ChainCatcher message, according to Scam Sniffer monitoring, the malware "EdtiProAI" is attempting to exploit X ads to target potential victims. If users mistakenly install this software, their wallet private keys will be at risk.

ChainCatcher message, according to CertiK Alert monitoring, the private key of SUNRAY·FINANCE has been leaked, and the attacker has gained ownership of SUN and ARC tokens, minted a large number of tokens, and then sold them off to drain its DEX trading pair.Currently, the attacker has stolen $2.855 million in funds.

ChainCatcher news, according to CertiK monitoring, the largest hacker losses so far in October are due to private key leaks. In the third quarter, most losses were caused by PKC and phishing. Since the beginning of this month, CertiK has recorded 3 major PKC incidents, with total losses of approximately 60 million dollars: of which Radiant Capital is about 55 million dollars, Tapioca DAO about 4.5 million dollars, and Burve Protocol about 500 thousand dollars.

ChainCatcher news, Slow Mist's Chief Information Security Officer 23pds stated on the X platform that after analysis, it was found that Indodax's hot wallet private keys were not compromised by hackers, but rather other systems were attacked, such as signature machines.Previous news, on September 11 at 7 AM, according to Cyvers Alerts monitoring, Indodax's wallet conducted over 150 suspicious transactions across different networks, with a total loss of approximately 18.2 million USD, and suspicious addresses are exchanging various tokens for Ethereum.

ChainCatcher news, recently, McAfee discovered a new type of Android malware named SpyAgent, which can steal users' private keys by taking screenshots and using optical character recognition (OCR) technology on text within images. This malware spreads through malicious links in text messages; when users click the link, they are directed to a page disguised as a legitimate website and prompted to download a seemingly trustworthy application. Once installed, the malware can access users' contacts, messages, and local storage permissions. Currently, SpyAgent primarily targets South Korean users and has been found in over 280 fraudulent applications. Additionally, malware attacks are on the rise in 2024. The Cthulhu Stealer, discovered in August, affected MacOS systems and stole users' cryptocurrency wallet information. In the same month, Microsoft patched a vulnerability in Google Chrome that had been used by the North Korean hacker group Citrine Sleet to disguise fake cryptocurrency exchanges and spread malware through fraudulent job applications. The Federal Bureau of Investigation (FBI) has issued a warning, alerting the public that the cryptocurrency industry is becoming a primary target for North Korean hackers.

ChainCatcher message, SlowMist founder Yu Xian stated that the DAI L2 Deployer private key leak has led to some recently deployed L2 DAI contract addresses being "honeypot" addresses controlled by attackers.There are no related risks on Optimism and Arbitrum, but the contracts on Base and Polygon networks are unsafe. The mainnet DAI contract is secure.

ChainCatcher message, Slow Mist founder Cosine posted on social media to alert users of Seif Wallet that a small portion of private keys and passwords have been collected by the built-in third-party analytics platform in the wallet. Fortunately, this was discovered and reported by white hats. It doesn't seem like the third-party analytics platform is malicious; it feels similar to previous cases: mistakenly using Sentry to collect overly sensitive information that shouldn't have been collected.

ChainCatcher message, Sun Yuchen stated on social media: "Recently, I heard that the community has some concerns about my involvement in multiple projects including WBTC. I would like to clarify the following points:There have been no changes to WBTC compared to before. Audits are conducted in real-time and can be accessed via http://wbtc.network. The minting process is entirely managed by custodians Bitglobal and Bitgo according to the same procedures as before. Simply put, Bitglobal and Bitgo will not sign any unaudited transactions. The keys are still protected using the same Bitgo cold wallet technology and offline keys as before, with backups in multiple countries and regions.My personal involvement in WBTC is purely for strategic reasons. I do not control the private keys of the WBTC reserves, nor can I move any BTC reserves."

