security

According to CNBC, dozens of Democratic members of the U.S. House of Representatives sent a letter to Treasury Secretary Yellen on Thursday, requesting an investigation into potential conflicts of interest and national security issues related to the Trump family's cryptocurrency project, World Liberty Financial. The letter was led by New York Democratic Congressman Gregory Meeks and was co-signed by 40 other lawmakers.Meeks referred to Yellen as Trump's "follower" during a hearing and questioned the $500 million investment by members of the UAE royal family in World Liberty Financial last year. In a statement released with the letter, Meeks said, "The $500 million transaction involving the Trump family and the UAE royal family not only concerns national financial stability but also involves serious national security implications." At the time of the request for an investigation, World Liberty Financial was applying for a national bank charter. This charter is reviewed and issued by the Office of the Comptroller of the Currency, an independent agency under the U.S. Treasury responsible for regulating the banking industry.

Balancer announced on platform X that it has received a security report regarding Balancer's reCLAMM (rebalanced concentrated liquidity AMM) submitted by the bug bounty platform Immunefi.As a precautionary measure, Balancer has suspended the operation of the relevant liquidity pools during the investigation. User funds are currently safe and fully accessible, and further updates will be continuously announced.

According to The Block, OpenAI has announced a partnership with the crypto investment firm Paradigm to launch EVMbench, aimed at assessing the capabilities of AI Agents in the field of smart contract security, including the identification, patching, and exploitation of high-risk vulnerabilities.Both parties stated that as AI improves its capabilities in code writing and execution, it can be exploited by attackers but can also serve as a defensive tool. Therefore, it is necessary to test the security capabilities of AI systems in environments with real economic significance. EVMbench will provide various testing modes, including vulnerability detection, contract modification, elimination of exploitability, and simulating complete attack processes in a sandbox chain environment.At the launch of this tool, the DeFi protocol Moonwell and the cross-chain liquidity protocol CrossCurve have recently encountered smart contract vulnerability attacks, raising concerns about AI-assisted code security. EVMbench is reportedly built on 120 selected vulnerability samples, covering multiple public audits and competition cases.Industry analysts believe that as AI technology advances, the threshold for identifying smart contract vulnerabilities may further decrease, and the game between security defense and attack capabilities is accelerating.

According to FinanceFeeds, two Democratic senators have written to Treasury Secretary Scott Bancenet, requesting an assessment of whether the UAE government's affiliated entity's $500 million investment in the cryptocurrency company World Liberty Financial should undergo a national security review by the Committee on Foreign Investment in the United States (CFIUS).The committee, led by the Treasury Department, is responsible for reviewing foreign investment transactions that may involve sensitive technologies or data. According to a previous report by The Wall Street Journal, G42, supported by Abu Dhabi royal family member Sheikh Tahnoon bin Zayed, acquired a 49% stake in World Liberty Financial through an entity named Aryam Investment 1. The report indicated that some of the funds flowed to the Trump family and its affiliates. The Trump camp denied any knowledge of this. Senators Elizabeth Warren and Angus King questioned in their letter whether the deal could allow a foreign government access to user data and mentioned G42's past collaborations with Chinese companies. They requested the Treasury Department to clarify by March 5 whether a review process has been initiated or if a recommendation has been made to the president.World Liberty Financial is the issuer of the stablecoin USD1, which has circulated over $5 billion since its launch in March 2025. The company lists Trump and his Middle East envoy Steve Witkoff as honorary co-founders. A company spokesperson previously stated that the two were not involved in the UAE-related transactions.

CoinW recently issued an official announcement reminding that a scam activity involving fake websites and mobile applications (Apps) has been detected. The scammers maliciously impersonated CoinW's name, graphics, logo, and brand image.The scammers targeted potential victims through publicly available information on the internet and social media platforms like LinkedIn. They used the victims' social profiles to verify their locations and establish initial contact, subsequently luring users to move the communication to Telegram. Scammers commonly employ manipulative tactics (including fabricating "luxurious lifestyle" stories) to deceive victims into transferring cryptocurrency to wallet addresses under their control. CoinW solemnly reminds: please be sure to access the official website or download the app through official channels. If you have doubts about the source of information, please contact the CoinW legal team for verification immediately. If you discover suspicious websites or counterfeit applications, please stop all operations and report them to the official channels. CoinW stated that it will continue to strengthen the construction of its security and risk control system, maintain a safe, fair, and transparent trading environment, and firmly support global anti-fraud, anti-money laundering, and sanctions compliance efforts.

