ChainCatcher news, Slow Mist founder Yu Xian released a response guide regarding computer infection issues and made additions to the Chinese version of the Black Book.He pointed out that hacker organizations often use social engineering to induce users to install malware or run malicious code, such as pretending to be investors, journalists, or HR to lure users into meeting software, or disguising as Telegram and Cloudflare verification requests to get users to run malicious code.Yu Xian suggested that infected users take the following measures promptly: transfer wallet funds, change important account passwords and check for unknown device logins, use reputable antivirus software to scan for viruses, and if necessary, reset the computer and scan backup files for viruses.He emphasized that these attacks target not only Windows but also Mac and some Linux systems.

ChainCatcher news, Slow Mist Technology's Chief Information Security Officer 23pds posted on X platform, warning cryptocurrency users to be cautious of trojans disguised as TradingView cracked versions. Recently, AMOS and Lumma information stealers are spreading through Reddit posts, specifically targeting cryptocurrency users to steal wallets and personal data, with victims including Mac and Windows users.

ChainCatcher message, Slow Mist stated that crypto users should be wary of browser extensions that may be sold to malicious actors without their knowledge. Malicious actors can easily purchase a Chrome extension and hijack the browsing traffic of existing users, redirecting it to wherever they want. No alerts, no prompts. No anomalies will be noticed unless new permissions are required. In @tuckner's investigation, it was found that an extension with 400,000 users has changed ownership, so stay vigilant.

ChainCatcher message, forwarded by SlowMist Technology's Chief Information Security Officer 23pds: "Four.Meme was hacked, resulting in a loss of approximately $120,000. There were no vulnerabilities in any contracts. The root cause was the leakage of the transaction where Four.Meme added liquidity to PancakeSwap. The hacker somehow obtained these private transactions (possibly due to BSC Builder being compromised) and executed a sandwich attack by bundling with them."

ChainCatcher message, Slow Mist's Yu Xian disclosed that the phishing technique of poisoning addresses with similar starting and ending numbers is still widespread, severely impacting the security infrastructure of the blockchain industry.Yu Xian pointed out that this type of poisoning targeting wallet transaction history mainly involves various techniques, including fake token contract codes emitting false event logs to deceive block explorers and wallets, as well as using zero-amount transfer event logs to arbitrarily fill in addresses in the from/to fields. These techniques can mislead users into believing that the transactions are from their own actions. Other common techniques include sending small amounts of funds from source addresses with the same starting and ending characters, combining clipboard hijacking technology, and impersonating well-known decentralized exchanges to output false event logs.Yu Xian recommends that users make good use of wallet whitelisting mechanisms, carefully verify complete addresses, and combine well-known hardware wallets for dual verification as defensive measures.Previously reported, two addresses suffered "transaction history pollution attacks" in the past 14 hours, resulting in a total loss of over $140,000.

According to ChainCatcher news, SlowMist monitored that the Four.meme token was exploited by attackers who took advantage of a vulnerability before the token's release to steal liquidity.The attackers purchased a small amount of tokens before the release using the 0x7f79f6df function of Four.meme and utilized this feature to send the tokens to a PancakeSwap trading pair address that had not yet been created.This allowed the attackers to create a trading pair and add liquidity without needing to transfer the unreleased tokens, bypassing the transfer restrictions (MODE_TRANSFER_RESTRICTED) that were in place before the Four.meme token's release.Ultimately, the attackers added liquidity at an unexpected price, successfully stealing the liquidity from the pool.

ChainCatcher news, according to a post by Slow Mist's Yuxian, multiple users mistakenly transferred funds to the contract address of the Magma project on the Monad testnet due to not switching to the correct network environment.Yuxian confirmed through analyzing transaction data and smart contract code that these fund transfers occurred because users did not correctly switch to the Monad testnet while executing functions such as depositMon() and withdrawMon() for the Magma project on multiple blockchains including Ethereum and Binance Smart Chain. This issue may stem from an inadequate network switching mechanism in the wallet application or the project's frontend.Yuxian stated that the project team could implement a fund return mechanism by creating corresponding contracts on the relevant blockchains, and affected users should directly contact the Magma project team for assistance.

ChainCatcher message, the SlowMist security team released an article warning that phishing attacks targeting blockchain engineers have appeared on the LinkedIn platform. Blockchain developer Bruno Skvorc encountered a phishing attack disguised as a recruitment effort aimed at blockchain engineers. The attacker impersonated a project party and provided a link to a Bitbucket repository containing malicious code.The SlowMist team's technical analysis shows that the malicious code hides a crypto payload, activated through the server.js file. Once executed, the program connects to a command control server, downloads the test.js and .npl trojan programs, and subsequently steals sensitive information such as system information, browser extension wallet data, and passwords, with the ultimate goal of stealing users' crypto assets.

ChainCatcher message, Slow Mist Yuxian posted on platform X stating: "An extension can be malicious, such as stealing cookies from the target page, privacy in localStorage (like account permission information, private key information), DOM tampering, request hijacking, clipboard content retrieval, etc. Relevant permission configurations can be made in manifest.json. If users are not careful about the permissions requested by the extension, it can be troublesome.However, for an extension to be malicious and directly target other extensions, such as well-known wallet extensions, it is still not easy... because of sandbox isolation... For example, it is unlikely to directly steal private key/mnemonic-related information stored in the wallet extension. If you are concerned about the permission risks of a certain extension, it is actually easy to assess this risk. After installing the extension, you can choose not to use it first, check the extension ID, search for the local path on your computer, and find the manifest.json file in the root directory of the extension. You can then directly throw the file content to AI for permission risk interpretation. If you have an isolation mindset, you might consider enabling a separate Chrome Profile for unfamiliar extensions, at least making malicious actions controllable; most extensions do not need to be enabled all the time."