ChainCatcher news, according to Cointelegraph, the latest report shows that security researchers have discovered a new attack mechanism called "Dark Skippy," which hackers can use to extract private keys from Bitcoin hardware wallets that only have two-signature transactions. This vulnerability could affect all hardware wallet models, but it only activates when victims are tricked into downloading malicious firmware.The previous version of "Dark Skippy" required dozens of transactions to be effective, while the new version of "Dark Skippy" can execute with just a few transactions. Additionally, the attack can be carried out even if users rely on separate devices to generate their mnemonic phrases.The disclosure report was published by Lloyd Fournier, Nick Farrow, and Robin Linus. Fournier and Farrow are co-founders of the hardware wallet manufacturer Frostsnap, while Linus is a co-developer of the Bitcoin protocols ZeroSync and BitVM.

ChainCatcher message, economist Peter Schiff posted on social media that ETFs go against the original intention of Bitcoin; it is no longer decentralized, not peer-to-peer, easily confiscated, cannot be used as a payment currency, and cannot be transferred across borders. Users no longer hold private keys, so it is no longer their coin.

ChainCatcher news, OKLink released the July 2024 security report, stating that the cumulative losses from on-chain security incidents across the network amount to approximately $290 million. Losses due to private key leaks account for 88.31% of the total losses, phishing incidents account for 3.03%, REKT incidents account for 7.33%, and RugPull incidents account for 1.31%.On July 18, the private key of the WazirX exchange's multi-signature wallet was leaked, resulting in a loss of approximately $235 million, making it the largest security incident in July. On July 16, the LiFi Protocol cross-chain bridge aggregation protocol was attacked, leading to a loss of about $10 million. The attacker exploited a vulnerability that allowed arbitrary calls to steal assets authorized by users of this contract.In addition, there were a total of 14 incidents of scams and phishing on official social media, resulting in losses of approximately $3.89 million, a decrease of 81.34% compared to June. OKLink reminds users not to disclose your private keys or mnemonic phrases to anyone, not to click on unverified links, and to learn how to use Web3 on-chain tools to mitigate risks. This is an important line of defense in protecting yourself in the Web3 world.

ChainCatcher news, according to the official WeChat account of Ping An Xuhui, employees of Company A, Zhang, Dong, and Liu, decided in early March 2023 to add a backdoor program to a certain virtual currency wallet software to obtain user private keys. By the end of May 2023, after saving the stolen private keys and the corresponding digital wallet addresses, the three destroyed the servers and databases, agreeing that these private keys could only be used to illegally obtain users' virtual currency two years later. The three illegally obtained more than 27,000 mnemonic phrases and over 10,000 private keys, successfully converting more than 19,000 digital wallet addresses. In April 2024, the Xuhui District People's Court sentenced defendants Liu, Zhang A, and Dong to three years in prison for illegally obtaining data from computer information systems, and fined them 30,000 yuan.However, strangely, the reporter Ou was not stolen from by the aforementioned three (not yet at the agreed time). Upon investigation, it was found that in another virtual wallet software platform used by Ou, a backdoor program was also implanted by Zhang B, who had previously worked at Company A. In July 2021, he wrote a piece of code in the client code to collect user private keys and mnemonic phrases. When users traded virtual currency, the code would automatically obtain the mnemonic phrases or private keys used by the user for signing operations and send them to Zhang B's email.In April 2023, due to personal financial pressure, Zhang B learned Ou's virtual wallet address through the illegally obtained mnemonic phrases and private keys, transferring all the virtual currency to his own wallet address. Zhang B illegally obtained more than 6,400 user private keys and mnemonic phrases, and was sentenced to three years in prison for illegally obtaining data from computer information systems, and fined 50,000 yuan.It is worth noting that Company A is suspected to be the original Huobi company. In 2023, due to former employees setting up Trojans, some users' mnemonic phrases or private keys of iToken (original Huobi wallet) have been leaked. HTX responded that the Trojan was set up by former Huobi employees before the acquisition, stealing others' mnemonic phrases and private keys. HTX stated that it is cooperating with the Shanghai Public Security Bureau to conduct investigations and evidence collection.

