π Security Alert Issued Over Malicious Ad Campaign Targeting Pudgy Penguins
#SecurityAlert #MaliciousAds #PudgyPenguins #ScamSniffer #Web3Security #AdBlockers #CryptoSafety #BrowserSecurity
According to Odaily, Scam Sniffer has issued a security alert after users reported being redirected to a fake Pudgy Penguins website when accessing a Singaporean news portal. Investigations revealed that this is part of a larger malicious advertising campaign. The attack operates as follows: malicious ads are distributed via the Google ad network, which loads suspicious code from Adloox. This code checks for the presence of a web3 wallet and, if detected, redirects the user to the fraudulent Pudgy Penguins site. Currently, the attack targets only Pudgy Penguins users, but the method could easily be adapted for other projects. Users are advised to carefully verify URLs. Preventive measures include enabling ad blockers, using a separate browser for crypto activities, thoroughly checking URLs before connecting wallets, and installing browser security extensions.#SecurityAlert #MaliciousAds #PudgyPenguins #ScamSniffer #Web3Security #AdBlockers #CryptoSafety #BrowserSecurity
π π₯ HashDit Warns Pudgy Penguins Users About Fake Telegram Group and Malicious Bot π₯
#HashDit #PudgyPenguins #TelegramScam #Web3Security #MaliciousBot #CryptocurrencyTheft #CyberSecurity #MalwareThreats
HashDit, a web3 security firm, has issued a warning on X about a newly detected fake Telegram group targeting users of Pudgy Penguins. The deceptive group is leading unsuspecting members to a malicious Safeguard bot, which, once interacted with, presents significant risks, including the potential loss of control over personal devices and theft of cryptocurrency assets.Clicking the "verify" button in the fraudulent Safeguard App triggers a deceptive process that poses serious security threats. "This process secretly injects malicious PowerShell code into your clipboard. When executed, it downloads and runs malware, compromising your system and crypto wallets," HashDit warned.#HashDit #PudgyPenguins #TelegramScam #Web3Security #MaliciousBot #CryptocurrencyTheft #CyberSecurity #MalwareThreats
π HashDit Alerts Users to BNB Chain Scams Involving Honeypot Tokens
#HashDit #BNBChain #Scams #HoneypotTokens #Web3Security #FakeTokens #LiquidityPools #USDT #PumpGroups #TokenChecker #Binance #CoinMarketCap #StayInformed #Caution
The Web3 security firm HashDit has issued a warning about a rise in scams on the BNB Chain, highlighting the creation of honeypot tokens by malicious groups. These scams involve the creation of fake tokens and liquidity pools, using large amounts of USDT to simulate high trading volumes. The scammers then promote these tokens in dubious 'pump groups' using flashy charts to attract unsuspecting users.
HashDit advises users to avoid joining random pump or investing groups and to always verify information through official sources such as Binance or CoinMarketCap. Additionally, users are encouraged to utilize the HashDit Token Checker available on their website to ensure the legitimacy of tokens.
The firm emphasizes the importance of staying informed and cautious to avoid falling victim to these scams.#HashDit #BNBChain #Scams #HoneypotTokens #Web3Security #FakeTokens #LiquidityPools #USDT #PumpGroups #TokenChecker #Binance #CoinMarketCap #StayInformed #Caution
π HashDit Alerts Users on MCT Wallet DNS Domain Compromise
#HashDit #MCTWallet #DNSCompromise #Web3Security #UserAlert #CyberSecurity
The Web3 security firm HashDit stated on X, βThe MCT wallet's DNS domain has been compromised since April 2024. Users are advised to transfer their balances to ensure security.β#HashDit #MCTWallet #DNSCompromise #Web3Security #UserAlert #CyberSecurity
π Ethereum EIP-7702 Protocol Targeted in Major Hack, Over $5.3 Million Lost
#Ethereum #EIP7702 #BlockBeats #GoPlus #GoPlusSecurityResearchInstitute #Web3Security #SignaturePhishing #MaliciousUpgrades #PermissionAbuse #MaliciousTransactions #SecurityDetection #EIP7702SecurityDetection #SecurityBrowserPlugin #SecurityUpdates #SecurityTools #ETH
According to BlockBeats, the Ethereum EIP-7702 protocol has become a new target for hackers, resulting in losses exceeding $5.3 million. Analysis by GoPlus Security Research Institute reveals that attackers employed techniques such as signature phishing, malicious upgrades, and permission abuse to execute the theft.
