ChainCatcher news, PeopleDAO core developer 0xAA posted on social media that Bit Browser has issued a notice stating that the Bit server's cached data has been compromised by hackers. Bit has reported the incident, and users with wallets that have enabled extended data synchronization are at risk of theft. It is recommended to take immediate action to transfer wallet assets until the official notification after the intrusion is completely fixed.ChainCatcher previously reported that, according to community news, several members of the crypto community have reported their private keys being stolen today, with speculation that this situation is due to the use of Bit Fingerprint Browser. In response, the official Bit Fingerprint Browser stated in the community that some versions of WPS For Windows have a remote code execution vulnerability, which attackers can exploit to execute arbitrary code on the victim's target host and take control of the host, among other things.

ChainCatcher news, PeopleDAO's tweet shows that the community treasury multi-signature wallet on the digital asset management platform Safe (formerly Gnosis Safe) was hacked on March 6 during the distribution of monthly contributor rewards, resulting in the theft of 76 ETH (approximately $120,000) through a social engineering attack. This incident is unrelated to the PEOPLE token contract.PeopleDAO collects monthly contributor reward information through Google Form, and the accounting head mistakenly shared a link with editing permissions in a public Discord channel. After gaining editing access through this link, the hacker inserted a payment of 76 ETH to their own address in the form and set it to be invisible. Due to this malicious concealment, the team leader did not notice it during the review, and after downloading the CSV file with the inserted data, submitted it to the Safe CSV Airdrop tool for reward distribution. With 80 transactions in the operation, 6 out of 9 multi-signature accounts did not notice the malicious transfer, and after signing and executing the transaction, 76 ETH was transferred to the hacker's address.With the assistance of SlowMist and ZachXBT, the team discovered that the attacked funds had been deposited into the HitBTC and Binance exchanges and contacted both exchanges. Additionally, PeopleDAO has reported this case to the FBI and FTC and will continue to cooperate with multiple parties to recover the losses. PeopleDAO stated that if the hacker returns the stolen funds within the next 48 hours, they will offer a 10% white hat bounty. (source link)