ChainCatcher news, according to BeInCrypto, cybercriminals are using a new type of phishing SMS scam targeting Binance users. Dozens of Binance users have reported receiving a batch of seemingly legitimate phishing messages, which use phone numbers and SMS inboxes consistent with the usual channels for receiving official Binance information. A comparison shows that the wording and format of these phishing messages are highly similar. It is speculated that specific threat actors or criminal groups are planning meticulously designed phishing attacks against Binance users. In such targeted phishing attacks, the messages often warn users of unusual activity on their accounts, such as new device two-factor authentication. The most common phishing messages mention an unexpected association between Binance API and Ledger Live, urging recipients to call the phone number provided in the message. Some users have stated that these phishing messages appear in the same SMS thread as legitimate Binance notifications, causing confusion and making it easy to fall into the trap. Many users are caught off guard because the sender ID of the scam messages is the same as the real Binance notification ID.Binance's Chief Security Officer Jimmy Su confirmed that Binance has noticed an increase in SMS phishing incidents. He stated, "More and more phishing scammers are impersonating us or other legitimate senders via SMS. These scam messages appear authentic, tricking users into revealing sensitive information, clicking phishing links, or transferring funds, resulting in asset loss for users." Su also revealed that Binance has extended its anti-phishing code feature to SMS services, which was originally designed for emails. This code is a user-customized identifier that appears in official Binance communications, helping recipients identify genuine notifications and avoid being deceived by impersonators. Currently, the anti-phishing code feature has been launched in all licensed jurisdictions where Binance operates. Additionally, Binance claims that both registered and unregistered users have reported receiving suspicious messages.

ChainCatcher message, the SlowMist security team recently issued a warning, stating that they tested the recognition capabilities of several mainstream AI assistants on the imToken official website, and found that some AI assistants returned phishing links.SlowMist reminds users that while AI can enhance productivity, many people regard it as a source of information, which poses security risks.

ChainCatcher message, zkLend official stated on platform X: "Last night, the attacker of zkLend attempted to use Tornado Cash to mix 2,930 ETH of stolen funds and interacted with a known Tornado Cash phishing site, resulting in the funds being transferred to another party. This phishing site appears to have been operating for over 5 years.Currently, the security team has no conclusive evidence linking the phishing site to the attacker. As a precaution, we have included the new wallet addresses from the phishing site in our fund tracking efforts. Since last night, there has been a significant flow of funds from the wallet addresses controlled by the attacker. The security team and the zkLend team have been monitoring in real-time and are in contact with cryptocurrency exchanges (CEX) and relevant authorities. We will continue to work on tracking these funds."

ChainCatcher news, according to monitoring by SlowMist founder Yu Xian, after the zkLend hacker accidentally clicked on a phishing website, resulting in the theft of 2930 ETH in illicit funds, the hacker sent an on-chain message to zkLend stating, "Hello, I intended to transfer the funds to Tornado Cash, but I mistakenly used a phishing website, and as a result, all the funds are lost. I am devastated. I deeply apologize for the chaos and loss caused. All 2930 ETH has been taken by the operators of that website. I no longer have any coins left. Please direct your efforts towards those website operators to see if any funds can be recovered.This is my last message; perhaps ending this is the best choice. Again, I apologize."Previous news, according to monitoring by SlowMist Chief Information Security Officer @im23pds, the zkLend hacker (the original incident occurred in February) accidentally clicked on a phishing website while attempting to use Tornado Cash, resulting in the theft of 2930 ETH in illicit funds by that phishing website.

ChainCatcher news, according to the monitoring by SlowMist's Chief Information Security Officer @im23pds, the zkLend hacker (the original incident occurred in February) mistakenly clicked on a phishing site while trying to use Tornado Cash, resulting in the theft of 2,930 ETH by the phishing site.

ChainCatcher news, according to Scam Sniffer monitoring, a user lost $226,255 worth of pufETH tokens due to signing a phishing "permit" signature.Such phishing signature attacks are becoming increasingly common in the decentralized finance space, and users are advised to exercise extra caution before signing any blockchain transactions, especially those involving asset authorization.

ChainCatcher message, according to on-chain analyst Scam Sniffe (@realScamSniffer), a user lost $329,743 in assets due to a phishing authorization signed 408 days ago.Users are advised to regularly check and revoke old authorizations to ensure wallet security.

ChainCatcher news, UniSat announced on platform X that its extension wallet v1.5.8 is now live. The new version of the wallet will support phishing site detection, providing immediate alerts when accessing reported or blacklisted websites.In addition, UniSat has also fixed the issue of not prompting UniSat signatures due to conflicts with other extensions.

