ChainCatcher news, on-chain detective ZachXBT updates that the assets stolen by the LastPass attacker have risen to $12.38 million, coming from over 100 victim addresses.Previous news, on-chain analyst ZachXBT disclosed that the LastPass attacker targeted over 40 victim addresses, stealing approximately $5.36 million in crypto assets. The attacker then exchanged the stolen funds for ETH and attempted to cover the flow of funds by transferring assets across chains from the Ethereum network to the Bitcoin network through multiple instant exchanges.

ChainCatcher news, the Solana ecosystem algorithmic stablecoin protocol Nirvana Finance has announced that it has opened the claims for compensation and will launch Nirvana V2 on December 18 at 2:00. Original ANA holders can experience the application in advance.Previously, in July 2022, hacker Shakeeb Ahmed stole approximately $3.5 million in stablecoins by manipulating the protocol's pricing mechanism. After collaborating with the U.S. Department of Justice, Department of Homeland Security, and IRS, Nirvana successfully recovered the stolen funds, and Ahmed was sentenced to three years in prison, during which he was ordered to return the cryptocurrency and pay $3.4 million in restitution. (Jin Shi)

ChainCatcher news, on-chain analyst ZachXBT revealed that the LastPass attackers targeted over 40 victim addresses, stealing approximately $5.36 million in crypto assets. The attackers then exchanged the stolen funds for ETH and attempted to obscure the flow of funds by transferring assets across chains from the Ethereum network to the Bitcoin network through multiple instant exchanges.

ChainCatcher news, according to Forbes, security company ESET has just released its latest threat report, which examines the threat landscape trends from June to November 2024. The number of password theft attacks targeting cryptocurrency wallets has increased, with the most significant rise occurring among macOS users.The report states: "According to ESET's telemetry data for the second half of 2024, the number of password-stealing software across multiple platforms (especially Windows, macOS, and Android) has increased," but compared to the first half of the year, the detection of password-stealing software targeting cryptocurrency wallets on macOS has more than doubled. Meanwhile, the number of password-stealing software on the Windows platform grew by 56%, while financial threats on the Android platform, including password-stealing malware, increased by 20%.ESET's analysis shows that the number of password-stealing software targeting the macOS platform (especially those related to cryptocurrency wallet credentials) surged by 127%. Security researchers noted: "Although these threats cannot be simply classified as password-stealing software just because they have broader functionalities, they do reveal a significant upward trend in password theft activities on the macOS platform." From a geographical perspective, ESET's analysis indicates that attacks on Bitcoin and other cryptocurrencies targeting macOS are mostly aimed at the United States, followed by Italy, China, Spain, and Japan.

ChainCatcher news, NFT project Pudgy Penguins' security officer Beau posted that a phishing email attack regarding fake PENGU tokens has been discovered, reminding community users to remain cautious. Token release information will only be published on Pudgy Penguins' official X account and Discord channel. The community should verify all content through official channels to ensure its authenticity. As of now, Pudgy Penguins has not provided any token listing or claiming website.

ChainCatcher message, Scam Sniffer disclosed on the X platform that two victims recently lost 272 SOL due to a Solana address poisoning attack. The same fraudster has caused over 3.1 million dollars in losses through Solana address poisoning attacks in the past month.

ChainCatcher message, according to MistTrack monitoring, the DEXX event attackers are currently continuously swapping assets and bridging to Ethereum. As of now:The address 0xFFB9 still has a balance of $620,000, distributed across Ethereum, BNB Chain, and Base chain.The DEXX hacker has transferred 6212.4 ETH to Tornado Cash.

According to ChainCatcher news and the official blog, 1inch disclosed that it discovered a security vulnerability on December 9, allowing attackers to fraudulently gain access to the private keys belonging to the owner of the 1inch Labs parser smart contract.The attackers exploited this access to change the contract's settings and transferred funds from the 1inch parser. 1inch stated that its team acted quickly to resolve the issue, the attackers revoked the stolen access, and 1inch strengthened its security measures to prevent such incidents from happening again in the future.1inch stated: "Since our protocol is non-custodial, user funds are safe. The 1inch application and infrastructure are unaffected and remain completely secure."

ChainCatcher message, according to MistTrack monitoring, so far, DEXX attackers have transferred over 4700 ETH to Tornado Cash.

ChainCatcher message, Haven Protocol has been attacked due to a vulnerability in the "range proof verification." The vulnerability allows hackers to illegally mint XHV without detection. The amount of XHV reported by exchanges exceeds 500 million, while audit data shows the current supply is only 263 million, indicating that the excess may have been generated through the vulnerability.The team has confirmed that the issue lies in the "range proof verification" feature introduced after the Haven 3.2 reconstruction based on Monero, and the team has advised exchanges to halt trading on all trading pairs.

ChainCatcher news, according to PeckShieldAlert, the Clober liquidity pool has been hacked, resulting in a loss of 133 ETH, worth approximately $500,000. Currently, the attacker has bridged the stolen funds from the Base network to the Ethereum network.

