Hey everyone,
Don't let malicious actors get away with your crypto assets. Reach out to us or
@MistTrack_io
for support and help in recovering your stolen funds. 🕵️♂️
Start Today👇
📣We're thrilled to announce our new product:
@MistTrack_io
#MistTrack
utilizes blockchain analytics to generate visual representations of transactions on the
#Ethereum
and
#TRON
networks. Additional networks to come.
A🧵on some of the features:
We are thrilled to announce that the codes of
#LaqiraProtocol
marketplace has passed security audit of
@SlowMist_Team
. It means that the codes are safe and capable of being deployed on mainnet.
You can find and read the audit report in the following link:
🚨SlowMist Security Alert🚨
On September 23, the Mixin Network cloud service provider database was attacked, the amount of funds involved was ~ $200M.
SlowMist is assisting in the investigation. Please wait for
@MixinKernel
updates for more information.
🚨SlowMist Security Alert🚨
1/ According to the reports of many victims, transfers of 0 USDT from unrecognized addresses continued to show in the address transaction history of TRON network users, with the "TransferFrom" function being called in each instance.
Based on the information provided by numerous victims, so far the estimated losses amount to approximately $14.83 million dollars from the
@AtomicWallet
hack.
Frustrated by the complexity of transactions when investigating lost or stolen funds?
@MistTrack_io
got you covered!
📢We’re giving🔟lucky winners early access to
#MistTrack
To enter:
1⃣Follow
@SlowMist_Team
and
@MistTrack_io
2⃣Like 👇
3⃣Retweet this post and tag a friend
With the launch of
#VeChainThor
mainnet approaching, We put together a security checklist for
@vechainofficial
, including recommended general framework, HTTP API security, MasterNode configuration, host security, DDoS protection and threat intelligence.
The hacker converted $25.5M $USDC to $ETH and scattered 6250 ETH to various wallets. Of these transfers, 1221 ETH was transferred to
@FTX_Official
and
@Cryptocom
. Nearly 175k ETH still remains at the hacker's address. The funds to launch this attack originated from
@binance
.
Over 2,101 BTC were stolen from the
@BadgerDAO
. According to our investigations, the hacker converted the proceeds into renBTC before transferring them to 14 different BTC addresses. And ETH worth approximately $700,000 was stolen. We will continue to monitor the stolen funds.
Hey
@zachxbt
, you have been impersonated by
@zacnxbt
.
He exploits the difference between
@RevokeCash
and revȯke (one more "·"), and it is easy for users to fall into phishing.
Our investigation concluded that
@imTokenOfficial
was not effected in the recent data leak involving Sentry.
@SenderWallet
&
@Coin98
wallets were not effected as well since they don't utilize Sentry services.
Specific versions for Android, iOS & Chrome extension can be shown👇
According to , the attacker of ETC 51% attack has returned ETC worth $100,000. Thanks to the ETC community's efforts over the past week, this is a perfect ending.
@eth_classic
@ClassicIsComing
report:
⚠️ SlowMist Security Alert!
Recently, there have been malicious scripts targeting (ft). This is a JavaScript code, where scammers lure potential victims into adding it as a bookmark.
When users access the ft site and execute this bookmark, the malicious…
Analysis on the Recent Solana Exploit
On August 3, 2022, a large-scale attack on the Solana caused thousands of wallets to be compromised. Funds within the wallets were transferred without its users knowledge.
Here's our analysis of the incident
👇
⚠️Update:
#Ukraine
cryptocurrency donation statistics, totaling more than $34.48 million, an increase of about 32% compared to yesterday. (Updated March 1 at 2:58 UTC)
#cryptocurrency
#RussiaUkraineWar
🚨SlowMist Security Alert🚨
North Korean APT group targeting NFT users with large-scale phishing campaign
This is just the tip of the iceberg. Our thread only covers a fraction of what we've discovered.
Let's dive in
🎉 Congratulations to
@hanawallet
on successfully passing our security audit!
We're thrilled to see their dedication to ensuring a secure and reliable platform for their users.
Keep up the great work! 💪
We're thrilled to announce the release of our much-anticipated 2023 Blockchain and Anti-Money Laundering Report!
🌍 Dive into our comprehensive analysis of global blockchain policies, explore the biggest hacks of 2023, unravel the most intricate scams, uncover the latest…
BREAKING: Ethereum DeFi protocol
@CreamdotFinance
hacked for more than $130 million. According to SlowMist AML statistics, the hacker has profited a total of 2760.22 ETH and 60 tokens including HBTC, USDT, BUSD, etc. SlowMist will continue to monitor the transfer of stolen funds.
