Forwarded from Vladimir S. | Officer's Channel (Vladimir S. | officercia)
A dev machine of Safe was compromised. This allowed access to AWS and their S3 bucket. A malicious JavaScript was pushed to the bucket and eventually distributed. The malicious JS code targeted specifically the Bybit contract address. The JS code changes the content of the transaction during the signing process.
#security #investigation
#security #investigation
Forwarded from Vladimir S. | Officer's Channel (Vladimir S. | officercia)
Please open Telegram to view this post
VIEW IN TELEGRAM
Forwarded from Vladimir S. | Officer's Channel (Vladimir S. | officercia)
X (formerly Twitter)
Vladimir S. | Officer's Notes (@officer_cia) on X
. @FBI released a public service announcement saying North Korea is responsible for the $1.5 billion @Bybit_Official hack.
The FBI called on private sector entities including RPC node operators, exchanges, and DeFi services to block transactions with addresses…
The FBI called on private sector entities including RPC node operators, exchanges, and DeFi services to block transactions with addresses…
Forwarded from Vladimir S. | Officer's Channel (Vladimir S. | officercia)
Forwarded from Vladimir S. | Officer's Channel (Vladimir S. | officercia)
The Bybit hacker has moved 270,000 ETH worth around $605M via THORChain and still holds 229,395 ETH worth around $514M: https://x.com/officer_cia/status/1895407702614094208?s=46
#security #investigation
#security #investigation
X (formerly Twitter)
Vladimir S. | Officer's Notes (@officer_cia) on X
The @Bybit_Official hacker has moved 270,000 ETH worth around $605M via THORChain and still holds 229,395 ETH worth around $514M, according to @lookonchain & @Cointelegraph
Forwarded from Vladimir S. | Officer's Channel (Vladimir S. | officercia)
Telegram 's latest beta for Android introduces detailed user info! 🕵️♂️
You can now see:
📍 Country of phone number origin
📅 Account registration date (month/year)
👥 Number of shared groups
✔️ Whether the account is official
• https://x.com/officer_cia/status/1895442145370087681
#privacy #security #opsec
You can now see:
📍 Country of phone number origin
📅 Account registration date (month/year)
👥 Number of shared groups
✔️ Whether the account is official
• https://x.com/officer_cia/status/1895442145370087681
#privacy #security #opsec
Forwarded from Vladimir S. | Officer's Channel (Vladimir S. | officercia)
> One image cannot shake the unwavering resolve of a Web3 security researcher!
> Yet, behold this picture:
• https://x.com/officer_cia/status/1896040825479708766?1
#security #opsec
> Yet, behold this picture:
• https://x.com/officer_cia/status/1896040825479708766?1
#security #opsec
X (formerly Twitter)
Vladimir S. | Officer's Notes (@officer_cia) on X
> One image cannot shake the unwavering resolve of a Web3 security researcher!
> Yet, behold this picture:
> Yet, behold this picture:
Forwarded from Vladimir S. | Officer's Channel (Vladimir S. | officercia)
The hacker has laundered all the 499,000 ETH ($1.39 billion) stolen from Bybit, and the whole process took 10 days. THORChain, the main channel used by the hacker to launder money, received $5.9 billion in transaction volume and $5.5 million in handling fees.
My personal advice to the Thorchain team is to contact my attorney @rata0x before it's too late. I think we can help you with a legal audit.
• https://x.com/officer_cia/status/1896749395577581970?3
#security #investigation
My personal advice to the Thorchain team is to contact my attorney @rata0x before it's too late. I think we can help you with a legal audit.
• https://x.com/officer_cia/status/1896749395577581970?3
#security #investigation
Forwarded from Vladimir S. | Officer's Channel (Vladimir S. | officercia)
This sneaky malware masquerades as a regular video, targeting your data. If opening a video redirects you to a browser asking for an app update or "necessary" player installation, do NOT proceed!
Just one click can hand over your account, chats, photos, and device data to scammers. Stay vigilant!
Link: https://x.com/officer_cia/status/1897992686310687208?s=46
#security #privacy #opsec
Please open Telegram to view this post
VIEW IN TELEGRAM
X (formerly Twitter)
Vladimir S. | Officer's Notes (@officer_cia) on X
⚠️ Alert: New Telegram Malware on Android! ⚠️
This sneaky malware masquerades as a regular video, targeting your data. If opening a video redirects you to a browser asking for an app update or "necessary" player installation, do NOT proceed!
