ChainCatcher news, Slow Mist founder Yu Xian stated on social media that the ENS chief developer was previously targeted by a phishing attack that exploited a vulnerability in Google's infrastructure. The phishing gang deceived users by disguising phishing emails as official Google communications, leading to users being targeted by law enforcement. Although Google has implemented countermeasures, today this phishing gang launched a new round of phishing attacks and will continue to lure users to a "google.com" subdomain, enticing users to disclose their account passwords and immediately add a Passkey.ChainCatcher previously reported that ENS chief developer nick.eth mentioned on social media that he encountered an extremely sophisticated phishing attack that exploited a vulnerability in Google's infrastructure, but Google refused to fix the vulnerability.He indicated that the attack emails appeared very authentic, could be verified through DKIM signatures, and were displayed normally in Gmail, alongside other legitimate security warnings. The attackers utilized Google's "Sites" service to create a trustworthy "support portal" page, as users would see "google.com" in the domain and mistakenly believe it was safe, so users need to remain vigilant.

ChainCatcher news, according to Cointelegraph, Manta Network co-founder Kenny Li revealed a highly sophisticated phishing attack. The attackers used video footage of real team members during a Zoom video call, attempting to lure him into downloading malware.Li stated that the other party's camera was on during the video call and the facial footage was real, but there was no sound. The system prompted him to update Zoom and download a script file, which raised his alert. He believes this attack may have been initiated by the North Korean state-sponsored hacker group Lazarus. After being asked to verify identity via Telegram, the attackers immediately deleted all messages and blocked him.

ChainCatcher message, according to Cointelegraph, the Kaspersky report indicates that a dangerous malware is disguising itself as a Microsoft Office add-on on the SourceForge platform, specifically targeting cryptocurrency users for attacks. This malware employs clipboard hijacking techniques to automatically replace the cryptocurrency wallet addresses copied by users with the attacker's address, resulting in funds being directly transferred to the hacker's account. Security experts remind users to carefully verify wallet addresses when conducting cryptocurrency transactions to ensure transaction safety.

ChainCatcher news, GMGN co-founder Haze posted on platform X stating, "The platform has recently been experiencing intermittent traffic attacks aimed at taking our website down. However, we have managed to withstand them. We haven't issued announcements every time.Around 8 PM tonight, a sudden influx of traffic occurred, leading to a CAPTCHA on the website. The site didn't go down, but it affected user experience. GMGN has also provided a crawler IP whitelist for many community users (some of whom can perform data analysis, small products, and small businesses).Basically, it was issued with 0 conditions, and even if we mentioned a condition, we hardly reviewed it. Therefore, there are still many community users' crawlers on our website. In the future, to respond to traffic attack incidents and ensure user experience, we plan to strengthen traffic countermeasures. We also plan to start stopping some crawler IP whitelists."

ChainCatcher news, according to Blockworks, in light of the recent $13 million attack on Hyperliquid, some members of the Solana community have raised questions about whether Jupiter's JLP risk pool has similar vulnerabilities. In response, analysts believe that Jupiter has structural defense mechanisms that make it unlikely to face similar attacks.First, Jupiter only supports mainstream assets with ample liquidity, such as SOL, ETH, and wBTC, while Hyperliquid allows trading of tokens with lower liquidity (like JELLY), making it more susceptible to manipulation. Secondly, Hyperliquid relies on an internal order book for matching, allowing attackers to manipulate prices using limit orders, whereas Jupiter uses external oracles like Pyth to provide prices, making it difficult to influence market prices through a single platform.Additionally, Jupiter implements strict risk control mechanisms, with all trades directly undertaken by JLP, without involving secondary risk pools or human intervention, ensuring the stability of trade execution. Although JLP still needs to address risks such as market unilateral trends, it balances pool risks through dynamic adjustments of borrowing rates.

ChainCatcher news, according to The Block, data released by the Web3 vulnerability bounty platform Immunefi shows that in the first quarter of 2025, there were a total of 40 hacking incidents, resulting in cryptocurrency losses of $1.64 billion, a record high.In comparison, the first quarter of 2024 saw an increase of 4.7 times, when hackers stole approximately $348.3 million, despite a 36% decrease in the number of attacks, dropping from 63 to 40 incidents. Most of the losses came from Bybit's $1.46 billion hacking incident, while losses from other attacks were around $176 million, a nearly 50% year-on-year decrease.

ChainCatcher message, regarding the discussion about the voting mechanism for listing coins implemented by Binance in 2017, Binance founder Zhao Changpeng replied, "The voting started off quite well. But later it somewhat tore the community apart, causing project teams to attack each other. It felt a bit like pvp. Preventing cheating has also become increasingly difficult over time. We need to keep changing the model. Occasionally, it can still be done."

ChainCatcher message, according to a warning issued by the SlowMist security team, the EOS blockchain is currently experiencing an address poisoning attack. Malicious accounts are sending users 0.001 EOS tokens to implement address poisoning, and multiple counterfeit trading platform accounts have been discovered.These attackers create fake accounts that are very similar to those of well-known trading platforms, such as the impersonation of OKX's "oktothemoon," with the real account being "okbtothemoon"; the impersonation of Binance's "binanecleos," with the real account being "binancecleos."

