ChainCatcher message, in response to the community's concerns about the security of EIP-7702, Ethereum co-founder Vitalik Buterin stated on Warpcast that the correct usage should be "to delegate permissions to a contract that has been thoroughly reviewed by a wallet team and the Ethereum community," and that contract should implement its logic in a secure manner.

ChainCatcher news, Fuzzland co-founder Chaofan Shou tweeted that the vulnerability in the lending protocol Morpho's frontend (Bundler3) has been fixed.

ChainCatcher message, Fuzzland co-founder Chaofan Shou posted on the X platform that the front-end component Bundler3 of the lending protocol Morpho has a security vulnerability, advising users to avoid interacting through the front end.Shou emphasized that only the "Multicall" function is affected, and the other functions are safe. If users need to withdraw funds, it is recommended to execute the Withdraw function directly through the contract. Currently, user funds themselves are not affected.

ChainCatcher news, according to Forbes, AI cybersecurity startup Octane has announced the completion of a $6.75 million seed funding round, led jointly by Archetype and Winklevoss Capital (the family office of Gemini founders Tyler and Cameron Winklevoss). Other supporters include the cryptocurrency exchange Gemini Frontier Fund, Circle, Duke Capital Partners, and a group of strategic angel investors, including former Coinbase CTO Balaji Srinivasan. The funds will be used for product development, expanding the engineering team, and increasing Octane's influence.According to reports, Octane's core proposition is to supplement passive audit models with always-on AI defenses. Octane is currently focused on smart contract vulnerabilities, but the company's future goal is to detect and prevent more complex attacks.

ChainCatcher news, according to Cointelegraph, cryptocurrency lawyer James Murphy has invoked the Freedom of Information Act to sue the Department of Homeland Security (DHS) for disclosing whether the agency has ever met with "Bitcoin creator Satoshi Nakamoto" and to make related notes and emails public.The lawsuit is based on comments made by DHS agent Rana Saoud during a meeting in 2019, where she stated that several DHS colleagues had met with four individuals involved in the creation of Bitcoin in California to inquire about their motivations and the ultimate goal of Bitcoin.Murphy stated that if the meeting did indeed take place, there should be records available, and he promised to "pursue the case to the end." The case is being assisted by former U.S. Assistant Attorney Brian Field, with the aim of promoting government transparency. Currently, the true identity of Satoshi Nakamoto remains undisclosed, and there is still controversy within the community about whether his identity should be made public.

ChainCatcher message, Hyperliquid co-founder @chameleon_jeff responded on X to concerns that "the Hyperliquid protocol may suffer significant losses due to market manipulation":Hyperliquid's margin design strictly ensures the platform's solvency through mathematical mechanisms, with HLP's losses always limited to its own treasury, and the protocol's operation never relying on HLP------this feature existed prior to the JELLYJELLY incident. The newly added protective mechanisms after the incident only optimize HLP's loss resistance in backup liquidation, and the underlying architecture of the protocol has not changed. In the recent JELLYJELLY incident, an attacker attempted to manipulate HLP (liquidity provider pool) by establishing a massive long and short position on themselves. Although the unliquidated contract limit at that time allowed for the establishment of a position worth 4 million USDC, the logical flaw was that HLP used its entire fund balance as collateral for this liquidation. It should be clarified that the platform itself does not face solvency risks, but HLP did face excessive risk exposure due to market manipulation.Currently, HLP's liquidation component treasury has set a collateral limit, restricting potential losses through the backup liquidation mechanism. Hyperliquid still maintains its original operating mechanism, processing under-collateralized positions in the following order: 1) market liquidation 2) backup liquidation 3) automatic deleveraging (ADL). The current backup liquidation of HLP has added protective mechanisms by setting loss limits, making the cost of manipulating the mark price far exceed the limited gains that can be obtained from HLP.

ChainCatcher news, the decentralized data infrastructure CESS Network has once again been invited to Capitol Hill in Washington, D.C., to participate in the Capitol Hill Education Day event hosted by the U.S. Blockchain Association. As a representative project in the DePIN and Layer1 tracks, the CESS team will meet with U.S. lawmakers again to provide full-stack solutions for real-world use cases of blockchain technology.It is reported that CESS has previously been adopted by Middle Eastern governments as a decentralized data solution provider. During this Capitol Hill event, CESS will continue to demonstrate the critical role of decentralized data value infrastructure in maintaining national data security, providing the next-generation data infrastructure paradigm for governments, enterprises, and the Web3 ecosystem.

ChainCatcher news, according to official information, the RWA lending protocol Zoth has released the latest progress on the security incident investigation.Zoth stated that there have been no significant changes to the involved funds, and the team is closely collaborating with intelligence agencies and ecosystem partners to continuously track and investigate the attackers' related activities.The official said that their current key tasks include:Real-time monitoring of the fund flows of relevant wallets;Collaborating with on-chain analysis teams to trace the attackers' digital footprints;Coordinating with law enforcement agencies and legal teams to formulate the next steps.

