In the intervening hours since the previous update, we have had a significant development as to the identity of the exploiter, as well as connections back to interactions with Code 423n4, Binance and Coinbase. This post will lay out the connections and ultimate reasoning behind the following Tweet: https://twitter.com/ndxfi/status/1449203629085368322 BogHolder/tensors/UmbralUpsilon/ZetaZeroes, we know you're reading this, and all the Discord hopping in the world isn't going to help you now. Give it back. The whitehat bounty is still on offer, but that window is rapidly closing for you.

Here's what we know so far about the identity of the Indexed exploiter, efforts that have been made to reach out, and a few points about the safety of the unaffected Indexed pools. Update [06:05 BST, 16th October]: we have identified the Indexed attacker and issued an ultimatum. Details available here: https://hackmd.io/@laurenceday/H1OylawSF Status Of Remaining Pools The important stuff first - safety of other pools. ORCL5 is subject to the same exploit (as an index that is operated by the MarketCapSqrtController contract on the core controller), however the event horizon for this attack to be replicated requires at least another month to have elapsed, as it was reindexed on the 5th of October. DEGEN and NFTP also contain the same core vulnerability within their controller, however the attack in question requires that there are candidate assets available to be phased in: this is not the case for these two pools - the active asset list and the candidate asset list is the same. Tokens can only be added by a 3/5 Sigma committee vote [through this Gnosis: 0xbb22a47842eafc967213269280509a8b28e57076], and suffice it to say, that will not be happening.