๐ SlowMist Launches Comprehensive Incident Response Service for Web3 Projects
#SlowMist #IncidentResponse #Web3 #BlockchainSecurity #SecurityService #AssetTracking #OnChainAnalysis #OffChainAnalysis
According to Foresight News, blockchain security firm SlowMist has announced the launch of its incident response service tailored for Web3 projects. This new service encompasses a wide range of incident response activities, including in-depth on-chain and off-chain analysis and the tracking of stolen assets. The initiative aims to enhance the security of Web3 projects and prevent future incidents.#SlowMist #IncidentResponse #Web3 #BlockchainSecurity #SecurityService #AssetTracking #OnChainAnalysis #OffChainAnalysis
๐ Fortress Initiative Aims To Enhance Security In Cryptocurrency Liquidity Management
#FortressInitiative #Cryptocurrency #SecurityManagement #LiquidityManagement #SmartContracts #AssetManagement #Blockchain #RiskAssessment #IncidentResponse #Transparency #BTC
According to PANews, Nano Labs, SlowMist, and Aquarius have announced the establishment of the Fortres Foundation and the launch of the Fortress Initiative. This initiative introduces a security design framework and process audit standards aimed at setting new benchmarks for safety and transparency in cryptocurrency liquidity management. The framework covers various stages of the liquidity management lifecycle, including risk assessment, continuous monitoring, and incident response. It also incorporates measures such as smart contract code audits and multi-chain asset security monitoring to ensure comprehensiveness and practicality.
The Fortress Initiative plans to achieve industry integration through a one-year roadmap, initially focusing on inviting asset management protocols and ecosystem partners with BTC staking needs to participate in its development. The initiative has garnered support from leading industry institutions such as Nano Labs, SlowMist, and Aquarius. Additionally, Takara Lend, a lending protocol supported by the Sei blockchain, has joined as one of the first donor members.#FortressInitiative #Cryptocurrency #SecurityManagement #LiquidityManagement #SmartContracts #AssetManagement #Blockchain #RiskAssessment #IncidentResponse #Transparency #BTC
๐ AdsPower Addresses Security Breach Involving Malicious Wallet Plugins
#AdsPower #SecurityBreach #MaliciousPlugins #Cryptocurrency #MetaMask #Cybersecurity #UserSafety #IncidentResponse #SystemUpdate #ThirdPartyService
According to Odaily, AdsPower's security team disclosed a security breach on January 24, where hackers infiltrated the system by spreading malicious code, altering some third-party cryptocurrency wallet plugins within the AdsPower fingerprint browser. The company has since patched the vulnerability, enhanced system security, and reported the incident to Singaporean authorities, actively cooperating with the police investigation.
The breach was initially noticed between January 21 and 22, when a few users reported issues with installing or updating the MetaMask plugin. On January 23, the technical team identified anomalies in the plugin download link and replaced it with the official download address. By January 24, AdsPower detected the plugin tampering, removed the malicious plugin package, fixed the download link, and instructed affected users to reinstall the plugin to ensure security.
An internal investigation revealed that attackers exploited a vulnerability in a third-party technical service system to upload and distribute a malicious version of the MetaMask plugin, potentially compromising users' wallet plugin cache information. AdsPower has since upgraded the application center's plugin download mode and plans to further strengthen cybersecurity, emergency response, and supply chain security management. Affected users can receive an exclusive value-added service package through the AdsPower client.#AdsPower #SecurityBreach #MaliciousPlugins #Cryptocurrency #MetaMask #Cybersecurity #UserSafety #IncidentResponse #SystemUpdate #ThirdPartyService
๐ DEXX Security Breach Attributed to Platform Vulnerability
#DEXX #SecurityBreach #Vulnerability #Hacking #CyberSecurity #ZenTao #ForensicAnalysis #UnauthorizedAccess #IncidentResponse #Compensation
According to Odaily, SlowMist founder Yu Jian shared insights on the DEXX hacking incident on the X platform, revealing that the primary cause was a vulnerability in the ZenTao platform used by DEXX. This flaw was exploited, leading to an external breach and unauthorized access to the production network's servers and databases. The forensic analysis confirmed this attack path. While DEXX is considered a victim of this breach, it also bears responsibility for inadequate security management. Despite the chaotic response during the critical hacking event, DEXX managed to compensate affected parties, a rare action in the industry.#DEXX #SecurityBreach #Vulnerability #Hacking #CyberSecurity #ZenTao #ForensicAnalysis #UnauthorizedAccess #IncidentResponse #Compensation
๐ U.S. Banking Groups Urge SEC to Repeal Four-Day Cybersecurity Disclosure Rule
#Banking #SEC #Cybersecurity #NationalSecurity #Confidentiality #IncidentResponse #InvestorConfidence #Cryptocurrency #Fintech