ChainCatcher news, according to on-chain analyst @ai_9684xtpa's monitoring, two Maker whales with a net position of up to 84.4 million USD are facing liquidation risks, but as ETH drops to 1786 USD, the Maker whale positions have not been liquidated because MakerDAO uses an oracle security module (OSM). Even if the market price falls below these liquidation points, the actual system price is still updated with a delay.The system collects data from multiple authorized price oracles, calculates the median as a reference price through the Medianizer contract, and applies it with a delay of about 1 hour to prevent short-term fluctuations from being exploited. Currently, MakerDAO's system price is 1831.25 USD, which is still a certain distance from the liquidation prices of the two addresses.ChainCatcher previously reported, according to on-chain analyst @ai_9684xtpa's monitoring, significant fluctuations in ETH have led to two whales with a net position of up to 84.4 million USD facing liquidation:Address 0xab7...e2313 collateralized 64,792 WETH to borrow 68.09 million DAI, health factor 1.02, liquidation price 1,786.65 USD;Address 0x6bb...830b3 collateralized 608,104,792 WETH to borrow 74.73 million DAI, health factor 1.03, liquidation price 1,781.99 USD.

ChainCatcher news, according to Tobacco Online, the Tobacco Monopoly Bureau of Liuzhou City, Guangxi, successfully dismantled a criminal gang involved in illegal tobacco transactions using the virtual currency Tether (USDT) in cooperation with the public security department.It is reported that the "Virtual Currency Cigarette Transaction Situation Awareness System" of the Liuzhou Tobacco Joint Command Data Center obtains virtual currency transaction data by building blockchain nodes to synchronize the entire chain ledger, and cooperates with the public security department to accurately capture 12 local suspects involved in the case, seizing 84,400 illegal cigarettes and involving a virtual currency transaction volume of 28,625 Tether coins.

ChainCatcher news, Ethereum founder Vitalik Buterin published a long article titled "A simple L2 security and finalization roadmap," which outlines three core directions for optimizing Ethereum L2 security and finality:Expand data capacity: Increase the Blob space to 6 through the Pectra upgrade, and expand it to 72 (or gradually increase to 12-24) in the upcoming Fusaka upgrade at the end of the year, to meet the L2 transaction throughput demands;Implement a hybrid proof system for rapid finality: Use a 2/3 multi-signature mechanism (optimistic proof + ZK proof + TEE trusted hardware proof). If ZK and TEE verify simultaneously, finality is immediate; if only one is verified, it requires a 7-day optimistic challenge period. The security committee can urgently upgrade the proof logic but is subject to a 30-day delay, balancing immediate finality with attack resistance;Build a unified ZK proof aggregation layer: Standardize the proof aggregation protocol across the ecosystem, allowing multiple applications to share the cost of a single proof (e.g., 500,000 Gas), significantly reducing ZK verification overhead and promoting the adoption of L2, privacy protocols, and other scenarios. The goal of this roadmap is to achieve L2 cross-chain bridging finality within 1 hour and reduce costs through short-term hybrid verification mechanisms, while gradually eliminating TEE reliance with a long-term goal of full ZK implementation, ultimately establishing an efficient, secure, and trustless L2 ecosystem.

ChainCatcher message, according to the official announcement from SlowMist, the team has detected potential suspicious activities related to the $MIN token (BSC chain) and reminds users to stay vigilant and pay attention to the safety of their funds.

ChainCatcher news, Coinbase's cryptography lead Yehuda Lindell tweeted that Coinbase has released an open-source cryptographic library for the MPC engine, supporting ECDSA and Schnorr/EdDSA protocols for both two-party and multi-party signatures, and providing tools such as DKG and backups. The code includes foundational primitives like commitments, random oracles, and secret sharing, as well as oblivious transfer and a series of ZK proofs, suitable for threshold signature tasks.

ChainCatcher message, Slow Mist posted on social media stating that a serious vulnerability in ReachMe was discovered and promptly notified the team, working together with them to fix the issue.

ChainCatcher news, blockchain security company PeckShield has released the latest data showing that the loss amount from the GMX and MIM Spell security vulnerability incidents has increased to approximately 6260 ETH, equivalent to about 13 million USD at current market prices.

ChainCatcher news, security issues remain the biggest barrier to mainstream adoption of cryptocurrency payments. According to a survey conducted by Bitget Wallet of 4,599 users, over 37% of investors believe that security risks are the main obstacle to using cryptocurrency for payments. Nevertheless, 46% of users stated that they prefer crypto payments over fiat payments because crypto payments are faster and more efficient.

ChainCatcher message, the RWA lending protocol Zoth has issued a security announcement on social media, confirming that its system has encountered a security vulnerability attack. The announcement states: "Our system has encountered a security vulnerability. We are actively investigating this incident and taking all necessary measures to resolve the issue as quickly as possible."Zoth stated that it is working closely with partners to mitigate the impact and fully resolve the issue. Once the investigation is complete, the team will share a detailed report and clarify the situation.

ChainCatcher News, American cryptocurrency and artificial intelligence czar David Sacks met with UAE National Security Advisor Tahnoun bin Zayed Al Nahyan to discuss the transformative impact of artificial intelligence across various fields, the expanding role of digital currencies in reshaping the financial system, and the investment opportunities that arise when they converge.

ChainCatcher message, according to a warning issued by the SlowMist security team, the EOS blockchain is currently experiencing an address poisoning attack. Malicious accounts are sending users 0.001 EOS tokens to implement address poisoning, and multiple counterfeit trading platform accounts have been discovered.These attackers create fake accounts that are very similar to those of well-known trading platforms, such as the impersonation of OKX's "oktothemoon," with the real account being "okbtothemoon"; the impersonation of Binance's "binanecleos," with the real account being "binancecleos."