GoPlus, one of the first platforms to address security threats related to this protocol, has received numerous requests for assistance from affected users and has conducted extensive security research. To safeguard Web3 users' funds, GoPlus announced that its transaction simulation API now fully supports EIP-7702 security detection, effectively intercepting various malicious transactions based on this protocol. Additionally, a security browser plugin with related protective features will be launched soon.
GoPlus advises users to stay informed about security updates, enhance their security awareness, and utilize GoPlus security tools to prevent potential losses.#Ethereum #EIP7702 #BlockBeats #GoPlus #GoPlusSecurityResearchInstitute #Web3Security #SignaturePhishing #MaliciousUpgrades #PermissionAbuse #MaliciousTransactions #SecurityDetection #EIP7702SecurityDetection #SecurityBrowserPlugin #SecurityUpdates #SecurityTools #ETH
π HashDit Warns MCT Wallet Users of DNS Domain Hijacking
#HashDit #MCTWallet #DNSHijacking #DNSDomainHijacking #Web3Security #CryptoSecurity #WalletSecurity #SecurityAlert #CryptoNews
The Web3 security firm HashDit stated on X, βHumans are always the weakest link.β HashDit has advised MCT wallet users to transfer their balances due to a DNS domain hijacking incident involving the wallet's operator. Users are urged to take immediate action to secure their funds.#HashDit #MCTWallet #DNSHijacking #DNSDomainHijacking #Web3Security #CryptoSecurity #WalletSecurity #SecurityAlert #CryptoNews
π HashDit Alerts on Ongoing Supply Chain Attack via Compromised NPM Account
#HashDit #NPM #NPMAccount #SupplyChainAttack #SoftwareSupplyChain #Web3Security #CyberSecurity #SecurityAlert #ThreatIntelligence #DevSecOps
The Web3 security firm HashDit stated on X, βThereβs a large-scale supply chain attack in progress: the NPM account of a reputable developer has been compromised.β The firm highlighted the severity of the situation, urging developers and users to remain vigilant and take necessary precautions to protect their systems from potential threats. This incident underscores the importance of security measures in safeguarding digital platforms and assets.#HashDit #NPM #NPMAccount #SupplyChainAttack #SoftwareSupplyChain #Web3Security #CyberSecurity #SecurityAlert #ThreatIntelligence #DevSecOps
π Request Finance Security Breach Affects Single User
#RequestFinance #SecurityBreach #FrontEndAttack #SmartContractAttack #USDC #DeFiSecurity #BlockchainSecurity #Web3Security #IncidentResponse #Monitoring
According to Foresight News, a security breach at the integrated financial platform Request Finance has impacted only one user. On September 10, an attacker infiltrated the front-end system of Request Finance, injecting authorization commands into a contract that appeared identical in name, address, partial ABI interface, and recent activity. As a result, the affected user not only transferred funds to the legitimate contract but also inadvertently authorized the contract to consume an unlimited amount of USDC. In response, the team has implemented additional protective measures and monitoring systems to prevent future incidents.#RequestFinance #SecurityBreach #FrontEndAttack #SmartContractAttack #USDC #DeFiSecurity #BlockchainSecurity #Web3Security #IncidentResponse #Monitoring
π HashDit Alerts on NPM Supply Chain Attack Involving Malicious Package
#HashDit #NPM #SupplyChainAttack #MaliciousPackage #CtrlTinycolor #Web3Security #DependencyManagement #SecurityAlert
The Web3 security firm HashDit stated on X, βAnother NPM supply chain attack involving the package '@ctrl/tinycolor' has been identified, with malicious versions being distributed.β The package, which receives 2.2 million weekly downloads, has been compromised to execute unauthorized scripts. Users are advised to review their dependencies and ensure they are using secure versions to prevent potential security breaches.#HashDit #NPM #SupplyChainAttack #MaliciousPackage #CtrlTinycolor #Web3Security #DependencyManagement #SecurityAlert
π HashDit Addresses Concerns Over Relay Security
#HashDit #RelaySecurity #Web3Security #BlockchainSecurity #CryptoSecurity
The Web3 security firm HashDit stated on X, βIn recent weeks, weβve seen a big uptick of claims that 'Relay is hacked'. Obviously, this is something that we take very seriously.β The company emphasized its commitment to addressing these concerns and ensuring the security of its services. HashDit is actively investigating the claims and working to maintain the integrity of its platform.#HashDit #RelaySecurity #Web3Security #BlockchainSecurity #CryptoSecurity
