IMM-2026-0050
ACTIVE
Keccak
0xdcef73e3bd3209e22a8d3f313895205df2a4995b973cacb6c5c420c914705f3a
Type
SEMANTIC
Verdict
MALICIOUS
Confidence
92.0%
Severity
95
Value at risk
$0.00
Created
April 30, 2026 2:52 AM
Envelope
v1
Signed payload
Primary matcher
semantic
COUNTERPARTY "binance support said: 'you had a stuck withdraw — sign this perm"
Scope
galileo-testnet
home
sepolia
Evidence
redacted public excerpt
Reasoning excerpt
The user reports receiving a message impersonating Binance support claiming a stuck withdrawal and requesting a permit signature. The proposed action is a token transfer (ERC-20 approve pattern) to an unknown address (0x39D4...). This is a classic phishing/social engineering attack: impersonation of a trusted counterparty (Binance) combined with urgency and authority to extract a signature that enables fund drainage. The marker captures the impersonation and manipulation.
Full evidence (TEE-sealed) is fetchable by holders of the unsealing key. Public mirror carries hash only.
TEE attestation
Curated by human
Heuristically published from a known threat catalog, not derived from a TEE-verified verdict.
Evidence CID
0x13c12c6d727cfb716b637bf64bc26943a7d57e0bc6880ebc604fa9ba6b751fc5
Network impact
Live
Since publish
Cache hits
0
SDK check() matches
Agents synced
0
distinct callers
Attacks blocked
0
tx-level intercepts
Pool reverts
0
Uniswap v4 hook
USD protected
$0.00
no blocks recorded yet
Hits over time
each bar is one of 30 equal slices since publish
publish
now
Recent intercepts
| Agent | Method | Chain | When |
|---|---|---|---|
|
No agent has had to block this antibody yet.
Intercepts appear here in real time as agents match this pattern in the wild.
|
|||
| Chain | Tx | State |
|---|---|---|
|
sepolia
|
0x84946498..a361 | active |