NullTrace
DemoPayFeed
AI exploit monitoring · liveSolana-firstx402 payments

AI agents tracking Solana exploits in real time.

From exploit to forensic breakdown in under 60 seconds. NullTrace ingests on-chain signals across Solana, EVM, and cross-chain bridges — then delivers AI-generated incident dossiers anyone can understand. Pay for instant reports with SOL via x402.

View IncidentsUnlock Paid Analysis
$285M+
Solana losses tracked
60+
chains via LI.FI bridge
<60s
exploit-to-briefing
integrations:LI.FI Cross-Chainx402 · Solana PayOpenAI GPT-4oAnthropic Claude
17 chains indexed
LIVE ALERTSingularityFinance.ai oracle misconfiguration — ~$413K drained from Base vault (Apr 26)LIVE ALERTTrustedVolumes resolver exploit added from X security alert demoLIVE ALERTDrift dossier updated with durable nonce abuse timelineLIVE ALERTUpbit hot-wallet breach added to Solana incident archiveLIVE ALERTLoopscale recovery status verified after attacker negotiationsLIVE ALERTNoOnes bridge route flagged across Solana, Ethereum, TRON, and BSCLIVE ALERTPaid forensic report unlocked through Solana USDC simulationLIVE ALERTSingularityFinance.ai oracle misconfiguration — ~$413K drained from Base vault (Apr 26)LIVE ALERTTrustedVolumes resolver exploit added from X security alert demoLIVE ALERTDrift dossier updated with durable nonce abuse timelineLIVE ALERTUpbit hot-wallet breach added to Solana incident archiveLIVE ALERTLoopscale recovery status verified after attacker negotiationsLIVE ALERTNoOnes bridge route flagged across Solana, Ethereum, TRON, and BSCLIVE ALERTPaid forensic report unlocked through Solana USDC simulation

What is NullTrace?

A public intelligence room for Solana hacks.

The homepage should be understandable before anyone pays. Visitors see what happened, how much was lost, why the exploit matters, and where to read the full forensic dossier. Payment appears only when they ask for deeper AI analysis of a wallet, transaction, or contract.

Unlock Paid Analysis

We monitor the signal

NullTrace watches Solana activity, security research, public reports, wallet movement, and protocol response signals.

AI writes the first brief

Scout, Analyst, Forensics, and Reporter agents turn raw incident noise into a readable breakdown with confidence scoring.

You open the hack dossier

Each hack has a public page with loss estimate, timeline, root cause, technical notes, wallet-flow view, and related posts.

Pay only for deeper analysis

When someone needs wallet, transaction, or contract-level forensics, they unlock a premium report with a simulated Solana USDC payment.

instant contract lookup

Paste a contract or TX. Get a breakdown instantly.

If NullTrace already has a dossier, it shows the technical context immediately. If not, the AI agent analyzes it on the spot — add your API key for a real scan, or run in demo mode.

Ready

Paste a contract address or transaction hash to check if NullTrace has an existing dossier, or to trigger an AI security scan.

AI agent mesh

Autonomous security operators

Scout, Analyst, Forensics, and Reporter agents coordinate detection, classification, tracing, and investor-grade incident briefings.

SCANNING

Scout Agent

Watching Solana program invocations and bridge outflows

confidence94%
ANALYZING

Analyst Agent

Classifying anomalous pool deltas against exploit signatures

confidence88%
TRACING

Forensics Agent

Clustering attacker wallets across mixer and CEX deposit hops

confidence91%
GENERATING

Reporter Agent

Drafting incident briefings and fake-info suppression notes

confidence86%

latest incidents

Recent exploit cases

Public summaries are free. Open any hack to see the timeline, root cause, related posts, wallet-flow visualization, and technical mitigation notes.

TC

TrustedVolumes.com

CRITICALEthereum

The TrustedVolumes RFQ proxy has a critically broken fill function. The EIP-712 signature commits to (makerToken, takerToken, makerAmount, takerAmount, maker, counterparty, expiry, salt), and the contract checks _allowedOrderSigner[signedMaker][recoveredSigner]. But the function also takes unsigned calldata that does the actual transfer - including the real from address, real token, and real amounts. Nothing binds the executed from to the signed maker.

Estimated Loss

$5.87M

Category

Signature/Execution Parameter Mismatch

Detected

2026-05-07

AI Confidence

88%

EO

Ekubo.org

HIGHEthereum

Ekubo v2 locker blindly trusts the from address embedded in the locker's packed instruction payload. Its payCallback(token,id,_,amount,from) does a transferFrom with from taken straight from user-supplied calldata.

Estimated Loss

$1.38M

Category

Missing Access Control

Detected

2026-05-05

AI Confidence

88%

EK

Ekubo Locker

HIGHEthereum

Defimon-style Telegram alert: Ekubo v2 locker trusted a user-supplied from address in packed lock instructions, allowing repeated WBTC drains from an approved EOA.

Estimated Loss

$1.38M

Category

Missing Access Control

Detected

May 5, 2026

AI Confidence

88%

SF

Sharwa.finance

LOWArbitrum

Sharwa's MarginTrading priced Hegic option NFT collateral via Uniswap V3's spot Quoter on a low-liquidity USDC.e/USDC pool with no TWAP or Chainlink fallback.

Estimated Loss

$32,850

Category

Smart Contract Bug

Detected

2026-05-01

AI Confidence

88%

SH

Sharwa MarginTrading

MEDIUMArbitrum

Defimon-style Telegram alert: Sharwa priced Hegic option NFT collateral from a low-liquidity Uniswap V3 spot quote without TWAP or Chainlink fallback.

Estimated Loss

$32,850

Category

Oracle Manipulation

Detected

May 1, 2026

AI Confidence

81%

SA

SingularityFinance.ai

MEDIUMBase

The dynBaseUSDCv3 vault on Base prices its non-USDC reserves via UniswapV3Oracle. On 2026-01-19 the protocol admin registered the six yield-token oracle routes with a Uniswap V3 fee tier of 42. Uniswap V3 only enables fee tiers 100/500/3000/10000, so factory.getPool(USDC, X, 42) returns address(0) for every token - silently killing the direct price path. The WETH-fallback pools that did exist had zero liquidity, as a result VaultTokensLib.totalAssets() only counted the ~$100 idle USDC.

Estimated Loss

~$413K

Category

Oracle Misconfiguration

Detected

2026-04-26

AI Confidence

88%