According to ChainCatcher news, on-chain analyst Scam Sniffer monitored that a user lost $304,091 due to copying an incorrect address.Scam Sniffer stated that this is a typical transaction history poisoning attack, where hackers send small transfers to make similar addresses appear in the user's history, causing the user to mistakenly copy the fake address for transfers.

ChainCatcher message, according to a warning issued by the SlowMist security team, the EOS blockchain is currently experiencing an address poisoning attack. Malicious accounts are sending users 0.001 EOS tokens to implement address poisoning, and multiple counterfeit trading platform accounts have been discovered.These attackers create fake accounts that are very similar to those of well-known trading platforms, such as the impersonation of OKX's "oktothemoon," with the real account being "okbtothemoon"; the impersonation of Binance's "binanecleos," with the real account being "binancecleos."

ChainCatcher message, according to X user @supremeleadoor's monitoring, aixbt is suspected to have fallen victim to a phishing attack by account @0xhungusman, resulting in a loss of 55.5 ETH. Relevant transaction records show that the funds have been transferred, and the related conversations have been deleted, leaving only the on-chain transaction records available for review.

ChainCatcher message, forwarded by SlowMist Technology's Chief Information Security Officer 23pds: "Four.Meme was hacked, resulting in a loss of approximately $120,000. There were no vulnerabilities in any contracts. The root cause was the leakage of the transaction where Four.Meme added liquidity to PancakeSwap. The hacker somehow obtained these private transactions (possibly due to BSC Builder being compromised) and executed a sandwich attack by bundling with them."

ChainCatcher message, Slow Mist's Yu Xian disclosed that the phishing technique of poisoning addresses with similar starting and ending numbers is still widespread, severely impacting the security infrastructure of the blockchain industry.Yu Xian pointed out that this type of poisoning targeting wallet transaction history mainly involves various techniques, including fake token contract codes emitting false event logs to deceive block explorers and wallets, as well as using zero-amount transfer event logs to arbitrarily fill in addresses in the from/to fields. These techniques can mislead users into believing that the transactions are from their own actions. Other common techniques include sending small amounts of funds from source addresses with the same starting and ending characters, combining clipboard hijacking technology, and impersonating well-known decentralized exchanges to output false event logs.Yu Xian recommends that users make good use of wallet whitelisting mechanisms, carefully verify complete addresses, and combine well-known hardware wallets for dual verification as defensive measures.Previously reported, two addresses suffered "transaction history pollution attacks" in the past 14 hours, resulting in a total loss of over $140,000.

ChainCatcher message, according to on-chain security analyst Scam Sniffer (@realScamSniffer), about 7 hours ago, a user transferred $103,100 to a scam address by copying an incorrect address from a polluted transaction history. Additionally, about 14 hours ago, another user lost $43,674 in the same manner.It is reported that the "transaction history pollution attack" involves scammers sending fake transfers with similar addresses, causing the fake address to appear in the user's transaction history, leading the user to mistakenly copy this address when transferring again.

ChainCatcher news, the blockchain gaming platform WEMIX under the South Korean listed gaming company Wemade disclosed a hacking incident on March 4, stating: "On February 28, 2025, approximately 8,654,860 WEMIX tokens were anomalously extracted due to a malicious external attack on Play Bridge Vault." WEMIX stated that it has taken immediate action to prevent further damage and is cooperating with law enforcement to track down the attackers. On March 13, the WEMIX Foundation executed 20 million WEMIX tokens to mitigate market impact.In addition, according to a report by Yonhap News Agency today, the loss caused by the hacking incident on February 28 amounted to approximately 9 billion won (about 6.22 million USD). The WEMIX Foundation emphasized in response to external accusations of delayed announcements that it "never had any intention or attempt to conceal the hacking incident." A representative of the WEMIX Foundation stated, "After discovering the hacking incident on February 28, we immediately shut down the affected servers and began a detailed analysis. On the same day, we submitted a complaint against the unidentified attackers to the Cyber Investigation Division of the Seoul Police Agency, and the National Investigation Agency is currently investigating. Since the method of intrusion has not yet been determined, hastily releasing an announcement could expose us to further attack risks, which is why we did not issue an immediate announcement. As most of the stolen assets have already been sold off, the market impact has already occurred, and it is difficult to ensure there are no further risks. If we had announced immediately, it could have triggered market panic."

ChainCatcher news, Kaito AI founder Yu Hu posted on the X platform stating that according to relevant clues, the hacker who attacked Kaito AI's official Twitter and his own X account is suspected to be related to the hacker who previously attacked @tier10k. This hacker profited nearly 1 million dollars by opening positions on Hyperliquid.

ChainCatcher news, Kaito AI founder Yu Hu posted on the X platform: "Nothing related to KAITO has been compromised. My X account and Kaito account were both hacked, and the hacker subsequently posted false tweets. When I realized this, I checked these accounts and found that I was still logged into both, so I deleted the tweets and changed the passwords.We have advanced security measures on both accounts, including hardware 2FA, so at this point, we may be facing similar attacks as seen recently in other projects like Jupiter.We are talking to people familiar with such attacks to understand how this happened. Any assistance from professionals is also welcome."