🚨SlowMist Security Alert🚨
There's a known operational issue in the LDO Token contract that has recently been exploited by malicious actors for “fake deposit” attacks on exchanges.
the _executeCrossChainTx function. Therefore, the attacker uses this function to pass in carefully constructed data to modify the keeper of the EthCrossChainData contract. It is not the case that this event occurred due to the leakage of the keeper's private key.
🚨SlowMist Security Alert🚨
After a thorough analysis of the
@Ledger
Connect Kit supply chain attack, the SlowMist security team identified that the attack was orchestrated by the well-known phishing group called
#AngelDrainer
. Additionally, the Angel Drainer phishing group…
🚨SlowMist Security Alert: OKX DEX Proxy Admin Owner's Private Key Suspected to be Leaked🚨
According to information from SlowMist Zone, the OKX DEX contract appears to have encountered an issue. After SlowMist's analysis, it was found that when users exchange, they authorize…
🚨 New Scam Alert 🚨
Beware! Scammers on chat apps like Telegram are now using a sly method to steal your funds. They trick users into transferring small amounts, like 0.1 USDT, to a 'public chain' address.
But beware: entering this address could wipe out your entire account!…
👏👏SlowMist has reached a long-term cooperative relationship with
@autofarmnetwork
, the hyper-optimised cross-chain yield aggregator launched on BSC & HECO. We will work together for the development of the DeFi ecosystem and improve the safety of the DeFi ecosystem!!
#DeFi
🚨 Exciting News from SlowMist! 🚨
We're elevating
#Web3
compliance, security, and growth with our upgraded AML services.
Our latest AML enhancements tackle the complexities of modern money laundering, offering robust protection for digital assets and ensuring projects meet…
According to the SlowMist’s BTI System, it was found that all ETC the 51% attacker took from exchanges have returned to them at 11:00 on January 10, 2019. Including
@YobitExchange
's 122735 ETC and
@gate_io
's $100,000 worth ETC.
@ClassicIsComing
@eth_classic
🚨SlowMist Security Alert🚨
Recently, we and our partners discovered a large-scale APT attack directed by the North Korean
#LazarusGroup
against the cryptocurrency industry.
The attack method is as follows:👇
The attacker first disguises his identity, deceives the auditor…
🎉🌐6 Incredible Years at SlowMist - Thanks to You!🌐🎉
As we hit this milestone, a heartfelt thank you to our amazing community. Your support has been the key to our journey.🗝💙
🎮To celebrate, we've prepared something special! Join our anniversary game - a token of our…
📣We're thrilled to announce our new product:
@MistTrack_io
#MistTrack
utilizes blockchain analytics to generate visual representations of transactions on the
#Ethereum
and
#TRON
networks. Additional networks to come.
A🧵on some of the features:
🚩SlowMist Security Alert 🚨
Zksync era mainnet SyncDex project has exited with a rugpull, resulting in over $370,000 USD in losses.
The SyncDex project on the Zksync era mainnet was rugged at 3:00 am UTC +8, and the official Twitter account has now been deleted. A total of…
1)The cross-chain interoperability protocol
@PolyNetwork2
was attacked, and a total of more than 610 million US dollars were transferred to 3 addresses. The impact caused the transfer of large assets of the O3 Swap cross-chain pool.
Good to have you back
@samczsun
.
Thank you for initiating
@_SEAL_Org
, our CTO Blue is also a member of the group, alongside numerous security experts we’ve had the privilege of knowing throughout the years—all of whom are outstanding individuals.
In the event of a hack…
I'm back, did you miss me? I have some huge news!
Over the last year and a half, I've been working on something big in secret with the rest of the crypto security community. Today, we're finally ready to reveal ourselves to the world. We are
@_SEAL_Org
🔍Uncover the latest tactics of North Korean hacker group in our new article!
Analysis of
#LazarusGroup
's Targeted Phishing Scams on Telegram
🚨The malicious IP (104.168.137.21) is associated with numerous domains impersonating other projects. Please be vigilant and take…
Qtum(
@QtumOfficial
) joined SlowMist Zone and release the "Security Vulnerability and Threat Intelligence Bounty Program". Qtum will award hackers up to $10,000 for critical security issues. Details on the scope follow:
Super proud of our team and their efforts for helping us be included in the new United Nation Security Council report.
Pages 539 and page 553
A special thanks to
@CFInvestigators
for spotlighting our contribution.
