ChainCatcher news, Slow Mist founder Cosine stated that Lottie Player was attacked by supply chain poisoning, with Ace Drainer related to phishing gangs poisoning the front-end script module Lottie Player relied on by well-known Web3 projects. Fortunately, it was discovered in time, and the impact should be minimal.If your project uses the Lottie Player module, please check whether there is any malicious code introduced (currently known versions 2.0.4 and the latest 2.0.8 do not contain malicious code).

ChainCatcher message, Slow Mist founder Yu Xian posted on the X platform: "Be careful, the official X account of the hardware wallet Keystone has been hacked, be cautious of any information posted (including direct messages), don't get phished."

ChainCatcher news, according to Slow Mist founder Yu Xian, the official X account of the hardware wallet Keystone has been hacked, and users should pay attention to related security.

ChainCatcher news, Slow Mist founder Cosine posted on the X platform revealing that the phishing group Angel Drainer has announced its dominance over the previous phishing attack involving 15,079 fwDETH assets.

ChainCatcher news, Slow Mist founder Yu Xian posted on X platform citing ScamSniffer's official tweet stating, "A phishing gang in the TON ecosystem is preparing to shut down, claiming that they believe there are no whale players in TON and that it is a small community. They have turned to the Bitcoin ecosystem, being too realistic. It may also be that this gang is not smart enough."

ChainCatcher message, regarding the security incident where an email revealing that an investor transferred tokens to a custody address was hijacked by malicious attackers on EigenLayer, SlowMist's Yu Xian analyzed on platform X: "The attacker seems to have premeditated for quite some time. The attacker's address first received 1 EIGEN, and about 26 hours later received 1,673,644 EIGEN, all from a 3/5 multi-signature address.Then, a little over an hour later, various coin washing activities began. The gas came from ChangeNow, and the illegally obtained EIGEN was mainly exchanged for USDC/USDT, primarily washed through platforms like HitBTC.According to official statements, the reason the attacker succeeded is that 'the email was compromised.' It is estimated that in the email content, the expected receiving wallet address for EIGEN was replaced with the attacker's address, causing the project party to send EIGEN to the attacker's address. Even if they initially sent 1 EIGEN, it is possible that after the attacker received 1 EIGEN, they also sent 1 EIGEN to the expected receiving address, leading the expected recipient to believe the entire process was correct. Of course, this is just speculation, and the specifics should be based on official disclosures."

ChainCatcher message, Slow Mist Yu X platform posted that the Symbiotic official account has been hacked and is continuously posting phishing links. The seemingly normal official domain will redirect to a phishing domain.

ChainCatcher news, cryptography researcher @LehmannLorenz stated on the X platform that his computer was nearly compromised, and just one click could install a malicious extension. The developers behind the extension were unverified, yet it garnered 1.7 million downloads within a day of release (more than any other extension) and a perfect 5/5 star rating. After downloading the malicious extension and extracting its contents, everything appeared normal - except for the obfuscated "extension.js" file that ran during installation. Log files indicated that the script ultimately encountered an error, relying on PowerShell execution, running entirely in memory without leaving any traces on the disk.In response, Slow Mist's Yu Xian stated that this is a supply chain net attack targeting Solidity smart contract developers. The editor environment is a high-risk area for supply chain attacks. They have always tried to isolate what they can, avoid installations whenever possible, and ensure the "just enough" principle. Anything flashy is thrown onto a separate computer or virtual machine.

ChainCatcher news, Slow Mist founder Yu Xian stated, "GoPlus's response speed is very fast, and it has promptly supported the characteristic detection of the related 'Pixiu' risks." Meanwhile, GoPlus has pushed updates to all partner platforms that integrate the GoPlus security API, including GMGN, DEXScreener, and DEXTools, to help on-chain users identify and avoid potential 'Pixiu' attack risks.ChainCatcher previously reported that Yu Xian mentioned there are a certain number of 'Pixiu' projects among some popular token projects on GMGN, and some of the malicious code in these projects is relatively hidden, making it difficult for third-party security tools to detect.

ChainCatcher message, Twitter user @roffett_eth tweeted that there are many ERC20 honeypot tokens in the trending list on the GMGN website. Even if labeled "Everything is SAFU," please remain vigilant, as the scammers have not completed the full Rug process.Slow Mist founder Yu Xian responded, "I verified it, and it is indeed the case; there are quite a few Pixiu shitcoins. Moreover, it's not just on GMGN; DEXTools and DEX Screener are similar. The hidden Pixiu schemes are not easy to detect with the third-party security tools used by these platforms. However, if players are smart, throwing the code to Claude/GPT yields pretty good results."

