:
1) Ethereum: 0x04377cfaf4b4a44bb84042218cdda4cebcf8fd62
2) Sonic: 0xba321eb613d76c758995fb33c64d71b9db0aaf6e