ChainCatcher news, according to Greenberg Glusker, T-Mobile has been involved in a cryptocurrency theft due to "multiple security vulnerabilities" that led to SIM card swapping attacks. The law firm Greenberg Glusker announced on March 20 that it has obtained a $33 million arbitration award against T-Mobile.The arbitration took place in the fall of 2023 and involved 12 days of testimony. According to Greenberg Glusker, the arbitration panel found that T-Mobile was responsible for "its multiple security failures that led to SIM card swapping attacks, resulting in the theft of cryptocurrency."

ChainCatcher news, the founder of Slow Mist, Yu Xian, posted on the X platform to review the DEXX hacking incident, stating that the main cause of the incident was indeed the exploitation of a vulnerability in the ZenTao platform used by DEXX, which led to an external intrusion. Subsequently, the production network-related servers and database permissions were compromised, and all forensic analyses have traced back this attack path. In other words, DEXX is also a victim, but bears responsibility for inadequate security management.Furthermore, although DEXX's performance during this life-and-death hacking incident was quite chaotic, the fact that they were ultimately able to provide compensation puts them ahead of 99.99% of projects in this industry.

ChainCatcher message, ZachXBT released an investigation on the X platform targeting the identity of a whale with 50x leverage on Hyperliquid. By tracking on-chain transactions, it was discovered that a person named "William Parker" is associated with the 50x leverage whale on Hyperliquid. He was arrested last year for stealing approximately $1 million from two casinos in 2023 and was sentenced in Finland. Before this, he was known as Alistair Packover (William Peckover) and later changed his name.In the early 2010s, Alistair Packover made headlines in the UK multiple times due to fraud charges related to hacking and gambling. It is clear that he did not learn his lesson after serving several years for fraud and may continue to gamble. Currently, his funds are mainly stored in:0x51d99A4022a55CAd07a3c958F0600d8bb0B39921

ChainCatcher message, Scam Sniffer has issued a phishing alert on the X platform stating that a counterfeit Microsoft Teams website is spreading malware. Risks include data leaks, credential theft, session hijacking, and wallet theft. Please verify the source before installation.

ChainCatcher news, Meteora co-founder Ben Chow stated on social media, "My account has been hacked, and I have been trying to regain control. Please ignore any recent posts."This morning, his X account released an official statement regarding the MELANIA, LIBRA, and TRUMP events, which may not have been operated by him.

ChainCatcher news, on-chain detective ZachXBT posted that the password manager LastPass was hacked in 2022, resulting in the theft of nine-figure cryptocurrency. The team has long been covering up the extent of the attack and has gaslighted many confirmed victims. Yesterday, in a forfeiture complaint, even law enforcement publicly agreed that LastPass may be liable for the stolen cryptocurrency.

ChainCatcher news, according to on-chain detective ZachXBT, a forfeiture lawsuit document submitted by U.S. law enforcement yesterday revealed the reason behind Ripple co-founder Chris Larsen's approximately $150 million (283 million XRP) theft incident in January 2024. The incident stemmed from Larsen storing his private key in the LastPass password manager, which suffered a data breach in 2022.The document shows that after the victim entered the cryptocurrency wallet private key into the online password manager, the physical record of the private key would be immediately destroyed. The password manager experienced two major data breaches in August and November 2022, during which attackers stole encrypted passwords and vault data. An FBI investigation found that this stolen data was used to illegally access the electronic accounts of multiple victims, stealing information, cryptocurrency, and other data.

ChainCatcher news, Safe announced that its joint security investigation with Mandiant (now part of Google Cloud) has made significant progress and confirmed that the theft incident on Bybit on February 21 was perpetrated by the North Korean hacker group TraderTraitor, which has previously targeted the crypto industry multiple times.The attackers compromised the laptop of a Safe{Wallet} developer and hijacked an AWS session token to bypass multi-factor authentication controls. This developer is one of the few with higher privileges to perform their duties.Safe calls on the Web3 ecosystem to collectively address the increasingly complex security threats and to enhance the optimization of transaction verification tools to improve user security. The official team has released a detailed transaction verification guide and plans to further optimize the user experience to reduce potential risks.

ChainCatcher message, Ethereum co-founder Vitalik Buterin reminds that many users' losses of crypto assets are not due to theft, but rather due to software vulnerabilities, forgotten passwords, lost devices, accidental damage to paper wallets, and other reasons.He pointed out that since there are no attackers to hold accountable, many victims are ashamed to discuss these losses, but in reality, such incidents occur frequently. Vitalik emphasized that the security solutions for crypto wallets should also consider the issue of asset loss and called for the promotion of social recovery mechanisms to reduce permanent losses of assets due to personal errors.