ChainCatcher message, according to X user @supremeleadoor's monitoring, aixbt is suspected to have fallen victim to a phishing attack by account @0xhungusman, resulting in a loss of 55.5 ETH. Relevant transaction records show that the funds have been transferred, and the related conversations have been deleted, leaving only the on-chain transaction records available for review.

ChainCatcher news, according to FTX creditor representative Sunil, scammers have recently impersonated FTX to send phishing emails to creditors. Sunil reminds creditors:Do not click on links in the emails, as these links may lead to fake claims portals;Check the sender's address;Access the official claims portal or official address directly, rather than through email links;Verify information through X and Telegram channels. Sunil urges all FTX creditors to remain vigilant against such scams.

ChainCatcher message, the SlowMist security team released an article warning that phishing attacks targeting blockchain engineers have appeared on the LinkedIn platform. Blockchain developer Bruno Skvorc encountered a phishing attack disguised as a recruitment effort aimed at blockchain engineers. The attacker impersonated a project party and provided a link to a Bitbucket repository containing malicious code.The SlowMist team's technical analysis shows that the malicious code hides a crypto payload, activated through the server.js file. Once executed, the program connects to a command control server, downloads the test.js and .npl trojan programs, and subsequently steals sensitive information such as system information, browser extension wallet data, and passwords, with the ultimate goal of stealing users' crypto assets.

ChainCatcher message, according to MistTrack monitoring, Tether has frozen 11 million USDT, involving the TRON address THsPNvWc47swNQp2GmAoH96KtYfSR4bz9F, suspected to be related to phishing activities.In addition, the UniswapV2Pair contract address (0x652d...89E) has also frozen 442,000 USDT.

ChainCatcher message, according to MistTrack monitoring, has found multiple phishing websites appearing in cryptocurrency project searches using Bing ads, and users should be cautious about asset security.Do not connect to phishing websites to avoid asset loss.

ChainCatcher message, according to Scam Sniffer monitoring, 30 minutes ago, a user fell victim to phishing, resulting in a loss of cUSDCv3 worth 1.82 million dollars.

ChainCatcher message, according to Scam Sniffer monitoring, a user lost $607,202 due to a phishing approval signed 385 days ago.

ChainCatcher message, according to Scam Sniffer monitoring, a user suffered a phishing attack, losing approximately $158,000 worth of PENDLE-LPT.

ChainCatcher message, Binance responded to the "SMS phishing attack" incident, stating, "SMS Spoofing is a common attack method and not a new hacking technique, nor is it targeted specifically at Binance or the cryptocurrency industry. Attackers modify the sender's identity to make the SMS appear to come from a trusted source. In some countries or regions, the mechanisms for achieving this disguise remain in a legal gray area, increasing the difficulty of addressing this attack method in the security field. Binance plans to launch a new security feature to help users verify the authenticity of SMS messages."Previously, SlowMist's Chief Information Security Officer @im23pds stated that there has been a recent increase in SMS phishing attacks targeting Binance users, with phishing messages appearing in the conversation thread of official Binance SMS, alongside genuine official messages in the same context, sharing the same channel.

ChainCatcher news, according to a post by Slow Mist CISO 23pd on platform X warning, "Attention, the latest SMS phishing attacks targeting Binance users have emerged. Recently, two individuals received the same phishing SMS on the same day, and the phishing SMS even appeared in the conversation thread of official Binance messages, appearing in the same context as previous genuine official messages, sharing the same channel. Even more astonishingly, there was a significant time span, precisely forging the official SMS environment.The current possible explanation is that the SMS channel has been exploited or hijacked by the phishers. The first SMS indeed came from the official number, but the subsequent scam messages may indicate that:Scammers spoofed the official SMS source (SMS Spoofing)• They used technical means to spoof the SMS sending number, making it appear consistent with the official number, allowing phishing messages to blend into the official conversation thread.They exploited vulnerabilities in the SMS gateway or supply chain attacks• Scammers may have attacked the SMS gateway or exploited security vulnerabilities of carriers/third-party SMS service providers, successfully embedding phishing messages into the official channel.• There may even be collusion with unscrupulous SMS providers to directly spoof official SMS replies, making it difficult for users to discern authenticity.Please have Binance officials investigate the issue, and everyone is advised to enhance security awareness and pay attention to fund safety."

ChainCatcher message, Scam Sniffer announced on the X platform that Google Ads has displayed a fake "Relay Bridge" phishing site. Please do not interact with any ads and bookmark compliant websites.

ChainCatcher message, according to Scam Sniffer monitoring, a user lost Aave WETH worth $629,812 (approximately 225.08 aEthWETH) and 2 Doodles due to signing multiple phishing transactions.