IMM-2026-0015
ACTIVE
Keccak
0x1d948cb50e1757544e2fb9c9a4444fc5110c7005a84e4e968ff149e7bd97a37f
Type
CALL_PATTERN
Verdict
MALICIOUS
Confidence
91.0%
Severity
88
Value at risk
$0.00
Created
April 29, 2026 5:15 PM
Envelope
v1
Signed payload
Primary matcher
call_pattern
0x098b716b8aaf21512996dc57eb0615e2383e2f96 0x095ea7b3
Scope
galileo-testnet
home
sepolia
Evidence
redacted public excerpt
Reasoning excerpt
ERC20 approve(spender, amount) call targeting the consolidation address attributed to the June 2023 Atomic Wallet incident. The selector-only match (no argsTemplate gating) is intentional: any approval to this counterparty enables the drain regardless of token or amount. MALICIOUS at high confidence, severity high: a successful approval here lets Lazarus-attributed infrastructure pull the entire approved balance asynchronously.
Full evidence (TEE-sealed) is fetchable by holders of the unsealing key. Public mirror carries hash only.
TEE attestation
Curated by human
Heuristically published from a known threat catalog, not derived from a TEE-verified verdict.
Evidence CID
0x6e8ac985fc45f5dc86793cd152804e9ec4fec60343e5645bf809cb150855648c
Network impact
Live
Since publish
Cache hits
0
SDK check() matches
Agents synced
0
distinct callers
Attacks blocked
0
tx-level intercepts
Pool reverts
0
Uniswap v4 hook
USD protected
$0.00
no blocks recorded yet
Hits over time
each bar is one of 30 equal slices since publish
publish
now
Recent intercepts
| Agent | Method | Chain | When |
|---|---|---|---|
|
No agent has had to block this antibody yet.
Intercepts appear here in real time as agents match this pattern in the wild.
|
|||
| Chain | Tx | State |
|---|---|---|
|
sepolia
|
0xf3e6138b..7f9f | active |