IMM-T-2026-0148

PROBATION Advisory

Flagged by 2 independent publishers declaring the same primary matcher. Advisory until 3 distinct publishers corroborate.

Matcher 0x14e3f3f36c590df5f359bc6162bc9e4132bbdb8cb1e9de2c5858fb7aec4293be

Type

CALL_PATTERN

Verdict

MALICIOUS

Confidence

91.0%

Severity

Value at risk

$0.00

Published by 0x84af3025..7c3912 View on explorer

Created June 14, 2026 7:47 AM

Envelope v1

Signed payload

Primary matcher call_pattern

0x098b716b8aaf21512996dc57eb0615e2383e2f96 0x095ea7b3

Scope

base-sepolia home

Corroboration 2 of 3 to hard-block

Same matcher hash

Corroborated by 2 independent publishers declaring the same primary matcher.

0x84af3025..7c3912 headline PROBATION

curated Evidence
0x2784d73b..b75e3c PROBATION

curated Evidence

Evidence redacted public excerpt

Reasoning excerpt

ERC20 approve(spender, amount) call targeting the consolidation address attributed to the June 2023 Atomic Wallet incident. The selector-only match (no argsTemplate gating) is intentional: any approval to this counterparty enables the drain regardless of token or amount. MALICIOUS at high confidence, severity high: a successful approval here lets Lazarus-attributed infrastructure pull the entire approved balance asynchronously.

Full evidence (TEE-sealed) is fetchable by holders of the unsealing key. Public mirror carries hash only.

TEE attestation

Curated by human

Heuristically published from a known threat catalog, not derived from a TEE-verified verdict.

Evidence on Lighthouse

QmenaHGM3f7Yd2h5s1vtWsjmM8bfD5BDKQR4HjSvUgkSEF

Public CIDv0 on Lighthouse IPFS — resolves the signed envelope.

Network impact Live

Since publish

Cache hits

SDK check() matches

Agents synced

distinct callers

Attacks blocked

tx-level intercepts

Pool reverts

Uniswap v4 hook

USD protected

$0.00

no blocks recorded yet

Hits over time each bar is one of 30 equal slices since publish

publish now

Recent intercepts

Agent	Method	Chain	When
No agent has had to block this antibody yet. Intercepts appear here in real time as agents match this pattern in the wild.

Mirror status Not mirror-eligible

Not eligible to mirror

This antibody is advisory — it stays on its home chain. The relayer only propagates antibodies that have earned enforcement authority, so the cross-chain Uniswap hook never blocks on an unproven flag. It becomes mirror-eligible once it matures to hard-block: 2 of 3 independent publishers corroborating so far.

Publisher

publisher-05.immunity.eth 0x84af3025d4fec93f396f89d2f812358ca67c3912

Actions

View raw JSON

At a glance

Mirrors live: 0/1
Cache hits: 0
Attacks blocked: 0
Publisher earned: $0

Protocol state

Corroboration: 2 / 3
Bond: 1.88 USDC
Fees escrowed: 0.0000 USDC
Maturity: on probation
Prominence: standard

Publisher

Profile →

0x84af3025..7c3912

Reputation: 153 established
Matured: 3
Strikes: 0
Genesis grant: 100