π π₯ BNB Chain Restores X Account After Hack, Confirms $8K in Losses and Full Compensation π₯
#BNBChain #Hack #XAccount #Phishing #CryptoSecurity #Compensation #Blockchain #CyberAttack #CryptoScam #Web3Security
Key Takeaways:BNB Chain confirmed it has regained full control of its official X account after a security breach.Attackers posted 10 phishing links, leading to around $8,000 in user losses.The largest victim lost $6,500; all affected users will be fully compensated.Investigation into the root cause is ongoing, with further updates promised.BNB Chain announced that its official X account (@BNBCHAIN) has been fully restored following a security incident where hackers gained access and shared multiple phishing links.According to the update, attackers deployed 10 phishing links that collectively stole around $8,000 worth of funds across multiple blockchains. The single largest loss came from one user who was tricked into signing away $6,500.Attacker ActivityOne phishing contract was deployed by the attacker.The hacker initially injected $17,800, later exiting meme tokens for a total of $22,000.The phishing posts have since been removed as the account has been secured.Compensation and Next StepsBNB Chain said all affected victims will be compensated in full. The team is conducting an active investigation into the root cause of the breach and will share findings once available.The project thanked its community and partners for quickly flagging phishing links and helping to limit damage. BNB Chain reaffirmed its commitment to transparency and security going forward. #BNBChain #Hack #XAccount #Phishing #CryptoSecurity #Compensation #Blockchain #CyberAttack #CryptoScam #Web3Security
π Immunefi Advances Web3 Security Standards for On-Chain Financial Defense
#Immunefi #Web3Security #OnChainFinance #SecurityPlatform #InstitutionalFunds #FinancialDefense #MagnusPlatform #IMUToken
Foresight News posted on X (formerly Twitter). In the current on-chain economy, security issues remain a significant barrier to the entry of institutional funds. Without ensuring long-term certainty of funds, the scalable growth of on-chain finance faces substantial limitations. Consequently, security has become a core infrastructure of on-chain finance rather than an optional expense. Security platform Immunefi is developing a systematic security coordination network through its Magnus platform and IMU token.#Immunefi #Web3Security #OnChainFinance #SecurityPlatform #InstitutionalFunds #FinancialDefense #MagnusPlatform #IMUToken
π Security Concerns Rise Over Malicious Skills in OpenClaw Marketplace
#security #OpenClaw #ClawHub #maliciousskills #SSHkeys #walletencryption #browsersafety #reverseshells #Web3security #AItools #Moonwell #blockchainsecurity
On February 20, a security alert was issued by SlowMist founder Yu Xian regarding the discovery of 1,184 malicious skills in the OpenClaw's ClawHub marketplace. According to BlockBeats, these skills are capable of stealing SSH keys, encrypting wallets, accessing browser passwords, and opening reverse shells. A single attacker has uploaded 677 packages, with the top-ranked skill containing nine vulnerabilities and thousands of downloads.
Yu Xian cautioned users that text has evolved into commands, advising the use of AI tools within isolated environments due to potential risks associated with many OpenClaw skills. He emphasized that in Web3 security, contracts are only a part of the equation, and the root causes of incidents extend beyond contracts. Recently, Moonwell suffered a theft of $1.78 million, attributed to defective code from Co-Authored-By: Claude Opus 4.6.#security #OpenClaw #ClawHub #maliciousskills #SSHkeys #walletencryption #browsersafety #reverseshells #Web3security #AItools #Moonwell #blockchainsecurity
π CertiK's AI Auditor Identifies 86.6% of Vulnerabilities in Web3 Security Test
#CertiK #AIAuditor #Web3Security #Vulnerabilities #SecurityTest #NS3AI #AIinSecurity #Compliance #DeveloperTools #InstitutionalMonitoring
CertiK has introduced AI Auditor, an AI-driven audit tool that demonstrated its capability by identifying 86.6% of vulnerabilities in a test involving 35 Web3 security incidents from this year. According to NS3.AI, the tool is designed to integrate security analysis directly into development workflows. CertiK aims to further expand the AI Auditor's application into developer tools, compliance systems, and institutional monitoring frameworks.#CertiK #AIAuditor #Web3Security #Vulnerabilities #SecurityTest #NS3AI #AIinSecurity #Compliance #DeveloperTools #InstitutionalMonitoring