🥳We're thrilled to announce: "Blockchain Dark Forest Selfguard Handbook"
We are working with and welcoming more high-quality
#Web3
partners to improve the security awareness.
We specially created the DarkHandBook website.⬇️
📕:
Is
@TornadoCash
truly anonymous
In this thread, we will be using our in-house AML ( Anti Money Laundering) MistTrack to analyze a $270 million incident from 2020 where the hacker tried to hide their stolen funds with Tornado Cash.
🚨SlowMist Security Alert🚨
1/
@coinexcom
Exploiter,
@Stake
Exploiter and
#Alphapo
Exploiter may all have ties to the North Korean Hackers known as
#LazarusGroup
.
Here’s how we came to that conclusion:
#bZx
private key compromised, over $55 million dollars stolen so far. We’ll continue to update as more information is discovered.
@RektHQ
@ChainNewscom
@bZxHQ
🚨Beware of WalletConnect Phishing Risks in Web3 Wallets 🚨
Here's a thread on how users are exposed to phishing attacks through inappropriate use of WalletConnect in Web3 wallets.
1/ It’s been a crazy week😬, here are some of the attacks and scams that happened in Web3 this week.
For a complete list of all previous incidents, visit
🧵👇
📢Excited to announce our latest article:
'Introduction to Smart Contract Auditing - Front Running.'
Delve into the nuances of front running attacks and equip yourself with best practices against them.
🚨$ARB Airdrop, Scammers' Carnival🚨
After the $ARB airdrop, while the community is cheering, scammers are enjoying the carnival by stealing $ARB through phishing, front-running leaked private keys, etc. Here is a simple example:👇
The scammer built an …
Due to a reentrancy issue,
@NftTrader
appears to have been exploited. Please revoke approval for the following addresses ASAP:
0x13d8faf4a690f5ae52e2d2c52938d1167057b9af
0xc310e760778ecbca4c65b6c559874757a4c4ece0
🚨SlowMist Security Alert🚨
Recently, a well-known exchange suffered a false top-up attack from
#Aptos
.
According to analysis by the SlowMist security team, Aptos’ coin transfer mechanism made an important update on January 15, 2023. Prior to this, the recipient had to…
1/ We're excited to present our mid-2023 report on Blockchain Security & Anti-Money Laundering, providing a comprehensive view of the state of blockchain security and AML developments worldwide.
🌐 Let's dive in. 🧵
Since the $BNB Chain was suspended, the ~$430M on it cannot be transferred any further.
In total, over $110M was moved off the BNB Chain
Frozen: ~6,5M $USDT
Supplied to lending pools: ~$37.5M
Borrowed: ~$16.5M
Still have access to: $83.3M
💫Exciting news!
The SlowMist 2022 Annual Blockchain Security and AML Analysis Report is here!
Our comprehensive report provides valuable insights and analysis on the latest trends and developments in
#blockchain
security and
#AML
.
Let's dive in🧐
🚨SlowMist Security Alert🚨
Recently,
@Google
Authenticator iOS has launched version 4.0, which supports cloud synchronization. Users can synchronize the verification code generated by the authenticator to all Google accounts and devices, and can obtain the verification code at…
🚨SlowMist Security Alert🚨
@ankr
deployer’s key was suspected to be leaked, and the hacker minted a total of 60 trillion aBNBc. Part of the funds has been cross-chained from BSC to ETH and Polygon. Currently, 900 BNB were transferred to
@TornadoCash
.
🚨 Breaking News: SlowMist AML(
@MistTrack_io
), in collaboration with Taiwan's Criminal Investigation Bureau, Judicial Reform Foundation, and XREX, has set a legal precedent by cracking a complex crypto scam case! 🕵️♂️💼🔍
For the first time in Taiwan's judicial history, advanced…
🚨SlowMist Security Alert🚨
Recently, victims have been phished by people pretending to be journalists. The scammer often spoke broken Chinese and sends a normal-looking Calendly link. However, upon clicking, the link’s name changes to “Calendly.”, with an additional dot. This…
🚨SlowMist Security Alert🚨
@starsarenacom
appears to have been stolen due to a major security breach in its smart contract, please do not deposit funds.
Currently, the hacker transferred 266,103 $AVAX to the address (0xa2Eb...ad7A). The address (0xa2Eb...ad7A) transferred…
🛡️ After evaluating many auditors in the defi space, we have finalized and engaged
@SlowMist_Team
to audit our MMO contracts because they are the top anti-exploit specialist in the space!
