ChainCatcher message, according to the monitoring by Shield, the attacker of the RWA project Zoth has exchanged the stolen funds for 4,223 ETH.

ChainCatcher message, the RWA lending protocol Zoth has issued a security announcement on social media, confirming that its system has encountered a security vulnerability attack. The announcement states: "Our system has encountered a security vulnerability. We are actively investigating this incident and taking all necessary measures to resolve the issue as quickly as possible."Zoth stated that it is working closely with partners to mitigate the impact and fully resolve the issue. Once the investigation is complete, the team will share a detailed report and clarify the situation.

ChainCatcher message, Slow Mist team issued a security alert stating that the Zoth platform is suspected to have been attacked due to the leakage of administrator privileges, and the core logic contract has been tampered with and replaced with a malicious contract.

ChainCatcher message, regarding the discussion about the voting mechanism for listing coins implemented by Binance in 2017, Binance founder Zhao Changpeng replied, "The voting started off quite well. But later it somewhat tore the community apart, causing project teams to attack each other. It felt a bit like pvp. Preventing cheating has also become increasingly difficult over time. We need to keep changing the model. Occasionally, it can still be done."

According to ChainCatcher news, on-chain analyst Scam Sniffer monitored that a user lost $304,091 due to copying an incorrect address.Scam Sniffer stated that this is a typical transaction history poisoning attack, where hackers send small transfers to make similar addresses appear in the user's history, causing the user to mistakenly copy the fake address for transfers.

ChainCatcher message, according to a warning issued by the SlowMist security team, the EOS blockchain is currently experiencing an address poisoning attack. Malicious accounts are sending users 0.001 EOS tokens to implement address poisoning, and multiple counterfeit trading platform accounts have been discovered.These attackers create fake accounts that are very similar to those of well-known trading platforms, such as the impersonation of OKX's "oktothemoon," with the real account being "okbtothemoon"; the impersonation of Binance's "binanecleos," with the real account being "binancecleos."

ChainCatcher message, according to X user @supremeleadoor's monitoring, aixbt is suspected to have fallen victim to a phishing attack by account @0xhungusman, resulting in a loss of 55.5 ETH. Relevant transaction records show that the funds have been transferred, and the related conversations have been deleted, leaving only the on-chain transaction records available for review.

ChainCatcher message, forwarded by SlowMist Technology's Chief Information Security Officer 23pds: "Four.Meme was hacked, resulting in a loss of approximately $120,000. There were no vulnerabilities in any contracts. The root cause was the leakage of the transaction where Four.Meme added liquidity to PancakeSwap. The hacker somehow obtained these private transactions (possibly due to BSC Builder being compromised) and executed a sandwich attack by bundling with them."

ChainCatcher message, Slow Mist's Yu Xian disclosed that the phishing technique of poisoning addresses with similar starting and ending numbers is still widespread, severely impacting the security infrastructure of the blockchain industry.Yu Xian pointed out that this type of poisoning targeting wallet transaction history mainly involves various techniques, including fake token contract codes emitting false event logs to deceive block explorers and wallets, as well as using zero-amount transfer event logs to arbitrarily fill in addresses in the from/to fields. These techniques can mislead users into believing that the transactions are from their own actions. Other common techniques include sending small amounts of funds from source addresses with the same starting and ending characters, combining clipboard hijacking technology, and impersonating well-known decentralized exchanges to output false event logs.Yu Xian recommends that users make good use of wallet whitelisting mechanisms, carefully verify complete addresses, and combine well-known hardware wallets for dual verification as defensive measures.Previously reported, two addresses suffered "transaction history pollution attacks" in the past 14 hours, resulting in a total loss of over $140,000.

ChainCatcher message, according to on-chain security analyst Scam Sniffer (@realScamSniffer), about 7 hours ago, a user transferred $103,100 to a scam address by copying an incorrect address from a polluted transaction history. Additionally, about 14 hours ago, another user lost $43,674 in the same manner.It is reported that the "transaction history pollution attack" involves scammers sending fake transfers with similar addresses, causing the fake address to appear in the user's transaction history, leading the user to mistakenly copy this address when transferring again.

