ChainCatcher message, AabyssTeam founder issued a security warning on X, stating that Cyberhaven security company was attacked by phishing emails, resulting in the browser plugin they released being implanted with malicious code, attempting to read the uploaded users' browser cookies and passwords. Subsequent code analysis revealed that multiple browser plugins were attacked, including Proxy SwitchyOmega (V3), affecting five hundred thousand users in the Google Store, which is currently under scrutiny.The founder of Slow Mist, Yu Xian, forwarded the warning and stated that this type of attack uses an OAuth2 attack chain. After obtaining the "extension publishing rights" of the developer of the "target browser extension," they publish an updated plugin extension with a backdoor. Each time the browser is launched or the extension is reopened, it may automatically trigger the update, making the backdoor implantation difficult to detect. He reminds wallet extension developers not to be careless.

ChainCatcher message, according to PeckShieldAlert, Orange Finance has suffered a hacker attack, with approximately $787,000 in crypto assets transferred from its contract. The official confirmation states that the attacker gained control of the admin address, upgraded the contract, and transferred the funds to their wallet.Users are strongly advised to immediately revoke all contract authorizations related to Orange Finance to avoid further losses and to cease any interaction with the compromised protocol.

ChainCatcher news, according to Cyvers Alerts monitoring, the USDC lending contract of Moonwell on the Optimism network has suffered a flash loan attack. The attacker used a malicious contract address as mToken to obtain unauthorized token approvals from Moonhackers, thereby stealing funds. The attacker received funding support through Tornado Cash on the Ethereum network, and the stolen USDC has been exchanged for DAI, which is currently stored in the attacker's wallet.

ChainCatcher news, the Solana ecosystem algorithmic stablecoin protocol Nirvana Finance has announced that it has opened the claims for compensation and will launch Nirvana V2 on December 18 at 2:00. Original ANA holders can experience the application in advance.Previously, in July 2022, hacker Shakeeb Ahmed stole approximately $3.5 million in stablecoins by manipulating the protocol's pricing mechanism. After collaborating with the U.S. Department of Justice, Department of Homeland Security, and IRS, Nirvana successfully recovered the stolen funds, and Ahmed was sentenced to three years in prison, during which he was ordered to return the cryptocurrency and pay $3.4 million in restitution. (Jin Shi)

ChainCatcher news, according to PeckShieldAlert, the Clober liquidity pool has been hacked, resulting in a loss of 133 ETH, worth approximately $500,000. Currently, the attacker has bridged the stolen funds from the Base network to the Ethereum network.

ChainCatcher news, decentralized exchange (DEX) Clipper clarifies that there was a vulnerability in its withdrawal function, which led to a recent hack of its protocol, resulting in a loss of $450,000, rather than the "third party" claim of a private key leak.Clipper stated: "On December 1, the attacker exploited two liquidity pools, locking approximately 6% of the total value. A third party claimed there was a private key leak issue. We can confirm that this is not the case and is inconsistent with Clipper's design and security architecture. The withdrawal function in the form of a token (bundled exchange + deposit/withdrawal transactions) has been disabled."Previously, the co-founder of security company Fuzzland posted on X that Clipper was "hacked due to an API vulnerability (such as private key leakage)," adding that the API might have vulnerabilities that allowed attackers to sign deposit and withdrawal requests, stealing more funds than they deposited.

ChainCatcher message, blockchain security agency PeckShieldAlert has issued a warning that Brett's X account @BasedBrett has been hacked. Users are reminded not to click on phishing links to avoid asset loss or information leakage.

ChainCatcher message, the gmgn website has just suffered a malicious attack, with attack methods including high-frequency crawling and flood attacks among others. The development team is urgently conducting repairs, and the token details page's holding collection function and transaction activity record function have been restored. Other services are gradually being restored.

