IMM-T-2026-0189

PROBATION Advisory

Flagged by 1 independent publisher declaring the same primary matcher. Advisory until 3 distinct publishers corroborate.

Matcher 0xb5bcf55e45d4630ab15f73407d7719ef3ee22c295fc3e197ba017c75d0a38361
Type
BYTECODE
Verdict
MALICIOUS
Confidence
86.0%
Severity
83
Value at risk
$0.00
Published by 0x8c2064f0..08db09 View on explorer
Created June 14, 2026 8:09 AM
Envelope v1
Signed payload
Primary matcher bytecode
0x1a2b3c4d5e6f7a8b9c0d1e2f3a4b5c6d7e8f9a0b1c2d3e4f5a6b7c8d9e0f1234
Scope
base-sepolia home
Corroboration 1 of 3 to hard-block
Same matcher hash

No other publisher has independently declared this matcher yet. This antibody stands alone — advisory until 3 distinct publishers corroborate.

Evidence redacted public excerpt
Reasoning excerpt
Deployed-runtime hash of the Pink Drainer kit. Operators rotate deploy addresses on a daily-to-weekly cadence, but they reuse a single compiled artifact, so the bytecode hash anchors detection across the entire affiliate fleet. Attribution comes from ScamSniffer's warnlist correlation between kit deployments and stolen-approval receipts. Treating bytecode matches as MALICIOUS short-circuits the affiliate-rotation game.

Full evidence (TEE-sealed) is fetchable by holders of the unsealing key. Public mirror carries hash only.

TEE attestation
Curated by human
Heuristically published from a known threat catalog, not derived from a TEE-verified verdict.
Evidence on Lighthouse
QmXY49MbNJWfrRgz9ujxxQpKJtbXEFPSVhm8U8A1rVXhYx
Public CIDv0 on Lighthouse IPFS — resolves the signed envelope.
Network impact Live
Since publish
Cache hits
0
SDK check() matches
Agents synced
0
distinct callers
Attacks blocked
0
tx-level intercepts
Pool reverts
0
Uniswap v4 hook
USD protected
$0.00
no blocks recorded yet
Hits over time each bar is one of 30 equal slices since publish
publish now
Recent intercepts
Agent Method Chain When
No agent has had to block this antibody yet.
Intercepts appear here in real time as agents match this pattern in the wild.
Mirror status Not mirror-eligible
Not eligible to mirror

This antibody is advisory — it stays on its home chain. The relayer only propagates antibodies that have earned enforcement authority, so the cross-chain Uniswap hook never blocks on an unproven flag. It becomes mirror-eligible once it matures to hard-block: 1 of 3 independent publishers corroborating so far.