According to ChainCatcher's message, KiloEx stated in a post that the root cause analysis and summary of the hacking incident revealed that the incident was caused by its smart contract's TrustedForwarder contract inheriting OpenZeppelin's MinimalForwarderUpgradeable but failing to override the execute method, which allowed the function to be called arbitrarily.The attack occurred between April 14, 18:52 and 19:40 (UTC), with the hacker deploying attack contracts across multiple chains including opBNB, Base, BSC, Taiko, B2, and Manta. After negotiations, the hacker agreed to retain 10% of the bounty and has returned all stolen assets (including USDT, USDC, ETH, BNB, WBTC, and DAI) to the multi-signature wallet designated by KiloEx.

ChainCatcher news, Slow Mist founder Yu Xian stated on social media that the ENS chief developer was previously targeted by a phishing attack that exploited a vulnerability in Google's infrastructure. The phishing gang deceived users by disguising phishing emails as official Google communications, leading to users being targeted by law enforcement. Although Google has implemented countermeasures, today this phishing gang launched a new round of phishing attacks and will continue to lure users to a "google.com" subdomain, enticing users to disclose their account passwords and immediately add a Passkey.ChainCatcher previously reported that ENS chief developer nick.eth mentioned on social media that he encountered an extremely sophisticated phishing attack that exploited a vulnerability in Google's infrastructure, but Google refused to fix the vulnerability.He indicated that the attack emails appeared very authentic, could be verified through DKIM signatures, and were displayed normally in Gmail, alongside other legitimate security warnings. The attackers utilized Google's "Sites" service to create a trustworthy "support portal" page, as users would see "google.com" in the domain and mistakenly believe it was safe, so users need to remain vigilant.

ChainCatcher news, according to PeckShieldAlert, the attacker address marked in the KiloEx attack incident has returned approximately 5.5 million dollars worth of crypto assets to KiloEx.

ChainCatcher news, according to PeckShield monitoring, the address marked by the KiloEx attacker has returned approximately 1.4 million USDT to KiloEx.

ChainCatcher news, according to Cointelegraph, Manta Network co-founder Kenny Li revealed a highly sophisticated phishing attack. The attackers used video footage of real team members during a Zoom video call, attempting to lure him into downloading malware.Li stated that the other party's camera was on during the video call and the facial footage was real, but there was no sound. The system prompted him to update Zoom and download a script file, which raised his alert. He believes this attack may have been initiated by the North Korean state-sponsored hacker group Lazarus. After being asked to verify identity via Telegram, the attackers immediately deleted all messages and blocked him.

ChainCatcher news, according to the blockchain security company CertiK, its early warning system detected a phishing attack incident, resulting in a loss of approximately 543,000 USDC stablecoins.

ChainCatcher news, ENS chief developer nick.eth posted on social media that he encountered an extremely complex phishing attack that exploited a vulnerability in Google's infrastructure, but Google refused to fix the vulnerability.He stated that the attack emails appeared very authentic, could be verified through DKIM signatures, and were displayed normally in Gmail, alongside other legitimate security warnings. The attackers utilized Google's "Sites" service to create a trustworthy "support portal" page, as users would see "google.com" in the domain and mistakenly believe it was safe, urging users to remain cautious.

ChainCatcher news, according to Cyvers Alerts monitoring, the 1ROR/WETH pool on the Ethereum chain has been attacked, resulting in a loss of approximately $780,000. The attacker exploited a vulnerability in the emergencyWithdraw() function, having previously deposited a small amount of funds to trigger the exploit.After the attack, the funds were quickly exchanged for ETH and transferred through multiple wallets, with some of the funds flowing to TornadoCash. Monitoring shows that the suspicious addresses used by the attacker were initially funded by TornadoCash.

ChainCatcher message, ZKsync posted on platform X stating that, after investigation, the administrator accounts of three airdrop distribution contracts have been compromised. The attacker invoked the sweepUnclaimed() function, minting approximately 111 million unclaimed ZK tokens from the airdrop contract. This incident only involves the airdrop distribution contracts, and all mintable funds have been fully minted, making further exploitation through this method impossible.The ZKsync protocol, ZK token contracts, all three governance contracts, and all active token cap minters have not been affected by this incident and will not be affected. They are currently coordinating with exchanges to restore operations and recommend that the attacker return the funds to avoid legal consequences.