ChainCatcher message, the SlowMist security team released an article warning that phishing attacks targeting blockchain engineers have appeared on the LinkedIn platform. Blockchain developer Bruno Skvorc encountered a phishing attack disguised as a recruitment effort aimed at blockchain engineers. The attacker impersonated a project party and provided a link to a Bitbucket repository containing malicious code.The SlowMist team's technical analysis shows that the malicious code hides a crypto payload, activated through the server.js file. Once executed, the program connects to a command control server, downloads the test.js and .npl trojan programs, and subsequently steals sensitive information such as system information, browser extension wallet data, and passwords, with the ultimate goal of stealing users' crypto assets.

ChainCatcher news, Berachain ecosystem's social trading platform Berally, which integrates AI agents, stated, "Suspected of being attacked, partial information of the deployer key has been leaked, resulting in all vesting tokens being sold off and withdrawn from the liquidity pool. The dApp contract remains secure and unaffected by the hacker attack, but please temporarily revoke access to the dApp and Staking."Berally is investigating this incident.

ChainCatcher message, the official 1inch account stated that some fraudulent emails impersonating official 1inch have been discovered. These phishing emails appear legitimate but contain malicious links or attachments that may compromise your security. The community is advised to remain vigilant.

ChainCatcher news, market news publisher db posted on platform X that its X account has apparently been hacked, and not to trust any messages for the time being. It is still unclear what happened, as both its 2FA/Yubikey are enabled but it was still attacked. Further details will be released later.db also stated that there are no connected applications, no content in access history/sessions, no delegated accounts, and no API key leaks.ChainCatcher previously reported that db's X account had posted fake news about "Trump tokens having utility," and the account was compromised. That tweet has since been deleted.

ChainCatcher message, Movement Labs co-founder Rushi Manche posted on X, "The mainnet subdomain is currently experiencing a DDoS attack, which is being steadily mitigated, and normal operations are expected to resume soon."

ChainCatcher message, Slow Mist Security Team has issued a warning that social engineering attacks using malware are on the rise again. Hackers are tricking victims into downloading malicious scripts by sending fake video call links. In a recent case, the attacker compromised the victim's friend's Telegram account and used that account to initiate a call invitation.The Slow Mist team reminds users that if they suspect they have been attacked, they should immediately take the following measures:Protect asset security------If wallet private keys or mnemonic phrase backups are stored on the computer, transfer funds immediately;Change passwords and two-factor authentication------Update passwords for Telegram, X, email, and exchange accounts, and check for any unknown logins;Run a complete antivirus scan------Use well-known security software such as AVG, Bitdefender, Kaspersky, etc.;If there are still concerns, back up important files, reset the system, and scan everything before recovery.

ChainCatcher news, the Russia-backed hacker group "Dark Storm" claims responsibility for the recent distributed denial-of-service (DDoS) attack that caused a massive outage on the X platform.According to information released by the cybersecurity organization SpyoSecure on March 10 on the X platform, Dark Storm claimed to have carried out the attack in their Telegram channel. The channel was subsequently deleted for violating the platform's terms of service.Social media figure Ed Krassenstein also stated that he contacted the leader of Dark Storm, who confirmed this claim and stated that the attack was intended to demonstrate their strength, with no political motives.X platform owner Elon Musk confirmed that the platform experienced a cyber attack on March 10, causing some users to be unable to access it, but user functionality was quickly restored. In an interview with Fox Business Channel, he stated that the attack originated from IP addresses in the Ukraine region.Additionally, Tesla's recent stock price drop may be related to protests triggered by spending cuts from the government efficiency department (DOGE) led by Musk.

ChainCatcher news, according to an analysis by Qihoo 360 Xlab, the large-scale cyber attacks that caused three outages on the X platform are attributed to the same main botnet that attacked DeepSeek during the Spring Festival. This botnet is known as the Mirai variant botnet RapperBot, which belongs to a "professional thug" type of attack organization.Qihoo 360 Xlab discovered that the attack times perfectly matched the downtime of the X platform, primarily concentrated between 10 PM on March 10 and 2 AM on March 11 Beijing time. This botnet has been active for years, attacking hundreds of targets daily on average, with thousands of commands issued during peak periods. The attack targets are distributed across regions including Brazil, Belarus, Russia, China, Sweden, and others. The scale and intensity of this attack directly led to three significant service interruptions on the X platform, with a peak of 20,538 users reporting issues on March 10, Eastern Time.

ChainCatcher news, the Base official Twitter account has posted a tweet about Grok using Clanker-Bankr to launch tokens, stating that the wallet controlled by Grok has started charging fees. Kawz, the founder of time.fun, strongly criticized this, stating that products built on the Base network for months have never received a tweet from the Base official account, while some posters guiding Grok and issuing tokens have received coverage from Base. It is worth noting that time.fun had previously received investment from Coinbase Ventures, but migrated from Base to Solana a few weeks ago, gaining support from Solana co-founder toly and others.

ChainCatcher message, Musk stated this morning that the X platform is undergoing a large-scale cyber attack, and the attack is still ongoing. "We are attacked every day, but this time a significant amount of resources has been invested, possibly involving a large coordinated organization and/or a nation, and we are tracking it."Previously, multiple users reported access issues on the X platform.