ChainCatcher news, according to an announcement from the FBI, the Federal Bureau of Investigation has issued a Public Safety Announcement (PSA) confirming that a North Korean hacking group is responsible for the theft of approximately $1.5 billion in digital assets from the Bybit exchange.The FBI stated that the hacking group acted quickly, converting some of the stolen assets into Bitcoin and other digital assets, and dispersing them to thousands of addresses across multiple blockchains. It is expected that these assets will be further laundered and eventually converted into fiat currency.

ChainCatcher news, Safe responded on platform X to Bybit's hacking forensic report, stating that the forensic review of the targeted attack by the Lazarus Group on Bybit concluded that the attack on Bybit Safe was executed through compromised Safe{Wallet} developer machines, leading to disguised malicious transactions.Lazarus is a government-backed North Korean hacking organization known for its complex social engineering attacks on developer credentials, sometimes combined with zero-day vulnerabilities. The forensic review by external security researchers did not indicate any vulnerabilities in the Safe smart contracts or the source code of the front end and services.Following the recent incident, the Safe{Wallet} team conducted a thorough investigation and has now phased the restoration of Safe{Wallet} on the Ethereum mainnet. The Safe{Wallet} team has completely rebuilt and reconfigured all infrastructure and rotated all credentials to ensure the complete elimination of the attack vector.After the final results of the investigation are released, the Safe{Wallet} team will publish a complete post-mortem analysis. The Safe{Wallet} front end is still operational and has implemented additional security measures. However, users need to be extra cautious and vigilant when signing transactions.

ChainCatcher message, Slow Mist stated that on February 21, 2025, Bybit's on-chain multi-signature wallet was targeted and breached, with nearly $1.5 billion in assets quietly lost through a transaction with a "legitimate signature." Subsequent on-chain analysis revealed that the attacker gained multi-signature permissions through sophisticated social engineering attacks, implanted malicious logic using the delegatecall function of the Safe contract, and ultimately bypassed the multi-signature verification mechanism to transfer funds to an anonymous address. "Multi-signature" does not equal "absolute security"; even a secure mechanism like the Safe multi-signature wallet can still be at risk of being compromised if lacking additional protective measures.Bybit is using version v1.1.1 (<1.3.0) of the Safe contract, which means they cannot utilize the Guard mechanism, a key security feature. If Bybit had upgraded to version 1.3.0 or higher of the Safe contract and implemented an appropriate Guard mechanism, such as specifying a whitelist address for receiving funds and conducting strict contract function ACL verification, they might have been able to avoid this loss. Although this is merely a hypothesis, it provides important insights for future asset security management.

ChainCatcher news, according to feedback from several community members, a Binance user had their Google email hacked, and the funds in their Binance account were stolen in the form of exchange red envelopes. It is speculated that the 2FA security verification was ineffective due to the impact of the Google email. Currently, Binance officials have reported that they have contacted the user to address the issue. Additionally, Binance officials remind users: it is recommended to enable biometric login verification to avoid similar situations.Moreover, several users have reported that their Binance accounts are automatically logged out, requiring them to log in again to perform operations. In response, the officials stated that the Binance platform will undergo routine system maintenance from February 19 to 27, but other functions of user accounts will not be affected.

ChainCatcher message, according to Infini founder Christian's post on X, "Of the 50 million dollars stolen, seventy percent belongs to large friends I know personally. I have already communicated with each of them and will personally bear the possible losses and settle privately. The remaining funds will be reinvested into the infini vault before next Monday, and everything will continue as usual. The funds are ready, and I will respond to any withdrawal requests in the meantime, so please rest assured.I apologize for the need for some time to upgrade and restart the business; everything will proceed under the premise of ensuring the absolute safety of the funds."

ChainCatcher news, the Matrixport analysis report points out that after the Bybit theft incident, hidden buying may boost ETH's rebound.The specific viewpoint is as follows: "The market's focus is on how Bybit suffered the theft of nearly 500,000 ETH on Friday, but what is truly worth noting is its impact on the market. Bybit needs to repurchase ETH to replenish wallet funds, while the hackers must handle subsequent operations cautiously.From past experience, stolen funds are usually not immediately sold off, meaning short-term selling pressure is likely to be limited. Meanwhile, the market has added a potential buying demand of 500,000 ETH, while it is currently reported that only about 100,000 ETH has been repurchased. The supply-demand imbalance may drive ETH prices upward. Given that the price has shown signs of stabilization, we are optimistic about the current trend."