ChainCatcher news, according to Forbes, researchers have confirmed that a malware attack targeting macOS users has been active for four months. This attack uses malware disguised as a video conferencing application to steal passwords from Keychain, as well as session cookies and cryptocurrency wallet information from browsers like Google Chrome, Brave, and Opera.According to Tara Gould from Cado Security Labs, the attackers use AI-generated content to create fake websites and social media accounts, posing as trustworthy businesses. Victims are often contacted through platforms like Telegram, discussing business opportunities related to blockchain or cryptocurrency. Once the file is installed, users are prompted to enter their macOS password, further facilitating data theft.Security experts advise users to remain vigilant, especially regarding unfamiliar links related to business. Using protective tools like Intego VirusBarrier can effectively defend against such threats.

ChainCatcher message, the Web3 security team Scam Sniffer posted on X that most Solana wallet theft programs actively use third-party domains to bypass wallet blacklists. (For example, registering expired DAPP domains, now exploiting XSS vulnerabilities.)If users see a DAPP pop up a second window (or redirect) asking them to connect in another window, please carefully check if it is safe.

ChainCatcher news, according to a report by Cointelegraph, Radiant Capital stated in an updated investigation report on December 6 that the cybersecurity company Mandiant has assessed with high confidence that the attack was carried out by threat actors affiliated with North Korea (DPRK).The platform mentioned that a Radiant developer received a Telegram message on September 11, which contained a compressed file from a "trusted former contractor," requesting feedback on a new project they were planning. Upon review, this message was suspected to be from threat actors allied with North Korea impersonating the former contractor. "This ZIP file, when shared with other developers for feedback, ultimately delivered malware that facilitated the subsequent intrusion."Radiant Capital believes that the threat actors responsible for the incident are referred to as "UNC4736"—reportedly associated with North Korea's main intelligence agency, the Reconnaissance General Bureau (RGB), and speculated to be a subgroup of the hacking organization Lazarus Group.Previous report stated that the cross-chain lending protocol Radiant Capital suffered a cyber attack, resulting in losses exceeding $50 million.

ChainCatcher news, according to Decrypt, the founder of blockchain security company Immunefi, Mitchell Amador, stated in an interview that despite the threat of "professional DeFi attackers," the cryptocurrency space is undoubtedly becoming increasingly secure, and at a very fast pace.He pointed out the results of Immunefi's Q3 2024 report, which found that losses caused by cryptocurrency hackers decreased by 38% year-on-year, falling to just below $424 million.Amador added that hacking attacks on DeFi protocols have become a "full-time job" for professional attackers, and DeFi hacking has become "an infinitely sustainable and viable industry."

ChainCatcher news, on-chain detective ZachXBT posted on social media that the Radiant attacker has been making ETH long positions on Hyperliquid through multiple addresses, currently earning about $600,000.Previously, it was reported that Radiant Capital was hacked on October 16 this year, resulting in a loss of approximately $50 million.

ChainCatcher news, Radiant Capital's official report on the October theft has been released today.Radiant Capital stated that although the investigation is still ongoing, the security company Mandiant is highly confident that the attack was carried out by malicious actors linked to North Korea.ChainCatcher previously reported that according to information disclosed by the security company Ancilia, the cross-chain lending protocol Radiant Capital suffered a cyber attack on the early morning of October 17, resulting in losses exceeding $50 million. Radiant is controlled by a multi-signature wallet (referred to as "multisig"), and it is claimed that the attackers gained control of the private keys of multiple signers, subsequently taking control of several smart contracts.

ChainCatcher message, DEXX posted on platform X stating: "To all users affected by this hacking incident, we deeply bow and express the DEXX team's most sincere apologies. Due to negligence regarding security, user losses occurred. The DEXX platform is willing to bear all negative consequences and will do its utmost to compensate all users harmed in this incident.We call for a halt to the harm and attacks, as we are the victim platform and you are the victims. Perhaps when everyone is at their breaking point and considering fleeing, your little support is the motivation for us to persevere.We will not flee, we are willing to compensate, we will not abandon our users, and we are committed to protecting the platform."

ChainCatcher news, DEXX official announced on social media that the hacker attack on November 16 affected approximately 12,413 addresses on the Solana, ETH, BASE, and BSC blockchains, resulting in losses including 32,969 SOL, 634.56 ETH, 204.69 BNB, and other tokens. The compensation plan includes:Developing a compensation module, with security guidance features for high-risk users and wallets entering the testing phase for the completion of subsequent compensation work;Continuously tracking hacker addresses and compensating affected users as soon as assets are recovered;80% of the platform's daily revenue will be regularly used for compensation to affected users' associated addresses, with the remaining used to maintain the team's daily operations and development work;Implementing a debt-to-equity conversion plan to provide equity compensation to affected users based on financing valuation;Seeking financing solutions, and once financing is completed, funds will be separately allocated to create a compensation plan for affected users;The platform will airdrop a portion of platform tokens as additional rewards for stolen users.Regarding financing, DEXX officials stated that they are actively pursuing equity financing and have made some progress, coordinating and communicating with potential institutions to support the platform's subsequent compensation and operational work.