ChainCatcher news, according to Cointelegraph, cybersecurity company Kaspersky recently released research showing that hackers are creating hundreds of fake projects on the GitHub platform to lure users into downloading malware that steals cryptocurrency and credentials. Kaspersky has named this malware activity "GitVenom."Kaspersky analyst Georgy Kucherin pointed out in a report on February 24 that these fake projects include Telegram bots for managing Bitcoin wallets and tools for automating Instagram account interactions. Hackers carefully design project documentation, possibly using AI tools to generate content, and artificially increase the number of project "commits" to make the projects appear to be actively developed.According to Kaspersky's investigation, these malicious projects can be traced back at least two years. Regardless of how the projects are presented, they contain malicious components, such as information-stealing tools that upload saved credentials, cryptocurrency wallet data, and browsing history through Telegram, as well as clipboard hijackers that replace cryptocurrency wallet addresses. In November 2023, a user lost 5 Bitcoins (approximately $442,000) as a result. Kaspersky advises users to carefully check the behavior of third-party code before downloading.

ChainCatcher news, digital asset wallet TokenPocket issued a statement in response to the incident on February 14, where user assets were aggregated and stolen by hackers. Technical analysis revealed that affected users had downloaded a third-party mining software called "Bom," which exhibited malicious behavior by unauthorized access to users' photo albums and uploading data, leading to the leakage of users' mnemonic phrases or private keys.TokenPocket has collaborated with security teams such as SlowMist Technology and GoPlusSecurity, and reminds users to immediately stop using unverified third-party tools, and to avoid saving mnemonic phrases and private keys through screenshots, social platforms, cloud storage, and other methods.

ChainCatcher news, according to Cointelegraph, Telegram is now requiring third-party crypto wallets to use TON Connect and is restricting mini-programs to the TON blockchain, raising concerns in the crypto community about decentralization and exclusivity.It is reported that the new requirements are part of Telegram's collaboration with the TON Foundation, which makes TON the only supported blockchain network for its messaging service.A spokesperson for the TON Foundation stated, "Wallets in Telegram are unaffected because these wallets are based on TON and only support TON Connect for decentralized application interactions, but in the future, third-party wallets that do not adopt TON Connect will no longer be supported."

ChainCatcher news, KOL4U (the developer of IceCream AI) announced on X that the third-party Glaze Pool (GP) for YZI has been launched. KOL4U provides 10,000 YZI as seed funding for the Glaze Pool.IceCream AI is a DeFAI protocol that utilizes AI agents to analyze Twitter posts and push on-chain rewards.KOLs can now earn ICECREAM and YZI. After KOLs post content about the ICECREAM or YZI projects on the X platform, IceCream AI will analyze their posts, and KOLs will earn profits from the Glaze Pool.It is reported that YZI's X account and website will go live in mid-December 2024, and the YZI token will be launched on January 16, 2025. On January 23, 2025, Binance Labs officially announced its first name change to YZI Labs, leading to a rise in the YZI token.ICECREAM and YZI will be launched on the Four.Meme platform through fair distribution.

ChainCatcher news, Slow Mist Technology's Chief Information Security Officer 23pds stated on the X platform that a recent monitoring detected a data breach involving a third-party service used by a leading trading platform, affecting a large amount of employee information, including sensitive data such as emails and passwords. The relevant situation has been communicated to the parties involved for handling. Meanwhile, everyone is reminded to stay vigilant and pay attention to fund security:Beware of phishing emails and social engineering attacks, avoid clicking on unknown links or providing account information.Change passwords for high-risk accounts promptly and avoid reusing passwords.Enable two-factor authentication (2FA) to enhance account security protection.If there are any unusual logins or suspicious transactions, please verify as soon as possible and take security measures.