ChainCatcher message, ZKsync posted on platform X stating that, after investigation, the administrator accounts of three airdrop distribution contracts have been compromised. The attacker invoked the sweepUnclaimed() function to mint approximately 111 million unclaimed ZK tokens from the airdrop contract. This incident only involves the airdrop distribution contracts, and all mintable funds have been fully minted, making further exploitation through this method impossible.The ZKsync protocol, ZK token contract, all three governance contracts, and all active token cap minters have not been affected by this incident and will not be affected. They are currently coordinating with exchanges for recovery efforts and advise the attacker to return the funds to avoid legal liability.

ChainCatcher news, according to Cointelegraph, Emblem Vault's CEO Jake Gallen was hacked after a suspicious Zoom video conference, resulting in a loss of over $100,000 in Bitcoin and Ethereum assets.It is reported that the attacker impersonated a YouTube blogger with over 90,000 subscribers, using Zoom's default remote access feature during a video interview to install malware named "GOOPDATE" on Gallen's computer. The cybersecurity company SEAL stated that the hacker group is known as "ELUSIVE COMET," which typically operates under the identity of Aureon Capital venture capital firm, causing millions of dollars in financial losses.SEAL security researchers recommend that cryptocurrency industry practitioners should promptly disable Zoom's remote access feature to prevent similar attacks.

ChainCatcher message, Slow Mist Technology's Chief Information Security Officer 23pds tweeted that "The root cause of the KiloEx attack lies in the serious vulnerabilities in the price oracle access control. Simply put, the oracle should have its price information updated by trusted entities, but due to the lack of necessary permission restrictions, attackers were able to bypass the verification mechanism and arbitrarily tamper with asset prices, thereby manipulating the contract logic."

ChainCatcher news, the official website of the mixed blockchain Aergo is temporarily inaccessible due to a DDoS attack. The technical team is actively addressing the issue and will restore access as soon as possible. Aergo reminds users to be vigilant against impersonation and fraud, as the team will not proactively send private messages or request funds or wallet information.Previous news, Binance will delist AERGO, AST, BURGER, COMBO, LINA.

ChainCatcher message, according to monitoring by Shield, the address marked as the Zoth attacker has transferred 400 ETH (approximately 650,000 USD) to the new address 0xE533...F260.

ChainCatcher news, according to PeckShieldAlert, due to a vulnerability in the Morpho Blue front end, an address is suspected to have suffered a loss of approximately 2.6 million dollars. The attack transaction was frontrun by the well-known on-chain arbitrageur c0ffeebabe.eth, and the funds were ultimately transferred to the address 0x1A5B...C742.

ChainCatcher news, according to PeckShieldAlert, the address marked as the Zoth attacker has transferred 1000 ETH (approximately 1.5 million USD) into Thorchain and has cross-chain transferred it to the Bitcoin (BTC) and Litecoin (LTC) networks through the platform.

ChainCatcher message, according to Cointelegraph, the Kaspersky report indicates that a dangerous malware is disguising itself as a Microsoft Office add-on on the SourceForge platform, specifically targeting cryptocurrency users for attacks. This malware employs clipboard hijacking techniques to automatically replace the cryptocurrency wallet addresses copied by users with the attacker's address, resulting in funds being directly transferred to the hacker's account. Security experts remind users to carefully verify wallet addresses when conducting cryptocurrency transactions to ensure transaction safety.

ChainCatcher news, GMGN co-founder Haze posted on platform X stating, "The platform has recently been experiencing intermittent traffic attacks aimed at taking our website down. However, we have managed to withstand them. We haven't issued announcements every time.Around 8 PM tonight, a sudden influx of traffic occurred, leading to a CAPTCHA on the website. The site didn't go down, but it affected user experience. GMGN has also provided a crawler IP whitelist for many community users (some of whom can perform data analysis, small products, and small businesses).Basically, it was issued with 0 conditions, and even if we mentioned a condition, we hardly reviewed it. Therefore, there are still many community users' crawlers on our website. In the future, to respond to traffic attack incidents and ensure user experience, we plan to strengthen traffic countermeasures. We also plan to start stopping some crawler IP whitelists."