According to Cointelegraph, Mandiant, a U.S. cybersecurity company affiliated with Google Cloud, has discovered that a North Korea-linked threat organization is intensifying social engineering attacks against cryptocurrency and fintech companies.The threat group, codenamed UNC1069, has deployed seven malware families, including the newly discovered SILENCELIFT, DEEPBREATH, and CHROMEPUSH, aimed at obtaining sensitive data and stealing digital assets. The attackers exploit compromised Telegram accounts and use AI-generated deepfake videos to lure victims into fake Zoom meetings.Mandiant has been tracking this organization since 2018, but advancements in artificial intelligence have helped the group expand its malicious activities since November 2025. In one intrusion incident, the attackers used a stolen Telegram account of a cryptocurrency founder to initiate contact, inducing victims to execute "troubleshooting" commands containing hidden instructions through a so-called ClickFix attack.

According to Cointelegraph, Mandiant, a U.S. cybersecurity company affiliated with Google Cloud, has discovered that a North Korea-linked threat organization is intensifying social engineering attacks against cryptocurrency and fintech companies.The threat group, codenamed UNC1069, has deployed seven malware families, including the newly discovered SILENCELIFT, DEEPBREATH, and CHROMEPUSH, aimed at obtaining sensitive data and stealing digital assets. The attackers exploit compromised Telegram accounts and use AI-generated deepfake videos to lure victims into fake Zoom meetings.Mandiant has been tracking this organization since 2018, but advancements in artificial intelligence have helped the group scale up its malicious activities since November 2025. In one intrusion incident, the attackers used a stolen Telegram account of a cryptocurrency founder to initiate contact, inducing victims to execute "troubleshooting" commands containing hidden instructions through a so-called ClickFix attack.

According to Coinpost, the Financial Services Agency of Japan has released the "Cybersecurity Enhancement Guidelines (Draft) for Cryptocurrency Exchanges" and has begun a public consultation, with a deadline of March 11. The draft indicates that the methods of cyber attacks targeting cryptocurrency exchanges are becoming increasingly complex, with a rise in indirect attack methods such as social engineering and breaches through outsourced service providers. Relying solely on cold wallets is no longer sufficient to ensure security, and there is a need to strengthen overall supply chain security management.The draft also mentions suspected state-sponsored attacks and emphasizes the importance of asset protection from the perspective of national wealth preservation. The plan is based on three pillars: self-help, mutual assistance, and public assistance. In terms of self-help, it proposes to impose cybersecurity self-assessments on the cryptocurrency exchange industry starting from the fiscal year 2026 and to enhance security standards; for mutual assistance, it will strengthen the functions of industry self-regulatory associations and promote corporate participation in information-sharing organizations; for public assistance, it will continue to conduct international joint research, aiming for full industry participation in cybersecurity exercises within three years and conducting real environment penetration tests on some operators in 2026.

According to the "2026 Skynet Prediction Market Report" released by CertiK, the trading volume of prediction markets is expected to grow to $63.5 billion in 2025, achieving a fourfold increase, with Kalshi, Polymarket, and Opinion becoming the dominant platforms. However, this growth in scale also brings new risks, including oracle vulnerabilities, administrator key abuse, and Web2.5 architecture issues.The report notes that prediction markets have been deemed legal financial products in the U.S. through CFTC rulings, but are banned in several EU countries as unauthorized gambling. Additionally, regulatory differences among U.S. states may further complicate compliance. In December 2025, a security incident involving Polymarket's third-party certification provider exposed centralized failure points in the hybrid Web2/Web3 architecture.The research also estimates that during the peak of airdrops, manual trading volume on some platforms reached 60%, severely distorting liquidity metrics. CertiK predicts that in 2026, prediction markets will see enhanced technical privacy and accelerated institutional adoption, but platforms must simultaneously address issues such as liquidity maintenance, security infrastructure development, and the sustainability of revenue models to achieve long-term growth.