ChainCatcher news, according to CNN, the Internal Revenue Service (IRS) of the United States has announced that starting in 2025, a third-party reporting system for cryptocurrency transactions will be implemented. Centralized trading platforms such as Coinbase and Gemini will be required to report users' cryptocurrency transaction information to the tax authorities for the first time using the newly established 1099-DA form.According to the regulations, custodial trading platforms, digital asset wallet providers, cryptocurrency ATM operators, and digital asset payment processors must track and record users' buy and sell transactions throughout the year and submit reports to users and the IRS in early 2026.The specific implementation timeline shows that the reporting of cryptocurrency cost basis (purchase price) information will begin in 2026; reporting of peer-to-peer transactions on decentralized platforms (such as Uniswap and Sushiswap) will be postponed until 2027, but only the total transaction amount needs to be reported. Newly listed Bitcoin spot ETF transactions will also be reported using the 1099-B or 1099-DA forms, including share transactions and taxable events generated within the fund.

ChainCatcher message, in the coming hours, Tether will collaborate with third-party exchanges for a chain swap, converting part of its USDT cold wallets on different blockchains to USDT on Tron.During this process, Tether's total supply of USDT will remain unchanged, amounting to approximately 1 billion USDT (the amount may vary).

ChainCatcher news, according to The Block, Bitcoin mining company MARA disclosed in its December production report that it has used 7,377 Bitcoins (approximately $730 million) for short-term third-party lending, accounting for 16.4% of its reserves, to achieve a "single-digit" yield.According to the announcement, MARA purchased 22,065 Bitcoins at an average price of $87,205 in 2024, while mining 9,457 Bitcoins, bringing its total reserves to 44,893 Bitcoins, valued at over $4.4 billion at current prices. The company has exceeded its target of 50 EH/s in computing power, peaking at 53.2 EH/s.MARA's Vice President of Investor Relations, Robert Samuels, stated that the lending program began in 2024, primarily in collaboration with well-known third-party institutions. CEO Fred Thiel emphasized that the dual strategy of mining and purchasing provides greater flexibility for the company and helps enhance long-term shareholder value.

ChainCatcher news, according to Tech Crunch, Telegram has released its first update for 2025, introducing third-party supported account verification, NFT gift conversion, and message search filters. Accounts verified by third parties will display a unique badge instead of the traditional blue checkmark, aimed at preventing scams, reducing misinformation, and enhancing the security of the social platform through a decentralized approach.Additionally, Telegram has launched a feature to convert gifts into NFTs with custom backgrounds and icons. Users can give gifts through Telegram Stars, which can be purchased via in-app purchases or by connecting a TON wallet, and NFTs can be traded on different platforms. To cover blockchain transaction fees, Telegram will charge a fee for upgrading gifts to NFTs.The platform also provides creators with a way to monetize through cryptocurrency, which can be used for payments in games and applications. The update also includes emoji reaction features and new search filters, enhancing the user experience in private chats, group chats, and channels.

ChainCatcher message, the Web3 security team Scam Sniffer posted on X that most Solana wallet theft programs actively use third-party domains to bypass wallet blacklists. (For example, registering expired DAPP domains, now exploiting XSS vulnerabilities.)If users see a DAPP pop up a second window (or redirect) asking them to connect in another window, please carefully check if it is safe.

ChainCatcher news, decentralized exchange (DEX) Clipper clarifies that there was a vulnerability in its withdrawal function, which led to a recent hack of its protocol, resulting in a loss of $450,000, rather than the "third party" claim of a private key leak.Clipper stated: "On December 1, the attacker exploited two liquidity pools, locking approximately 6% of the total value. A third party claimed there was a private key leak issue. We can confirm that this is not the case and is inconsistent with Clipper's design and security architecture. The withdrawal function in the form of a token (bundled exchange + deposit/withdrawal transactions) has been disabled."Previously, the co-founder of security company Fuzzland posted on X that Clipper was "hacked due to an API vulnerability (such as private key leakage)," adding that the API might have vulnerabilities that allowed attackers to sign deposit and withdrawal requests, stealing more funds than they deposited.