ChainCatcher message, Slow Mist's Yu Xian disclosed that the phishing technique of poisoning addresses with similar starting and ending numbers is still widespread, severely impacting the security infrastructure of the blockchain industry.Yu Xian pointed out that this type of poisoning targeting wallet transaction history mainly involves various techniques, including fake token contract codes emitting false event logs to deceive block explorers and wallets, as well as using zero-amount transfer event logs to arbitrarily fill in addresses in the from/to fields. These techniques can mislead users into believing that the transactions are from their own actions. Other common techniques include sending small amounts of funds from source addresses with the same starting and ending characters, combining clipboard hijacking technology, and impersonating well-known decentralized exchanges to output false event logs.Yu Xian recommends that users make good use of wallet whitelisting mechanisms, carefully verify complete addresses, and combine well-known hardware wallets for dual verification as defensive measures.Previously reported, two addresses suffered "transaction history pollution attacks" in the past 14 hours, resulting in a total loss of over $140,000.

ChainCatcher message, according to on-chain security analyst Scam Sniffer (@realScamSniffer), about 7 hours ago, a user transferred $103,100 to a scam address by copying an incorrect address from a polluted transaction history. Additionally, about 14 hours ago, another user lost $43,674 in the same manner.It is reported that the "transaction history pollution attack" involves scammers sending fake transfers with similar addresses, causing the fake address to appear in the user's transaction history, leading the user to mistakenly copy this address when transferring again.

ChainCatcher message, the SlowMist security team released an article warning that phishing attacks targeting blockchain engineers have appeared on the LinkedIn platform. Blockchain developer Bruno Skvorc encountered a phishing attack disguised as a recruitment effort aimed at blockchain engineers. The attacker impersonated a project party and provided a link to a Bitbucket repository containing malicious code.The SlowMist team's technical analysis shows that the malicious code hides a crypto payload, activated through the server.js file. Once executed, the program connects to a command control server, downloads the test.js and .npl trojan programs, and subsequently steals sensitive information such as system information, browser extension wallet data, and passwords, with the ultimate goal of stealing users' crypto assets.

ChainCatcher message, the official 1inch account stated that some fraudulent emails impersonating official 1inch have been discovered. These phishing emails appear legitimate but contain malicious links or attachments that may compromise your security. The community is advised to remain vigilant.

ChainCatcher message, Slow Mist Security Team has issued a warning that social engineering attacks using malware are on the rise again. Hackers are tricking victims into downloading malicious scripts by sending fake video call links. In a recent case, the attacker compromised the victim's friend's Telegram account and used that account to initiate a call invitation.The Slow Mist team reminds users that if they suspect they have been attacked, they should immediately take the following measures:Protect asset security------If wallet private keys or mnemonic phrase backups are stored on the computer, transfer funds immediately;Change passwords and two-factor authentication------Update passwords for Telegram, X, email, and exchange accounts, and check for any unknown logins;Run a complete antivirus scan------Use well-known security software such as AVG, Bitdefender, Kaspersky, etc.;If there are still concerns, back up important files, reset the system, and scan everything before recovery.

ChainCatcher news, the Web3 asset data platform RootData published a tweet analyzing 17 major cryptocurrency hacking incidents (with stolen amounts exceeding 100 million USD) that occurred over the past few years (since the second half of 2021) and their impact on BTC price trends.Data shows that while BTC often experiences a drop on the day of the hacking incident, the price changes within 7 days and 1 month after the hacking indicate that the long-term impact of these hacks is limited. This suggests that while they may shake market confidence in the short term, BTC prices typically recover quickly.

ChainCatcher news, according to a post by Slow Mist CISO 23pd on platform X warning, "Attention, the latest SMS phishing attacks targeting Binance users have emerged. Recently, two individuals received the same phishing SMS on the same day, and the phishing SMS even appeared in the conversation thread of official Binance messages, appearing in the same context as previous genuine official messages, sharing the same channel. Even more astonishingly, there was a significant time span, precisely forging the official SMS environment.The current possible explanation is that the SMS channel has been exploited or hijacked by the phishers. The first SMS indeed came from the official number, but the subsequent scam messages may indicate that:Scammers spoofed the official SMS source (SMS Spoofing)• They used technical means to spoof the SMS sending number, making it appear consistent with the official number, allowing phishing messages to blend into the official conversation thread.They exploited vulnerabilities in the SMS gateway or supply chain attacks• Scammers may have attacked the SMS gateway or exploited security vulnerabilities of carriers/third-party SMS service providers, successfully embedding phishing messages into the official channel.• There may even be collusion with unscrupulous SMS providers to directly spoof official SMS replies, making it difficult for users to discern authenticity.Please have Binance officials investigate the issue, and everyone is advised to enhance security awareness and pay attention to fund safety."

ChainCatcher message, Binance founder Zhao Changpeng posted on X that he has updated a security advisory article from 5 years ago, reducing its content from 5,500 words to 4,300 words. He recommends users read it to avoid potential hacking attacks and included a relevant link.