Banks Say SECโs Four-Day Cyber Rule Risks National Security, Undermines Law EnforcementAccording to ChainCatcher, five major U.S. banking associations โ led by the American Bankers Association (ABA) โ have formally requested the U.S. Securities and Exchange Commission (SEC) to repeal its Cybersecurity Risk Management Rules, which mandate that publicly listed companies disclose material cybersecurity incidents within four days.In a joint letter, the groups argue that the July 2023 regulation, and specifically Item 1.05 of Form 8-K, could compromise national security and interfere with law enforcement operations, particularly in the context of protecting critical infrastructure and sensitive financial systems.Key Concerns From the Banking SectorThe coalition outlined several objections to the rule:Conflict with Confidentiality Requirements: Public disclosure within four days could violate federal confidentiality protocols tied to national security and infrastructure protection.Hindrance to Incident Response: Premature disclosure may limit a firmโs ability to effectively assess, contain, and remediate ongoing cybersecurity threats.Market Confusion and Investor Risk: The groups warned that rushed disclosures could lead to misinterpretation, panic selling, and ultimately harm investor confidence.Overlapping Regulations Already Exist: The letter emphasizes that existing regulatory frameworksโsuch as those enforced by banking and financial oversight agenciesโalready provide adequate investor protection and incident reporting.The rule also applies to publicly listed cryptocurrency firms, raising concerns among blockchain and fintech platforms subject to SEC oversight.#Banking #SEC #Cybersecurity #NationalSecurity #Confidentiality #IncidentResponse #InvestorConfidence #Cryptocurrency #Fintech
๐ Ethereum Foundation Releases First Report on Trillion-Dollar Security Initiative
#Ethereum #EthereumFoundation #TrillionDollarSecurityInitiative #SmartContractSecurity #UserExperience #InfrastructureSecurity #CloudSecurity #ConsensusProtocols #Monitoring #IncidentResponse #SocialLayer #Governance #ETH
According to Foresight News, the Ethereum Foundation has published the inaugural report on its 'Trillion-Dollar Security Initiative' (1TS). The report outlines the current security challenges within the Ethereum ecosystem, focusing on six key areas: user experience (UX), smart contract security, infrastructure and cloud security, consensus protocols, monitoring and incident response, and social layer and governance.
The next phase involves identifying the most pressing issues, developing solutions, and collaborating with the ecosystem to address these challenges.#Ethereum #EthereumFoundation #TrillionDollarSecurityInitiative #SmartContractSecurity #UserExperience #InfrastructureSecurity #CloudSecurity #ConsensusProtocols #Monitoring #IncidentResponse #SocialLayer #Governance #ETH
๐ CoinMarketCap Removes Malicious Code After Security Breach
#CoinMarketCap #SecurityBreach #MaliciousCode #WebsiteSecurity #CryptoSafety #IncidentResponse
According to Odaily, CoinMarketCap announced on the X platform that it has identified and removed malicious code from its website. The team is actively investigating the incident and implementing measures to enhance security. Previously, CoinMarketCap's front end was attacked, resulting in a malicious pop-up window prompting users to 'verify wallet.' CoinMarketCap later tweeted that the malicious code had been removed and all systems were restored to normal, although the tweet was subsequently deleted.#CoinMarketCap #SecurityBreach #MaliciousCode #WebsiteSecurity #CryptoSafety #IncidentResponse
๐ Plasma Recovers Control After Account Breach on X Platform
#Plasma #AccountBreach #XPlatform #CyberSecurity #DataProtection #IncidentResponse #SecurityMeasures #ProfessionalAssistance
According to Odaily, Plasma reported that its official account on the X platform was taken over by external attackers around 11:00 UTC+8 today. The team promptly activated an alert mechanism and conducted a system review, successfully regaining control of the account without any financial risks detected. Plasma's founder, @pauliepunt, indicated that the attackers likely altered the organization's login credentials through the X platform's management backend. All traces of the breach have been removed, and account security measures have been strengthened. Plasma will continue a comprehensive post-incident analysis and provide further explanations as more information becomes available. The organization emphasized that its treasury assets were unaffected by the incident and has engaged a professional security team to assist with the investigation.#Plasma #AccountBreach #XPlatform #CyberSecurity #DataProtection #IncidentResponse #SecurityMeasures #ProfessionalAssistance
๐ Request Finance Security Breach Affects Single User
#RequestFinance #SecurityBreach #FrontEndAttack #SmartContractAttack #USDC #DeFiSecurity #BlockchainSecurity #Web3Security #IncidentResponse #Monitoring
According to Foresight News, a security breach at the integrated financial platform Request Finance has impacted only one user. On September 10, an attacker infiltrated the front-end system of Request Finance, injecting authorization commands into a contract that appeared identical in name, address, partial ABI interface, and recent activity. As a result, the affected user not only transferred funds to the legitimate contract but also inadvertently authorized the contract to consume an unlimited amount of USDC. In response, the team has implemented additional protective measures and monitoring systems to prevent future incidents.#RequestFinance #SecurityBreach #FrontEndAttack #SmartContractAttack #USDC #DeFiSecurity #BlockchainSecurity #Web3Security #IncidentResponse #Monitoring
๐ Web3 Security Challenges: Majority of Hacked Crypto Projects Fail to Recover
#Web3 #CryptoSecurity #Hacking #Immunefi #CryptoProjects #SecurityBreach #IncidentResponse #SmartContracts #Blockchain #CryptoTrust #ReputationDamage #SecurityAwareness
According to BlockBeats, on January 18, Web3 security platform Immunefi's CEO Mitchell Amador highlighted that nearly 80% of crypto projects that suffer major hacking incidents never fully recover. He noted that most protocols lack awareness of their vulnerability to hacking and are unprepared for significant security events.