This sneaky malware masquerades as a regular video, targeting your data. If opening a video redirects you to a browser asking for an app update or "necessary" player installation, do NOT proceed!
Forwarded from Vladimir S. | Officer's Channel (Vladimir S. | officercia)
Bybit attack flowchart: https://x.com/officer_cia/status/1898048649223192727?s=46
#security #investigation
#security #investigation
X (formerly Twitter)
Vladimir S. | Officer's Notes (@officer_cia) on X
A simplified flowchart of the @Bybit_Official Heist by @TalBeerySec
1. Attackers infects a Safe{wallet} Dev machine with malware,
2. Rides its session to change wallet website,
3. Changed website offer malicious Tx to ByBit signers, 4. which transfer ownership…
1. Attackers infects a Safe{wallet} Dev machine with malware,
2. Rides its session to change wallet website,
3. Changed website offer malicious Tx to ByBit signers, 4. which transfer ownership…
Forwarded from Vladimir S. | Officer's Channel (Vladimir S. | officercia)
Rumours: Entangle hacked, hacker minted 13b tokens. Some bridge issue potentially.
Can anyone confirm?
• https://x.com/officer_cia/status/1898531364711915747
#security #alert
Can anyone confirm?
• https://x.com/officer_cia/status/1898531364711915747
#security #alert
X (formerly Twitter)
Vladimir S. | Officer's Notes (@officer_cia) on X
Rumours: Entangle hacked, hacker minted 13b tokens. Some bridge issue potentially.
https://t.co/rBLR9NyvK5
https://t.co/rBLR9NyvK5
Forwarded from Vladimir S. | Officer's Channel (Vladimir S. | officercia)
According to Decurity’s postmortem report, after negotiations with the hacker, most of the $5 million stolen from 1inch has been returned, with the hacker keeping a portion as a bug bounty.
The attack was caused by a vulnerability in the Fusion v1 smart contract, primarily affecting those using outdated versions of the resolver. Regular users’ funds were not impacted: https://x.com/officer_cia/status/1898544905254777025
#investigation #security
The attack was caused by a vulnerability in the Fusion v1 smart contract, primarily affecting those using outdated versions of the resolver. Regular users’ funds were not impacted: https://x.com/officer_cia/status/1898544905254777025
#investigation #security
X (formerly Twitter)
Vladimir S. | Officer's Notes (@officer_cia) on X
According to @DecurityHQ postmortem report, after negotiations with the hacker, most of the $5 million stolen from 1inch has been returned, with the hacker keeping a portion as a bug bounty.
The attack was caused by a vulnerability in the Fusion v1 smart…
The attack was caused by a vulnerability in the Fusion v1 smart…
Forwarded from Vladimir S. | Officer's Channel (Vladimir S. | officercia)
I’ve got an excellent audit proposal for you—don’t miss out. Slide into my DMs, let’s chat!
Details: https://x.com/officer_cia/status/1898940886324535610
#security #audit
Please open Telegram to view this post
VIEW IN TELEGRAM
Forwarded from Vladimir S. | Officer's Channel (Vladimir S. | officercia)
Please open Telegram to view this post
VIEW IN TELEGRAM
CyberInsider
Apple Patches Zero-Day Flaw Used in Targeted iPhone Attacks
Apple has released iOS 18.3.2 and iPadOS 18.3.2 to fix a zero-day vulnerability that may have been exploited in highly targeted attacks.
Forwarded from Vladimir S. | Officer's Channel (Vladimir S. | officercia)
30 minutes ago, a victim lost $1.82M worth of cUSDCv3 due to phishing transaction signatures…
• https://x.com/officer_cia/status/1899730170338009127?12
#security #opsec
• https://x.com/officer_cia/status/1899730170338009127?12
#security #opsec
Forwarded from Vladimir S. | Officer's Channel (Vladimir S. | officercia)
Lazarus Group deposits 400 ETH (~$750K) into Tornado Cash, linked to February’s $1.4B Bybit hack, while deploying new “BeaverTail” malware targeting browsers and crypto wallets: https://x.com/officer_cia/status/1900126714086183378?1
#security #investigation
#security #investigation
X (formerly Twitter)
Vladimir S. | Officer's Notes (@officer_cia) on X
Lazarus Group deposits 400 ETH (~$750K) into Tornado Cash, linked to February’s $1.4B Bybit hack, while deploying new “BeaverTail” malware targeting browsers and crypto wallets.