We will update once the audit is completed ✅
#SafetyOurKeyPriority
#LFCRO
#Cronos
Ontology has settled in the SlowMist Zone and issued the "Security Vulnerability and Threat Intelligence Bounty Program".
@OntologyNetwork
will award hackers up to 6,400 ONG for critical security issues. Details on the scope follow:
⚠️SlowMist Security Alert⚠️
Another New Scam: Malicious Modification of RPC Node Links to Steal Assets
Scammers are manipulating RPC links to show fake USDT balances, tricking users into thinking they've been paid.
Learn how to protect yourself here:
3)If you have doubts about the information related to SlowMist declared by the outside world, please visit the official inquiry channel of SlowMist () for inquiry, and the inquiry result shall prevail.
🚨SlowMist Security Alert🚨
@Balancer
is currently experiencing a
#BGP
Hijacking attack. Accessing the website and connecting a wallet may expose users to phishing attacks.
Below is the analysis by the SlowMist team regarding this attack:👇
🚨SlowMist Security Alert🚨
Due to issues in the MigrateTroveZap contract,
@PrismaFi
is still being continuously exploited. The protocol can be paused through PrismaCore. Please take action ASAP!
🚨SlowMist Security Alert🚨
<Gas fee thieves in "normal" transactions>
According to SlowMist Zone Intelligence, a token called $GPT has recently appeared on the BSC Chain, with the contract address 0x513C285CD76884acC377a63DC63A4e83D7D21fb5.
When users approve this token,…
🚨SlowMist Security Alert🚨
@iearnfinance
was attacked earlier today and the exploiter was able to steal $10 million in digital assets.
Here's what happened👇:
On April 13, 2023, the decentralized yield aggregation platform Yearn Finance was attacked, resulting in the theft of…
1/4 Transit Swap hacker was front-run by an arbitrage bot when he transferred BUSD assets from the user on the BSC chain, block height 21816885, and made a profit of 1.07 million $BUSD
🚨SlowMist Security Alert🚨
We detected potential suspicious activity related to
@_LiquidCrypto
. Please revoke approval for the following addresses ASAP:
BSC: 0x7aF28f224CF764e308463eDe2c34276d082092d4
AVAX: 0xf6b9EaFfBc8aC294102f93A661E3075C721f7a6a
ETH:…
@vechainofficial
has settled in the SlowMist Zone and issued the "Security Vulnerability and Threat Intelligence Bounty Program". VeChain will award hackers up to $10,000 for critical security issues. Details on the scope follow:
#VeChainThor
@VeChainThor
1/ To start, we'll first need to understand how deposits work on exchanges. The process typically involves:
These stages might sound straightforward, but they are where false top-up attacks take place.
The hacker converted $25.5M $USDC to $ETH and scattered 6250 ETH to various wallets. Of these transfers, 1221 ETH was transferred to
@FTX_Official
and
@Cryptocom
. Nearly 175k ETH still remains at the hacker's address. The funds to launch this attack originated from
@binance
.
🚨SlowMist Security Alert🚨
A new cryptocurrency theft software, Mystic Stealer, appears.
The propaganda for this malware is mainly in Russian, which shows that it is a typical Eastern European hacking group.
The
#malware
can attack 40 browsers, 70 browser extensions, and…
🚨SlowMist Security Alert🚨
Beware of the phishing website: .
Recently, the website conducts phishing attacks by writing malicious MEV bot codes. Victims have deployed the code they copied from the site. However, there is a risk with the start and…
🚨SlowMist Security Alert🚨
December 14, 2023 8:33 PM, ledgerhq/connect-kit suffered a supply chain attack.
1/ The attacker implanted malicious JS code in version ledgerhq/connect-kit >1.1.4 to launch phishing attacks against cryptocurrency users. DApps using…
🚨SlowMist Alert🚨
On August 29, a large number of users files were attacked by ransomeware via [.]locked suffix. The attacker (bc1q...4m7v) received 0.3 BTC paid by two wallets.
We recommended users to be cautious and have security measure in place to avoid attacks like this.
The SlowMist security team has open-sourced the
#Web3
Project Security Practice Requirements, which provides detailed practice requirements and recommendations to help Web3 project development teams identify and prevent potential security risks.
Web3 project teams can refer to…
🧐The FBI has traced 1,580 bitcoins, worth more than $40 million, stolen by North Korean hacking groups (Lazarus Group and APT38), stored in six addresses. The stolen funds included $60 million from
#Alphapo
and $37 million from
#CoinsPaid
.👀
Here is our previous analysis👇…