ChainCatcher message, according to CertiK Alert monitoring, the price manipulation attack on the Base chain affected the unverified lending contract starting with 0x5c52. The attacker manipulated the prices of WETH and Sui, and obtained approximately 1 million dollars worth of tokens through excessive borrowing.

ChainCatcher message, according to Scam Sniffer monitoring, the X account of Ordinals Wallet has been hacked and phishing links have been posted. Upon checking, the related posts have been deleted.

ChainCatcher news, toy manufacturer LEGO Group has removed the "LEGO Coin" token scam that briefly appeared on its homepage after being hacked on October 5. The "LEGO Coin" token was visible on the toy manufacturer's homepage for about 75 minutes before being taken down.According to reports, LEGO told consumer technology platform Engadget that the cryptocurrency scam only appeared "briefly" on its homepage and that no user accounts were compromised: "The issue has been resolved. No user accounts were hijacked, and customers can shop as usual." "The cause has been identified, and we are taking steps to prevent such incidents from happening again."

ChainCatcher news, according to Web3 security firm Ancilia, Inc., the ShezmuETH (ShezETH) token appears to have been attacked, possibly due to a key leak, with an additional 9,900 ShezETH tokens minted and exchanged for 332 ETH (worth $880,000).Additionally, ShezmuUSD has also been hacked, and it is unclear whether this is related to the Deployer key leak. The staking contract lacks mint protection, allowing anyone to mint staking tokens.

ChainCatcher message, Banana Gun community member yannickcrypto.eth posted on X: "The Banana Gun team confirms that hackers may have attacked nearly 50 TG accounts and withdrew funds through these accounts.This aligns with the pattern of wallets being drained. The attack seems to be over."

ChainCatcher news, according to Cyvers Alerts monitoring, the DeFi project DeltaPrime on the ARB chain is suspected to have been attacked, and the administrator seems to have lost the private key. Suspicious addresses are continuously transferring assets, and so far, the affected liquidity pools are DPUSDC, DPARB, and DPBTCb. The attacker has exchanged USDC for ETH.So far, the estimated total loss is about 4.5 million dollars, the attack is still ongoing, and the total loss may increase.

ChainCatcher news, according to Cyvers Alerts monitoring, the wallet of the Indonesian crypto trading platform indodax has conducted over 150 suspicious transactions across different networks, with a total loss of approximately 18.2 million USD. Suspicious addresses are exchanging various tokens for Ethereum.

ChainCatcher message, the Ethereum modular execution layer Fuel posted on platform X that its official Discord has been attacked. Please do not click on any suspicious links or provide any personal information. Efforts are being made to resolve the issue, and please pay attention to the safety of your funds.

ChainCatcher news, according to Protos, a 19-year-old cryptocurrency trader from Singapore, "ZK," was attacked and forced to cancel a transaction while attempting to exchange 32,000 SGD (approximately 24,000 USD) for Tether (USDT).According to Mothership, during the transaction, ZK was ambushed by two men in a parking lot when he met the seller, one of whom punched him in the face. ZK fled to a nearby mall and called the police. The transaction was originally scheduled to take place in a public location, but the seller changed the meeting point at the last minute. The police have arrested two suspects, aged 20 and 21, on charges of attempted robbery.

ChainCatcher message, the Israel Defense Forces continued military operations in the Gaza Strip on August 30. According to the Palestinian news agency, multiple areas in the Gaza Strip were subjected to airstrikes and shelling by the Israeli army, including the Jabalia refugee camp in the northern Gaza Strip, the Maghazi refugee camp in the central region, and Khan Younis in the south.According to Israeli media reports, the Israel Defense Forces issued a statement on the 30th stating that the 98th Division concluded its three-week operation in the southern Gaza Strip. Earlier that day, the 98th Division withdrew from the Gaza Strip to prepare for future operations. The Israeli military also released a video showing military actions by the army in Khan Younis in the southern Gaza Strip and Deir al-Balah in the central Gaza Strip.