ChainCatcher news, the blockchain gaming platform WEMIX under the South Korean listed gaming company Wemade disclosed a hacking incident on March 4, stating: "On February 28, 2025, approximately 8,654,860 WEMIX tokens were anomalously extracted due to a malicious external attack on Play Bridge Vault." WEMIX stated that it has taken immediate action to prevent further damage and is cooperating with law enforcement to track down the attackers. On March 13, the WEMIX Foundation executed 20 million WEMIX tokens to mitigate market impact.In addition, according to a report by Yonhap News Agency today, the loss caused by the hacking incident on February 28 amounted to approximately 9 billion won (about 6.22 million USD). The WEMIX Foundation emphasized in response to external accusations of delayed announcements that it "never had any intention or attempt to conceal the hacking incident." A representative of the WEMIX Foundation stated, "After discovering the hacking incident on February 28, we immediately shut down the affected servers and began a detailed analysis. On the same day, we submitted a complaint against the unidentified attackers to the Cyber Investigation Division of the Seoul Police Agency, and the National Investigation Agency is currently investigating. Since the method of intrusion has not yet been determined, hastily releasing an announcement could expose us to further attack risks, which is why we did not issue an immediate announcement. As most of the stolen assets have already been sold off, the market impact has already occurred, and it is difficult to ensure there are no further risks. If we had announced immediately, it could have triggered market panic."

ChainCatcher news, Kaito AI founder Yu Hu posted on the X platform stating that according to relevant clues, the hacker who attacked Kaito AI's official Twitter and his own X account is suspected to be related to the hacker who previously attacked @tier10k. This hacker profited nearly 1 million dollars by opening positions on Hyperliquid.

ChainCatcher news, Kaito AI founder Yu Hu posted on the X platform: "Nothing related to KAITO has been compromised. My X account and Kaito account were both hacked, and the hacker subsequently posted false tweets. When I realized this, I checked these accounts and found that I was still logged into both, so I deleted the tweets and changed the passwords.We have advanced security measures on both accounts, including hardware 2FA, so at this point, we may be facing similar attacks as seen recently in other projects like Jupiter.We are talking to people familiar with such attacks to understand how this happened. Any assistance from professionals is also welcome."

ChainCatcher message, the SlowMist security team released an article warning that phishing attacks targeting blockchain engineers have appeared on the LinkedIn platform. Blockchain developer Bruno Skvorc encountered a phishing attack disguised as a recruitment effort aimed at blockchain engineers. The attacker impersonated a project party and provided a link to a Bitbucket repository containing malicious code.The SlowMist team's technical analysis shows that the malicious code hides a crypto payload, activated through the server.js file. Once executed, the program connects to a command control server, downloads the test.js and .npl trojan programs, and subsequently steals sensitive information such as system information, browser extension wallet data, and passwords, with the ultimate goal of stealing users' crypto assets.

ChainCatcher news, Berachain ecosystem's social trading platform Berally, which integrates AI agents, stated, "Suspected of being attacked, partial information of the deployer key has been leaked, resulting in all vesting tokens being sold off and withdrawn from the liquidity pool. The dApp contract remains secure and unaffected by the hacker attack, but please temporarily revoke access to the dApp and Staking."Berally is investigating this incident.

ChainCatcher message, the official 1inch account stated that some fraudulent emails impersonating official 1inch have been discovered. These phishing emails appear legitimate but contain malicious links or attachments that may compromise your security. The community is advised to remain vigilant.

ChainCatcher news, market news publisher db posted on platform X that its X account has apparently been hacked, and not to trust any messages for the time being. It is still unclear what happened, as both its 2FA/Yubikey are enabled but it was still attacked. Further details will be released later.db also stated that there are no connected applications, no content in access history/sessions, no delegated accounts, and no API key leaks.ChainCatcher previously reported that db's X account had posted fake news about "Trump tokens having utility," and the account was compromised. That tweet has since been deleted.

ChainCatcher message, Movement Labs co-founder Rushi Manche posted on X, "The mainnet subdomain is currently experiencing a DDoS attack, which is being steadily mitigated, and normal operations are expected to resume soon."