ChainCatcher message, Slow Mist Security Team has issued a warning that social engineering attacks using malware are on the rise again. Hackers are tricking victims into downloading malicious scripts by sending fake video call links. In a recent case, the attacker compromised the victim's friend's Telegram account and used that account to initiate a call invitation.The Slow Mist team reminds users that if they suspect they have been attacked, they should immediately take the following measures:Protect asset security------If wallet private keys or mnemonic phrase backups are stored on the computer, transfer funds immediately;Change passwords and two-factor authentication------Update passwords for Telegram, X, email, and exchange accounts, and check for any unknown logins;Run a complete antivirus scan------Use well-known security software such as AVG, Bitdefender, Kaspersky, etc.;If there are still concerns, back up important files, reset the system, and scan everything before recovery.

ChainCatcher news, Slow Mist founder Yu Xian posted on social media, "There has been a recent surge in social engineering poisoning targeting computers in the past few days. Yesterday, I followed up on 3 cases. Once again, a reminder to those who think using a Mac computer is inherently safe: the reality is actually quite bad. Be sure not to install unofficial applications randomly, as even official sources can have issues."

ChainCatcher news, the 1inch team has discovered a vulnerability in its old Fusion v1 parser smart contract. According to the analysis by the SlowMist security team, this incident resulted in a loss of approximately 2.4 million USDC and 1276 WETH, totaling over 5 million dollars.The official confirmation states that this vulnerability does not affect end-user funds, and the impacted parties are only the parser contracts using Fusion v1. 1inch has taken measures and is continuously monitoring the security situation.

ChainCatcher news, Slow Mist issued a security alert stating that it detected suspicious transactions related to 1inch on March 5, resulting in a loss of approximately $1 million.Previous news, 1inch disclosed that its team discovered a vulnerability in the parser smart contract implemented with the outdated Fusion v1 on March 5.

ChainCatcher message, the Slow Mist security team published a disclosure revealing a critical vulnerability (GHSA-vjh7-7g9h-fjfh) found in the widely used elliptic cryptography library.Attackers can extract private keys with just one signature by constructing specific inputs, which may lead to the theft of digital assets or identity credentials. This vulnerability could affect blockchain applications and digital identity systems that rely on this cryptography library.

ChainCatcher message, Slow Mist Yu Xian stated, "Bybit was hacked for nearly $1.5 billion in ETH assets, apart from some being recovered, the rest has left Ethereum, with the vast majority entering the Bitcoin network, where complex coin laundering operations are taking place, and THORChain node operators have profited significantly."

ChainCatcher news, according to Slow Mist monitoring, the losses from Web3 security incidents in February 2025 are estimated to total $1.681 billion. The Slow Mist blockchain hacker archive has recorded a total of 15 hacking incidents, resulting in approximately $1.676 billion in losses, of which $52.45 million has been frozen or recovered.In addition, according to data from the Web3 anti-fraud platform Scam Sniffer, there were a total of 7,442 victims of phishing attacks this month, with total losses reaching $5.32 million. The majority of incidents were caused by smart contract vulnerabilities, social engineering, account intrusions, and private key leaks.

ChainCatcher message, Slow Mist founder Yu Xian tweeted, "If antivirus software falsely reports your browser extension, such as a wallet extension's js file being falsely flagged, the antivirus software usually isolates it, which means the wallet extension will be damaged and unable to open. At this point, you can recover the file from isolation, do not delete it. If you delete it, do not uninstall the wallet extension either, as there may still be a chance to recover files related to the locally encrypted private key."

ChainCatcher message, Web3 security company Slow Mist posted on the X platform to remind users that the "Safeguard" variant attack is spreading on Telegram. Users need to be aware of randomly sent false "account risk" messages and pushed false security checks. The attack process is as follows:A Telegram message is sent to you;You are induced to "verify" certain information;You enter the login verification code;Your session information is obtained;Your account is then stolen.Next, the scammers will search for private keys in your chatbot. If they completely take over your account, they will also impersonate you to scam your friends.

ChainCatcher message, Slow Mist posted on platform X, announcing the hacker addresses of the 7 Mask Network founders whose funds were stolen:0x7e8da2dc33416e5f73008366cd5027f22be17df70xce98ad7553c73578633a286f476c641179c5695d0xb6a5426b885172fb73d3c8fcf9612610612df7070xe457171b295e3ec597ddb234a46215e6006636e70x15eb933b90f13fdfa0f46a7ae52fe8cf4307fa430x180fe23ff9c57031e305ecffaadff4a5ac3d92190xaa937733edecda7924849c284b76912489e1f693

ChainCatcher news, Slow Mist posted on platform X stating that the devices of Safe developers were compromised, leading to the injection of malicious code into the frontend, which intercepted and modified transaction parameters. After a quick verification, it was found that there was indeed malicious code behind the js files of the Safe frontend, and the related address (0xbdd077f651ebe7f7b3ce16fe5f2b025be2969516) is involved in the malicious execution contract that siphoned off 1.5 billion assets from ByBit.