Amador emphasized that the initial hours following a breach are often the most destructive. Without a pre-established incident response plan, teams may hesitate, debate next steps, and underestimate the impact of the breach. This period is critical for preventing additional losses.
Due to concerns over reputational damage, project teams often hesitate to pause smart contracts and fail to communicate effectively with users. Silence can exacerbate panic rather than contain the issue. The primary reason for the failure to recover for nearly 80% of hacked projects is not the initial financial loss but the collapse of operational and trust systems during the response process.#Web3 #CryptoSecurity #Hacking #Immunefi #CryptoProjects #SecurityBreach #IncidentResponse #SmartContracts #Blockchain #CryptoTrust #ReputationDamage #SecurityAwareness
๐ Ethereum Foundation Launches Comprehensive Security Dashboard
#EthereumFoundation #SecurityDashboard #Ethereum #BlockchainSecurity #SmartContractSecurity #UserExperience #ConsensusProtocol #CloudSecurity #IncidentResponse #Governance #Transparency #SecurityAwareness #ETH
The Ethereum Foundation has announced the launch of a 'Trillion-Dollar Security Dashboard' aimed at providing an overview of the security landscape within the Ethereum ecosystem. According to ChainCatcher, this dashboard highlights various aspects such as security risks, mitigation strategies, and progress across six dimensions: user experience (UX), smart contract security, infrastructure and cloud security, consensus protocol, monitoring and incident response, and social layer and governance. The initiative seeks to enhance transparency and security awareness within the Ethereum community.#EthereumFoundation #SecurityDashboard #Ethereum #BlockchainSecurity #SmartContractSecurity #UserExperience #ConsensusProtocol #CloudSecurity #IncidentResponse #Governance #Transparency #SecurityAwareness #ETH
๐ Project 0 Responds Swiftly to GitHub Key Breach
#Project0 #GitHub #SecurityBreach #Cybersecurity #IncidentResponse #MacBrennan #ChainCatcher #Phishing #Refund
Project 0 founder MacBrennan reported a security incident involving the theft of a GitHub key from a team member. According to ChainCatcher, the breach occurred between 9:45 and 10:19 PM, leading to users being redirected from the P0 website to another site.
MacBrennan stated that the team quickly identified and halted the redirection within 40 minutes. The incident did not affect any P0 funds or holdings. It was confirmed that one user, who visited the new site out of curiosity, lost $1,000 but will receive a full refund.#Project0 #GitHub #SecurityBreach #Cybersecurity #IncidentResponse #MacBrennan #ChainCatcher #Phishing #Refund
๐ Solana Foundation Enhances Security Measures with New Initiatives
#Solana #Blockchain #Security #Cybersecurity #STRIDE #SIRN #Crypto #DeFi #ThreatMonitoring #IncidentResponse #SOL
On April 7, the Solana Foundation announced the launch of several security enhancement initiatives. According to BlockBeats, these measures include the STRIDE security assessment and monitoring system, led by Asymmetric Research, and the SIRN response network for handling security incidents.
STRIDE will conduct independent evaluations of ecosystem protocols, offering ongoing operational security and proactive threat monitoring. It will also provide formal verification support for projects with a total value locked (TVL) exceeding $100 million. Meanwhile, SIRN, composed of multiple security agencies and research teams, will facilitate real-time security incident response.#Solana #Blockchain #Security #Cybersecurity #STRIDE #SIRN #Crypto #DeFi #ThreatMonitoring #IncidentResponse #SOL