ChainCatcher message, Slow Mist Yu Xian posted on platform X stating that there are several key pieces of information to note regarding a phishing incident involving a user's WETH on Blast:The WETH on Blast is Blast's wrapped ETH token issued by Blast, the contract is upgradeable and supports permit offline authorization signatures;The WETH code on the Ethereum mainnet is also about 50 lines, very simple and reliable, for every WETH issued, there is an equivalent amount of ETH stored in the contract, without the flashy features like permit;The user was phished because Inferno Drainer supported the Blast WETH permit offline authorization signature, the phishing gang really studied the details, and details determine the profits.

ChainCatcher message, Slow Mist founder Yu Xian posted on the X platform, stating that the current top phishing gangs are heavily involved in three hot ecosystems: EVM/TON/Tron. Please take a moment to calm down for three seconds before signing.

ChainCatcher message, SlowMist founder Yu Xian stated that the DAI L2 Deployer private key leak has led to some recently deployed L2 DAI contract addresses being "honeypot" addresses controlled by attackers.There are no related risks on Optimism and Arbitrum, but the contracts on Base and Polygon networks are unsafe. The mainnet DAI contract is secure.

ChainCatcher message, Slow Mist founder Yu Xian (@evilcos) stated on the X platform that the official Aquarius X account has been hacked (despite having Google Authenticator 2FA enabled). The attacker has modified the username, corresponding email, and phone number, and the previous username has been taken over by another spam account of the attacker. The attacker's methods are mature and sophisticated, reminding users to be cautious and not to trust any information released by the compromised account until recovery is confirmed. Even after recovery, users should remain vigilant about all information.

ChainCatcher news, Slow Mist founder Yuxian posted on social media that 55.47 million DAI were stolen by the crypto theft team Inferno Drainer in a phishing attack. According to Scam Sniffer's analysis, it appears that the owner of its DSProxy contract was set (SetOwner) to a phishing-related wallet address.The subsequent coin theft operation was similar to the attack on the OpenSea Wyvern Protocol back in the day.Previous news, on August 21 at 10:00, according to ZachXBT's monitoring, a user was stolen 55.4 million DAI three hours ago.

ChainCatcher message, Slow Mist founder Cosine posted on social media to alert users of Seif Wallet that a small portion of private keys and passwords have been collected by the built-in third-party analytics platform in the wallet. Fortunately, this was discovered and reported by white hats. It doesn't seem like the third-party analytics platform is malicious; it feels similar to previous cases: mistakenly using Sentry to collect overly sensitive information that shouldn't have been collected.

ChainCatcher news, Slow Mist founder Yu Xian posted on social media, "I have initially looked into the situation of 4064 BTC that is suspected to be stolen. Some of the source funds seem to be related to Genesis Global Trading, and the laundering is quite aggressive. You can check the detailed fund map in the investigation I shared."ChainCatcher previously reported that on the X platform, on-chain detective ZachXBT stated that seven hours ago, a potential victim made a suspicious transfer of 4064 BTC (worth $238 million), and the funds were quickly transferred to platforms such as ThorChain, eXch, Kucoin, ChangeNow, Railgun, and Avalanche Bridge.

ChainCatcher message, Slow Mist founder Yu Xian shared on the X platform the experience of Twitter user @0xMaxLin encountering a job scam, warning the community to be cautious of fake video conferencing software that is used to lure potential victims into downloading malicious applications to steal crypto assets.maxlin.eth reported a job scam where the scammer pretended to be from the infrastructure development company xLabs, contacting the victim via Telegram and inducing them to download malware. The scammer offered a marketing specialist position and conducted a fake interview using Zoom to lower the victim's guard. Near the end of the interview, the scammer asked the user to download a conferencing software called Meetly. After installation, the software malfunctioned, and the user discovered that the link was a scam website. The user promptly transferred their assets to another wallet, successfully avoiding potential theft risks.

ChainCatcher message, Slow Mist founder Yu Xian posted on the X platform stating that the Monoswap hacking incident involves the use of a forged Kakao video conferencing Trojan software kakaocall[.]kr. If you have downloaded this software, it is recommended to immediately secure your assets and perform a virus scan and reset.

ChainCatcher message, Slow Mist founder Yu Xian posted on X stating: "The Indian exchange WazirX has been hacked, with over $230 million in assets stolen, due to the multi-signature of this ETH hot wallet address being compromised:0x27fd43babfbe83a81d14665b1a6fb8030a60c9b4It was previously a 4/6 multi-signature, and it seems the related private keys have all been breached.The attacker replaced the logic contract of the multi-signature contract with a malicious contract prepared 8 days ago through related transactions about 3 hours ago, and then proceeded with subsequent bulk theft operations."