ChainCatcher news, stablecoin issuer Tether announced on social media that within a few hours, Tether will coordinate with a well-known third-party exchange for an on-chain conversion, converting part of its USDT cold wallets from different blockchains into USDT on the ETH blockchain. During this process, the total supply of USDT will remain unchanged.The specific allocation is as follows (subject to change): 1 billion USDT on the TRC20 chain, 600 million USDT on the AVAX (C) chain, 300 million USDT on the NEAR chain, 75 million USDT on the CELO chain, and 60 million USDT on the EOS chain will all be converted to USDT on the ETH chain.

ChainCatcher message, Neo Smart Economy released a reminder on platform X stating: "A suspicious third-party application has been detected that can access our posting feature on X accounts. Due to a flaw in the X system, we are unable to revoke its permissions. While we have urged the X platform to address this issue, please remain vigilant: do not click on airdrop links or operation requests to send assets. Neo will never ask for money."

ChainCatcher message, Paxos published the USDP July third-party report released by Withum, which disclosed that the token supply of Pax Dollar (USDP) represented by the contract 0x8e870d6...89e1 on the Ethereum network is 114,706,089 tokens. Paxos holds cash and debt instrument assets that are fully backed by the trust and credit of the U.S. government in its U.S. regulated deposit institution accounts, with a fair value at least equal to or greater than 114,706,089 dollars. (The same applies to the Solana network token situation), and the USDP supply does not exceed the balance of redeemable assets and complies with the guidelines set by the New York regulatory agency NYDFS.

ChainCatcher message, Slow Mist founder Cosine posted on social media to alert users of Seif Wallet that a small portion of private keys and passwords have been collected by the built-in third-party analytics platform in the wallet. Fortunately, this was discovered and reported by white hats. It doesn't seem like the third-party analytics platform is malicious; it feels similar to previous cases: mistakenly using Sentry to collect overly sensitive information that shouldn't have been collected.

ChainCatcher news indicates that according to Optimism governance information, OP Labs protocol engineer Mofi has released an upgrade proposal called Granite Network Upgrade. This proposal aims to address security vulnerabilities identified in a series of third-party security audits conducted by Spearbit, Cantina, and Code4 rena. The related vulnerabilities have not been exploited, and user assets have never been at risk. The proposal states that this upgrade will include a series of smart contract upgrades to fix the vulnerabilities found in the audits, as well as an L2 hard fork to enhance the stability and performance of the error prevention system. A permissioned rollback mechanism has been initiated as a precaution to avoid any potential instability during the vulnerability patching process.If the proposal is approved by vote, the Granite Network Upgrade is scheduled to take place on September 10 at 16:00 UTC. This upgrade has been coordinated with Base and Conduit to launch on the internal development network and Sepolia Superchain.

ChainCatcher News, the U.S. Securities and Exchange Commission (SEC) stated in a court filing that the SEC requests to amend its motion regarding "third-party crypto asset securities" in the lawsuit against Binance, and the court currently does not need to rule on whether the allegations regarding these tokens are sufficient.The defendants in the case, Binance Holdings Limited, BAM Trading Services Inc., BAM Management US Holdings Inc., and Binance founder Changpeng Zhao, must submit their responses agreeing or opposing the amendment motion within 30 days. If the defendants do not oppose, the U.S. Securities and Exchange Commission will begin further litigation proceedings.

ChainCatcher news, NEO founder Da Hongfei stated that he has regained control of the X account and apologized for any inconvenience this incident may have caused to the community.Da Hongfei mentioned that he received an email requesting a password reset at 23:30 on July 6, and realized that the X account had been locked 50 minutes later upon seeing the email. The hacker changed his X account password, enabled two-factor authentication (2FA), and then began posting tweets containing scam links. This breach occurred because he had previously connected multiple third-party websites/apps (office and calendar management services) to his email. The hacker somehow exploited these permissions to gain access to the content of his email.