ChainCatcher news, Slow Mist founder Yu Xian released a response guide regarding computer infection issues and made additions to the Chinese version of the Black Book.He pointed out that hacker organizations often use social engineering to induce users to install malware or run malicious code, such as pretending to be investors, journalists, or HR to lure users into meeting software, or disguising as Telegram and Cloudflare verification requests to get users to run malicious code.Yu Xian suggested that infected users take the following measures promptly: transfer wallet funds, change important account passwords and check for unknown device logins, use reputable antivirus software to scan for viruses, and if necessary, reset the computer and scan backup files for viruses.He emphasized that these attacks target not only Windows but also Mac and some Linux systems.

ChainCatcher news reports that on-chain detective ZachXBT revealed that during his assistance in freezing Bybit hacker funds, he became acutely aware of the serious issues regarding security vulnerabilities and hacker attacks in the crypto industry. He stated that multiple "decentralized" protocols have recently derived almost 100% of their monthly trading volume and fees from the North Korean hacker group DPRK, yet these projects refuse to take any responsibility.Moreover, centralized exchanges (CEX) are slow to respond, allowing hackers to launder money in just a few minutes, while some CEXs take hours to take action. ZachXBT also criticized the KYT (Know Your Transaction) system for its serious flaws, which are easy to circumvent, and noted that the KYC (Know Your Customer) mechanism poses more of a data leak risk for ordinary users due to account leaks and insider issues, while being nearly ineffective in preventing the flow of illegal funds.He pointed out that North Korean hackers DPRK recently successfully laundered $1.4 billion, fully exposing the compliance and security system vulnerabilities within the industry, and expressed concern that only government-mandated regulations could lead to improvements in the industry.

ChainCatcher news, according to @PeckShieldAlert monitoring, the Four.Meme hacker has stolen approximately 200 BNB (worth about $130,000) and transferred the funds to FixedFloat.

According to ChainCatcher news, SlowMist monitored that the Four.meme token was exploited by attackers who took advantage of a vulnerability before the token's release to steal liquidity.The attackers purchased a small amount of tokens before the release using the 0x7f79f6df function of Four.meme and utilized this feature to send the tokens to a PancakeSwap trading pair address that had not yet been created.This allowed the attackers to create a trading pair and add liquidity without needing to transfer the unreleased tokens, bypassing the transfer restrictions (MODE_TRANSFER_RESTRICTED) that were in place before the Four.meme token's release.Ultimately, the attackers added liquidity at an unexpected price, successfully stealing the liquidity from the pool.

ChainCatcher news, Wemade's blockchain subsidiary Wemix Foundation has disclosed a loss of approximately 8.65 million WEMIX tokens (worth about 6.22 million USD) due to a hacker attack. Its CEO Kim Seok-hwan stated that the hacker is unlikely to be the North Korean organization Lazarus Group, but rather a professional who infiltrated the system by stealing the service monitoring authentication keys from the NFT platform Nile. It is reported that the hacker prepared for this attack for two months and then attempted 15 withdrawals through the creation of abnormal transactions, of which 13 were successful.Kim Seok-hwan also revealed plans to reopen all Wemix services on Friday and will upgrade security measures on the new blockchain infrastructure.

ChainCatcher news, the blockchain gaming platform WEMIX under the South Korean listed gaming company Wemade disclosed a hacking incident on March 4, stating: "On February 28, 2025, approximately 8,654,860 WEMIX tokens were anomalously extracted due to a malicious external attack on Play Bridge Vault." WEMIX stated that it has taken immediate action to prevent further damage and is cooperating with law enforcement to track down the attackers. On March 13, the WEMIX Foundation executed 20 million WEMIX tokens to mitigate market impact.In addition, according to a report by Yonhap News Agency today, the loss caused by the hacking incident on February 28 amounted to approximately 9 billion won (about 6.22 million USD). The WEMIX Foundation emphasized in response to external accusations of delayed announcements that it "never had any intention or attempt to conceal the hacking incident." A representative of the WEMIX Foundation stated, "After discovering the hacking incident on February 28, we immediately shut down the affected servers and began a detailed analysis. On the same day, we submitted a complaint against the unidentified attackers to the Cyber Investigation Division of the Seoul Police Agency, and the National Investigation Agency is currently investigating. Since the method of intrusion has not yet been determined, hastily releasing an announcement could expose us to further attack risks, which is why we did not issue an immediate announcement. As most of the stolen assets have already been sold off, the market impact has already occurred, and it is difficult to ensure there are no further risks. If we had announced immediately, it could have triggered market panic."