ChainCatcher news, according to Beosin Alert monitoring, it was discovered that the Indian exchange WazirX was attacked. The attacker obtained the signature data of the multi-signature wallet administrator of the exchange, modified the logic contract of the wallet, and executed incorrect logic to steal assets.Attacker address: 0x6eedf92fb92dd68a270c3205e96dccc527728066Attacked address: 0x27fd43babfbe83a81d14665b1a6fb8030a60c9b4Based on the attacker's behavior, it is speculated that the reason is the leakage of the multi-signature wallet administrator's private key. Beosin summarizes the cause of the attack as follows:The attacker deployed the attack contract: 0x27fd43babfbe83a81d14665b1a6fb8030a60c9b4. The function of this contract is to extract the token assets specified by this contract.The attacker obtained the signature data of the WazirX multi-signature wallet administrator and modified the wallet's logic contract to the already deployed attack contract. The corresponding transaction is:https://etherscan.io/tx/0x48164d3adbab78c2cb9876f6e17f88e321097fcd14cadd57556866e4ef3e185dThe attacker submitted a token withdrawal transaction to the WazirX multi-signature wallet. Due to the proxy model mechanism, the wallet contract will use delegatecall to invoke the relevant functions of the attack contract, transferring the wallet's tokens.The flowchart of the stolen funds shows that, so far, the hacker has transferred part of the funds to Changenow and Binance exchanges.

ChainCatcher message, regarding the wallet attack incident on the Bittensor chain, on-chain detective ZachXBT monitored and discovered that an address starting with 5FbWTr had 32,000 TAO (worth 8 million USD) stolen.ZachXBT stated that the attack incident faced by Bittensor originated from a stolen private key.

ChainCatcher news, MetaBit Capital released a statement on social media that the wallet private keys used by IFCT users for withdrawals have been leaked, and the specific cause of the leak is under ongoing investigation.It is reported that this incident led to the sale of approximately 750,000 MBT, resulting in a significant drop in the coin price. MetaBit has sought assistance from the judicial authorities and will soon release relevant recovery measures.

ChainCatcher message, Slow Mist founder Yu Xian posted on social media regarding the attack on CoinStats, stating: "I used this app quite a while ago; it's convenient for checking the asset status of target wallets. There are quite a few applications like this, so I won't name them. Some have their own wallet functions (which is a risky area), allowing users to create wallets and use them subsequently. I'm quite curious about how CoinStats Wallet, which is supposed to be user self-custodied, had its private keys leaked on such a large scale; the official statement is that it's 1.3%.This kind of large-scale leak, with a limited proportion, can be speculated upon, but I won't discuss it here. Let's wait for the official disclosure of details."

ChainCatcher message, Consensys has released an update to the MetaMask privacy statement, which mainly includes:A clearer explanation of which specific elements in the privacy statement are related to MetaMask and what each element means for MetaMask users. This includes increasing transparency on how IP addresses are handled when using MetaMask;Additional background information related to Consensys's overall personal information processing activities;A clear definition of the products and services covered by the privacy statement, removing Codefi and Quorum, and adding MetaMask Institutional, MetaMask Developer, Linea, Teku, Besu, and Phosphor.For MetaMask users, Consensys will:Not collect private keys;Not sell personal information;Not collect or retain personal information unless necessary to provide services and a good user experience;Not collect financial payment or banking information; however, when users utilize deposit and withdrawal functions, these services may require submitting this information to third-party providers.

ChainCatcher news, according to DLNews, the UK cryptocurrency exchange Lykke has shut down trading due to "unauthorized access" to its platform, marking the latest sign of cryptocurrency hackers exploiting private keys.Cyber researcher SomaXBT was the first to report the incident, stating that the exchange closed two days after being hacked. MetaMask developer and cryptocurrency defense expert Taylor Monahan noted that the exchange has suffered a suspicious outflow of $22 million.

ChainCatcher news, Brian Guan, co-founder of the Web3 streaming application Unlonely, stated that he mistakenly published a repository on GitHub containing his wallet's private key, resulting in the wallet being emptied within 2 minutes, with a loss of $40,000.