BTC $64,145.67 -0.15%
ETH $1,798.29 +0.24%
BNB $579.02 +0.97%
XRP $1.11 +0.13%
SOL $78.00 -1.12%
TRX $0.3310 +0.32%
DOGE $0.0745 +0.78%
ADA $0.1675 +0.05%
BCH $247.80 -0.45%
LINK $8.01 +0.82%
HYPE $66.78 -2.34%
AAVE $97.87 +2.19%
SUI $0.7405 +0.39%
XLM $0.1902 -0.16%
ZEC $503.73 +0.46%
BTC $64,145.67 -0.15%
ETH $1,798.29 +0.24%
BNB $579.02 +0.97%
XRP $1.11 +0.13%
SOL $78.00 -1.12%
TRX $0.3310 +0.32%
DOGE $0.0745 +0.78%
ADA $0.1675 +0.05%
BCH $247.80 -0.45%
LINK $8.01 +0.82%
HYPE $66.78 -2.34%
AAVE $97.87 +2.19%
SUI $0.7405 +0.39%
XLM $0.1902 -0.16%
ZEC $503.73 +0.46%

security

All
Article
Flash

Detailed explanation of the security item change event released by Gate: Confirm that the applicant has a good grasp of highly matching external information and is advancing on-chain analysis and asset tracking procedures

Gate recently released a detailed verification statement regarding the security item changes and fund loss incident reported by customer 9****6. After an internal review, the platform confirmed that the applicant submitted materials highly matching the customer's account, including Email, phone number, real-name information, transaction records, and Alipay screen recordings. The platform pointed out that the Alipay screen recording required access to the customer's Alipay account and successfully passed multiple identity verifications, indicating that the applicant not only possessed account information but also obtained the customer's external real-name information, Alipay account, and device permissions in advance.The platform emphasized that its security unbinding review implements a four-fold verification process of "multi-channel advance notification + system risk control preliminary screening + manual multi-layer review + time protection." After notifying the customer through dual channels, the application was processed only after waiting two days without objections, and a 24-hour withdrawal prohibition protection was imposed after modification. Upon investigation, there were no information leakage logs within the platform, and some sensitive identity information provided by the applicant was external information previously unknown to the platform.Regarding fund recovery, the platform has sorted out the flow of funds and collaborated with multiple departments to conduct on-chain analysis and asset tracking, currently coordinating with third parties like Tether to advance the freezing process, and will cooperate with judicial investigations in the future. The platform advises customers to conduct comprehensive security reinforcement on their devices and expresses regret that the customer did not contact the platform within the three-day notification period.

Security Alert: 30 malicious npm packages disguised as trading bot repositories, targeting the theft of developer keys and mnemonic phrases

SlowMist issued a security alert, detecting a coordinated malicious npm supply chain attack. The attackers utilized fake trading bot repositories and DeFi-themed npm packages to deploy JavaScript information stealers, targeting npm users, DeFi developers, and trading bot users.This attack involved 30 malicious npm packages, among which stake-math@3.5.4 appeared as a locked dependency in the donoaccestag/forex-mt5-trading-bot repository. This repository presented approximately 2300 highly homogeneous bulk-generated forks, mostly concentrated under the poly-stocks account, with signals being exceptionally clear. The sensitive data that attackers could steal is extensive, including cryptocurrency wallet libraries, browser cookies and saved passwords, browsing history, developer credentials, shell history, password manager libraries, private keys, mnemonic phrases, and API tokens exposed in source code.SlowMist recommends that developers immediately remove the affected npm packages, audit package.json and package-lock.json, and check CI logs for any of the 30 malicious packages; consider any system that has executed npm install as potentially compromised, rotate all exposed wallets, private keys, npm tokens, cloud credentials, SSH keys, and API tokens, and rebuild the affected environment from a clean image.

Fidelity refutes the argument that halving weakens Bitcoin's security: miners' average daily income has increased from $26,300 to $40,200,000

Fidelity Digital Assets recently released a research report that positively addresses concerns about the long-term impact of Bitcoin halving on network security. The report's author, Fidelity research analyst Daniel Gray, pointed out that Bitcoin network security relies not only on block rewards but also on transaction fees, market incentives, and other economic forces that continuously motivate miners to maintain network security, making the cost of sustained attacks prohibitively high.On the data front, Gray noted that despite the ongoing reduction in block subsidies, the rise in Bitcoin prices has significantly offset this impact. The average daily income of miners has increased from about $26,300 during the first halving cycle to over $40,200 today. He wrote, "Despite the decrease in issuance, miner incentives and the resulting network security have historically strengthened alongside the rise in Bitcoin prices."Since the fourth halving in April 2024, the block subsidy for miners has decreased from 6.25 to 3.125 Bitcoins per block. However, the optimistic conclusions of the report starkly contrast with the current realities faced by publicly traded mining companies. Several industry analysts describe the current environment as one of the most challenging for mining on record, due to the simultaneous decline in block rewards, rising operational costs, and increased competition.In response, several mining companies have begun to transition to the AI and high-performance computing sectors, leveraging existing power infrastructure to meet AI computing demands. VanEck estimates that publicly listed mining companies may need to raise up to $50 billion in additional funds to fully transition to AI infrastructure, but the requirements for AI data centers regarding facility standards, cooling, power redundancy, and networking are far higher than those of traditional Bitcoin mining operations, making the transition challenges significant.
app_icon
ChainCatcher Building the Web3 world with innovations.