According to ChainCatcher news, after the North Korean hacker group Lazarus Group attacked Bybit, they began to exchange some of the stolen assets for Bitcoin. Data shows that the group now holds 13,562 BTC, worth approximately $1.14 billion. This has led to a continuous increase in North Korea's Bitcoin holdings, which have now surpassed those of El Salvador (6,117 BTC) and Bhutan (10,635 BTC), making it the third largest government entity in terms of Bitcoin holdings globally, only behind the United States (198,109 BTC) and the United Kingdom (61,245 BTC).

ChainCatcher news, according to on-chain detective ZachXBT's post on his personal channel, a highly credible investigation into Tornado Cash asset theft shows that on March 11, 2025, after using Tornado Cash for mixing, North Korean hackers used part of the ETH funds to purchase 437.6 billion PEPE, worth 3.1 million dollars. A more detailed analysis reveals that the North Korean hackers encountered asset theft using a compromised Tornado Cash user interface.Previous news, according to Lookonchain monitoring, three wallets made large purchases of 689.79 billion PEPE (total value of approximately 4.3 million dollars), and their funds all came from Tornado Cash.

ChainCatcher news, Kaito AI founder Yu Hu posted on the X platform stating that according to relevant clues, the hacker who attacked Kaito AI's official Twitter and his own X account is suspected to be related to the hacker who previously attacked @tier10k. This hacker profited nearly 1 million dollars by opening positions on Hyperliquid.

ChainCatcher news, according to TechCrunch, Aleksej Besciokov, co-founder of the Russian cryptocurrency exchange Garantex, was arrested by local police in Varkala, Kerala, India on March 12. The exchange had previously been sanctioned by the EU and the US government.Indian police confirmed that the arrest was based on a warrant issued by the Patiala House Court in New Delhi, executed at the request of the US government. A spokesperson for the US Department of Justice, Nicole Oxman, confirmed this news to TechCrunch but declined to comment further.Last week, the US Department of Justice charged Besciokov with personally approving transactions on Garantex related to North Korean government hackers and other cybercriminals, and filed criminal charges against him for assisting in money laundering through the cryptocurrency exchange. US authorities have frozen over $26 million in cryptocurrency assets and seized Garantex's website.

ChainCatcher news, according to Decrypt, the Socket research team has discovered in a new attack that the North Korean hacker group Lazarus is associated with six new malicious npm packages that attempt to deploy backdoors to steal user credentials.Additionally, this malware can extract cryptocurrency data and steal sensitive information from Solana and Exodus crypto wallets. The attacks primarily target files from Google Chrome, Brave, and Firefox browsers, as well as keychain data on macOS, specifically tricking developers into inadvertently installing these malicious packages.The six discovered malicious packages include: is-buffer-validator, yoojae-validator, event-handle-package, array-empty-validator, react-event-dependency, and auth-validator. They lure developers into installation through "typosquatting" (exploiting misspelled names). The APT group has created and maintained GitHub repositories for five of these packages, disguising them as legitimate open-source projects, increasing the risk of developers using the malicious code. These packages have been downloaded over 330 times. Currently, the Socket team has requested the removal of these packages and reported the related GitHub repositories and user accounts.Lazarus is a notorious North Korean hacker group, linked to the recent $1.4 billion Bybit hack, the $41 million Stake hack, the $27 million CoinEx hack, and countless other attacks in the crypto industry.

ChainCatcher news, according to Decrypt, cybersecurity company Kaspersky has discovered that hackers are using copyright complaints to threaten YouTube content creators, forcing them to add the cryptocurrency mining Trojan SilentCryptoMiner in their video descriptions. This malware is based on XMRig and is used to mine cryptocurrencies such as Ethereum, Ethereum Classic, Monero, and Ravencoin, and it controls a botnet via the Bitcoin blockchain.The primary targets of the hackers are YouTubers who provide installation tutorials for the Windows Packet Divert driver. They first launch false copyright complaints against the videos, then contact the creators claiming to be the developers of the driver, demanding that they add malicious links. Currently, it is known that one YouTuber with 60,000 followers has fallen victim, leading to over 40,000 downloads of the infected files. Kaspersky estimates that at least 2,000 devices have been infected.Kaspersky security researcher Leonid Bezvershenko warned that hackers are exploiting the trust between YouTubers and their audiences, and such threats may spread to platforms like Telegram. He advises users not to trust tutorials that request disabling antivirus software and to verify the source before downloading any files to prevent infection by cryptocurrency mining Trojans.