H/T @leviathan_news
H/T @leviathan_news
Forwarded from Vladimir S. | Officer's Channel (Vladimir S. | officercia)
Trezor Reveals Potential Vulnerability in Older Safe 3 Crypto Wallets !
Trezor disclosed a potential vulnerability in its Safe 3 wallet after Ledger identified a supply chain attack using voltage glitching.
The attack requires physical access and advanced skills, making it unlikely for widespread exploitation. Newer Trezor models, including Safe 5, are unaffected. Users are advised to buy from official sources, use strong PINs, enable passphrases, and keep firmware updated.
• https://www.theblock.co/post/346018/trezor-discloses-vulnerability-safe-3-crypto-wallet-rival-ledger
#opsec #security
Trezor disclosed a potential vulnerability in its Safe 3 wallet after Ledger identified a supply chain attack using voltage glitching.
The attack requires physical access and advanced skills, making it unlikely for widespread exploitation. Newer Trezor models, including Safe 5, are unaffected. Users are advised to buy from official sources, use strong PINs, enable passphrases, and keep firmware updated.
• https://www.theblock.co/post/346018/trezor-discloses-vulnerability-safe-3-crypto-wallet-rival-ledger
#opsec #security
The Block
Trezor discloses potential vulnerability in older Safe 3 crypto wallets following white hat research by rival Ledger
The attack, discovered by Ledger security researchers, involves "voltage glitching" and reprogramming a device's microcontroller.
Forwarded from Vladimir S. | Officer's Channel (Vladimir S. | officercia)
Yet another awesome OpSec rule:
Don't let perfect be the enemy of good.
100% solutions are rare in cybersecurity. Security solutions, each with their own shortcomings, are OK when layered together to supplement coverage.
Quoting Kerckhoff's principle, "A cryptosystem should remain secure even if everything about the system, except the key, is public."
If revealing a system substantially increases its risk of being broken, then perhaps it needs to be rethought.
• https://github.com/OffcierCia/Crypto-OpSec-SelfGuard-RoadMap
#opsec #privacy #security
Don't let perfect be the enemy of good.
100% solutions are rare in cybersecurity. Security solutions, each with their own shortcomings, are OK when layered together to supplement coverage.
Quoting Kerckhoff's principle, "A cryptosystem should remain secure even if everything about the system, except the key, is public."
If revealing a system substantially increases its risk of being broken, then perhaps it needs to be rethought.
• https://github.com/OffcierCia/Crypto-OpSec-SelfGuard-RoadMap
#opsec #privacy #security
GitHub
GitHub - OffcierCia/Crypto-OpSec-SelfGuard-RoadMap: Here we collect and discuss the best DeFi, Blockchain and crypto-related OpSec…
Here we collect and discuss the best DeFi, Blockchain and crypto-related OpSec researches and data terminals - contributions are welcome. - OffcierCia/Crypto-OpSec-SelfGuard-RoadMap
Forwarded from Vladimir S. | Officer's Channel (Vladimir S. | officercia)
New Malware Alert — Microsoft warns of StilachiRAT, a stealthy remote access trojan that:
• Steals browser passwords & clipboard data;
• Targets crypto wallets;
• Executes remote commands & monitors RDP sessions;
• Evades detection by clearing event logs.
• https://x.com/officer_cia/status/1902036244479230132?s=46
#security #opsec
• Steals browser passwords & clipboard data;
• Targets crypto wallets;
• Executes remote commands & monitors RDP sessions;
• Evades detection by clearing event logs.
• https://x.com/officer_cia/status/1902036244479230132?s=46
#security #opsec
X (formerly Twitter)
Vladimir S. | Officer's Notes (@officer_cia) on X
Read more here ⬇️
https://t.co/8Qfjjdos6n
https://t.co/8Qfjjdos6n
Forwarded from Vladimir S. | Officer's Channel (Vladimir S. | officercia)
Deep hardware wallet testing for security-conscious developers and protocols ⬇️
• https://x.com/patrickalphac/status/1902225293336576314?s=46
#security #opsec
• https://x.com/patrickalphac/status/1902225293336576314?s=46
#security #opsec
Please open Telegram to view this post
VIEW IN TELEGRAM
X (formerly Twitter)
Patrick Collins (@PatrickAlphaC) on X
Finally just about done with my deep hardware wallet testing for security-conscious developers and protocols.
Hardware wallets video and article on the research coming soon.
Here is a sneak peek.
If anything looks wrong from this snapshot, now's the time…
Hardware wallets video and article on the research coming soon.
Here is a sneak peek.
If anything looks wrong from this snapshot, now's the time…