Global leading full-stack Web3 security company ExVul has established a long-term strategic partnership with high-performance financial public chain Pharos, jointly setting up a $1.25 million security audit Grants to support the development of early startup teams within the Pharos ecosystem.The Grants are aimed at early projects in the Pharos incubator, providing complete security audit services for core smart contracts and key system modules, along with funding and ongoing security advisory support. The collaboration between Pharos and ExVul fully reflects a high level of trust in their professional capabilities and highlights the close binding of both parties in the long-term construction of the ecosystem. Through this cooperation, ExVul will build a sustainable, secure, and compliant infrastructure for Pharos's early projects, solidifying the foundation for the ecosystem's long-term development.

Elon Musk announced on social media early this morning that strict security testing will be conducted on the X Chat feature in the coming months, and he plans to open source all the code.

Maple Finance announced that there is a security vulnerability in its web application. The issue has been fixed, but out of caution, we will temporarily shut down the web application to ensure the fix is thoroughly completed.The team stated that the smart contracts were not affected and user deposits are safe. The team will notify users once the web application is back online.

According to the latest report from GoPlus, in January 2026, the economic losses caused by major security incidents in Web3 reached $414 million. The types of security events include smart contract vulnerabilities, social engineering attacks, phishing attacks, honeypots, rug pulls, and more.Among these, exploits (including contract attacks, social engineering fraud, private key leaks, etc.) caused losses of $375 million due to 20 major incidents. The total losses from phishing attacks amounted to approximately $20 million, with around 5,000 victims. In the same month, 390 new honeypot tokens were detected on ETH, Base, and BSC, a decrease compared to December.

According to market news, Strategy's Executive Chairman Michael Saylor announced during the earnings call that a Bitcoin security initiative is planned to address quantum computing and other future security threats. This initiative will collaborate with global cybersecurity, cryptographic security, and Bitcoin security councils to coordinate relevant research and risk responses.Saylor stated that the current consensus is that quantum threats are not expected to materialize for at least another 10 years or longer, and many global teams are already developing quantum-resistant protocols. He emphasized that Bitcoin is scalable, and if a quantum upgrade is needed in the future, its network will become more resilient as a result. He also reminded that it is crucial to seize the opportunity to address such risks; acting too early may lead to immature technology, while acting too late could result in unnecessary risks.

The Ethereum Foundation announced the launch of the "Trillion Dollar Security Dashboard," which showcases the overall security posture, risks, mitigation measures, and progress of the Ethereum ecosystem, covering 6 dimensions: User Experience (UX), Smart Contract Security, Infrastructure and Cloud Security, Consensus Protocol, Monitoring and Incident Response, and Social Layer and Governance.

Web3 security company Certora announced that it has received funding from the Ethereum Foundation, with the specific amount not disclosed. The funding will be used to support the verification of the correctness of its automatic precompilation, which is a key optimization technique in zero-knowledge computation developed by Powdr Labs for the Ethereum Foundation's zkEVM project. It is reported that Certora plans to open source its developed specifications, proofs, and verification framework.

According to official news, Binance Wallet has announced the launch of the Security Scan feature, which aims to provide users with more comprehensive security protection and help users identify and mitigate potential risks during Web3 interactions.

Web3 security company ExVul uses the RootData API to regularly obtain new project data, combining it with ExVul's security algorithms for automated risk assessment and prioritization, identifying potential security risks in projects ahead of time, and helping project teams complete security enhancements before launch.Currently, the RootData API has over 200 cumulative partners, including well-known partners covering numerous scenarios such as the Ethereum Foundation, OKX Wallet, Blockworks, CMT Digital, Amber Group, TechFlow, BlockBeats, Mask Network, Token Pocket, and more.