ChainCatcher message, Bybit CEO BEN responds to OKX Star: "We have not made any statements regarding this Bloomberg article; it should just be based on the facts shown by on-chain data. When we saw some funds flowing to OKX web3, we contacted the OKX web3 team and requested assistance in tracking the funds' whereabouts. Your team responded and provided us with the logic, allowing us to continue tracking most of the funds. What the hackers did was use multiple cross-chain bridges to convert ETH to BTC, with Thor being the largest cross-chain bridge they used. I hope this clarifies things."

ChainCatcher news, the Russia-backed hacker group "Dark Storm" claims responsibility for the recent distributed denial-of-service (DDoS) attack that caused a massive outage on the X platform.According to information released by the cybersecurity organization SpyoSecure on March 10 on the X platform, Dark Storm claimed to have carried out the attack in their Telegram channel. The channel was subsequently deleted for violating the platform's terms of service.Social media figure Ed Krassenstein also stated that he contacted the leader of Dark Storm, who confirmed this claim and stated that the attack was intended to demonstrate their strength, with no political motives.X platform owner Elon Musk confirmed that the platform experienced a cyber attack on March 10, causing some users to be unable to access it, but user functionality was quickly restored. In an interview with Fox Business Channel, he stated that the attack originated from IP addresses in the Ukraine region.Additionally, Tesla's recent stock price drop may be related to protests triggered by spending cuts from the government efficiency department (DOGE) led by Musk.

ChainCatcher news, blockchain security company CertiK issued a warning, as its security team detected multiple suspicious transactions on the Arbitrum network. An attacker with the address 0x97d8170e04771826a31c4c9b81e9f9191a1c8613 may have exploited a vulnerability in arbitrary calls to bypass signature verification, stealing approximately $140,000 from multiple unverified exchange adapter contracts.

ChainCatcher news, according to the Decurity security team, the 1inch protocol suffered a serious DeFi attack on March 5, 2025, at 5 PM (UTC). The hacker exploited a callback option vulnerability in the old 1inch Settlement contract to obtain funds.The vulnerability stemmed from a data corruption issue in the order suffix processing, allowing the attacker to overwrite the parser address and call any parser, resulting in a loss of funds for the market maker TrustedVolumes. According to the Decurity team's analysis, this vulnerability existed in the code that was rewritten from Solidity to Yul in November 2022. Despite being audited by multiple security teams, the vulnerability remained in the system for over two years.After the incident, the attacker inquired through on-chain messages, "Can I get a bounty?" and subsequently negotiated with the victim, TrustedVolumes. After successful negotiations, the attacker began returning the funds on the evening of March 5 and ultimately returned all funds except for the bounty by 4:12 AM (UTC) on March 6.As one of the auditing teams for Fusion V1, Decurity conducted an internal investigation into this incident and summarized several lessons learned, including clarifying the threat model and audit scope, requiring additional time for code changes during the audit period, and verifying deployed contracts, among others.

ChainCatcher message, according to feedback from community members, a deposit of 74 BTC yesterday was not recorded to the corresponding transaction hash on the mainnet. Currently, the existing deposits on the Odin platform are only 88 BTC, which may have been subjected to a hacker attack. In addition, crypto KOL Yuyue stated that the platform's funds are temporarily unable to be withdrawn.

ChainCatcher news, Safe announced that its joint security investigation with Mandiant (now part of Google Cloud) has made significant progress and confirmed that the theft incident on Bybit on February 21 was perpetrated by the North Korean hacker group TraderTraitor, which has previously targeted the crypto industry multiple times.The attackers compromised the laptop of a Safe{Wallet} developer and hijacked an AWS session token to bypass multi-factor authentication controls. This developer is one of the few with higher privileges to perform their duties.Safe calls on the Web3 ecosystem to collectively address the increasingly complex security threats and to enhance the optimization of transaction verification tools to improve user security. The official team has released a detailed transaction verification guide and plans to further optimize the user experience to reduce potential risks.

ChainCatcher news, the Bitrace on-chain security analysis team disclosed that the Loopring hacker has begun to transfer the stolen funds, with 30 ETH having been transferred to Thorchain. The Bitrace team issued an alert on social media, reminding the Loopring community to stay vigilant.Previous news, the Loopring smart wallet was hacked in June last year.