A System assign silently reassigns the victim's own account owner to the attacker (GKJB...wbzQ), alongside two unlimited token approvals. A wallet simulation shows no fund movement, so it looks safe.
- ACCOUNT_REASSIGNReassigns account ownership (System Assign)
- TOKEN_DELEGATE_APPROVEApproves an UNLIMITED token delegate (x2)
- UNKNOWN_PROGRAMInteracts with an unrecognized program
Caught:Flagged HIGH (93/100) before signing. The owner reassignment and the unlimited approvals are irreversible, so the circuit breaker returns REQUIRE_HUMAN. This is exactly the silent owner-change that a balance-diff simulation misses.
The victim sent about 7M PYTH (~$2.91M) to a lookalike 'poison' address (4yfu...izcY) that mimics the intended recipient (4yfu...gnhY), copied from a dusting transaction.
- FULL_TOKEN_ACCOUNT_DRAINSends the full token-account balance out
Caught:Flagged HIGH as a full-balance outflow, enough to make you stop before signing. Honest limit: we flag the magnitude, not the lookalike itself; detecting the address resemblance needs cross-transaction history the engine does not hold.
A time-of-check/time-of-use drainer. The signed transaction simulates benign, then the attacker flips on-chain state about 7 blocks later so execution sweeps the wallet through an opaque program (HkRd...oynz).
- FULL_TOKEN_ACCOUNT_DRAINSends the full token-account balance out
- UNKNOWN_PROGRAMInteracts with an unrecognized program
- MANY_WRITABLE_ACCOUNTSMany writable accounts
Caught:The realized drain is flagged HIGH. And before signing, the opaque attacker program alone returns REQUIRE_HUMAN (do not auto-sign what you cannot inspect). This is the case simulation-only tools miss: the simulation was benign, the execution was a drain.