#phishing
phishing
216,115 views
220 Discussing
Hot
Latest
🚨 CRITICAL PHISHING ALERT TARGETING $TRX USERS
SlowMist reports that a counterfeit TronLink Chrome extension loads a remote phishing page via an iframe, capturing seed phrases and private keys in real time. The malware includes anti‑analysis mechanisms to evade detection, raising concerns for retail investors.
SlowMist issued an urgent warning about a malicious Chrome extension masquerading as TronLink. The extension uses Unicode bidirectional control and Cyrillic look‑alike characters to mimic the official branding, then loads a remote iframe to harvest mnemonics, private keys and passwords, exfiltrating them via Telegram Bot. It also employs anti‑analysis features such as right‑click blocking and region‑based redirects. Users are advised to uninstall the suspect extension, monitor for abnormal traffic, and transfer assets to a new wallet if any credentials were entered.
Not financial advice. Manage your risk.
#CryptoSecurity #TRX #Phishing #DeFi #WalletSafety
🔒
SlowMist reports that a counterfeit TronLink Chrome extension loads a remote phishing page via an iframe, capturing seed phrases and private keys in real time. The malware includes anti‑analysis mechanisms to evade detection, raising concerns for retail investors.
SlowMist issued an urgent warning about a malicious Chrome extension masquerading as TronLink. The extension uses Unicode bidirectional control and Cyrillic look‑alike characters to mimic the official branding, then loads a remote iframe to harvest mnemonics, private keys and passwords, exfiltrating them via Telegram Bot. It also employs anti‑analysis features such as right‑click blocking and region‑based redirects. Users are advised to uninstall the suspect extension, monitor for abnormal traffic, and transfer assets to a new wallet if any credentials were entered.
Not financial advice. Manage your risk.
#CryptoSecurity #TRX #Phishing #DeFi #WalletSafety
🔒
PHISHING ALERT: $TRX USERS BEWARE! ⚠️
SlowMist warns of a sophisticated phishing campaign targeting $TRX wallets via a counterfeit TronLink Chrome extension. The malicious add‑on hijacks Unicode characters to mimic the official brand and streams stolen credentials to a Telegram bot in real time.
Hacker’s playbook: fake UI, invisible Unicode tricks, remote iframe theft. No suspicious code, just a silent data grab. Remove the rogue extension now, audit traffic, and migrate assets to a fresh wallet if any seed was entered. Retail users are the prime target – stay sharp, lock down your keys.
Not financial advice. Manage your risk.
#TRX #CryptoSecurity #Phishing #DeFi #BinanceSquare
🚀
SlowMist warns of a sophisticated phishing campaign targeting $TRX wallets via a counterfeit TronLink Chrome extension. The malicious add‑on hijacks Unicode characters to mimic the official brand and streams stolen credentials to a Telegram bot in real time.
Hacker’s playbook: fake UI, invisible Unicode tricks, remote iframe theft. No suspicious code, just a silent data grab. Remove the rogue extension now, audit traffic, and migrate assets to a fresh wallet if any seed was entered. Retail users are the prime target – stay sharp, lock down your keys.
Not financial advice. Manage your risk.
#TRX #CryptoSecurity #Phishing #DeFi #BinanceSquare
🚀
According to security firm Web3 Scam Sniffer, over $127 million in #Criptomonedas was stolen from investors in Q3 2024, with approximately $46 million lost in September to phishing attacks.
In phishing attacks, scammers trick investors into linking their crypto wallets, such as #MetaMask , to fraudulent services. Linking crypto wallets to #phishing websites allows scammers to withdraw#cryptocurrenciesfrom users without further authentication.
In phishing attacks, scammers trick investors into linking their crypto wallets, such as #MetaMask , to fraudulent services. Linking crypto wallets to #phishing websites allows scammers to withdraw#cryptocurrenciesfrom users without further authentication.
🚨 ALERT: ENS founder Nick Johnson warns of an "extremely sophisticated" Google phishing scam targeting users with fake subpoena notices. 🛑
⚠️ The emails pass DKIM checks and appear as legit Gmail security alerts.
📩 Stay sharp — even your inbox isn’t safe.
#Phishing #Crypto #CyberSecurity #ENS #Web3
⚠️ The emails pass DKIM checks and appear as legit Gmail security alerts.
📩 Stay sharp — even your inbox isn’t safe.
#Phishing #Crypto #CyberSecurity #ENS #Web3
#CryptoScamSurge
The crypto community facing scams: how to recognize, prevent, and act.
The rise in cryptocurrency prices has brought with it a concerning increase in increasingly elaborate frauds, threatening the credibility of the crypto environment and opening the door to greater regulatory controls.
How can the crypto ecosystem respond?
🔹 Continuous education: It is vital to share information about frauds such as rug pulls, phishing, misleading giveaways, and emotional scams. Workshops, educational threads, and open resources can make a difference.
🔹 Real transparency: Encourage projects to present clear documentation, verifiable teams, and publicly available audits.
🔹 Joint action: Platforms, wallets, and users must work together by sharing lists of scammers and reporting suspicious activities.
🔹 Analytical tools: Promote the use of services like Token Sniffer or DEXTools to evaluate contracts and tokens before investing.
🔹 Active support for victims: Create spaces where users can report scams and share alerts to prevent others from falling victim.
Main crypto scams in 2025
⚠️ Deepfakes: Manipulated videos or audios where supposed celebrities promote false investments.
⚠️ Pig Butchering: Emotional scams that build false relationships to later steal funds.
⚠️ Rug pulls and pump & dump schemes: Projects that inflate their value and disappear with the money.
⚠️ Phishing and wallet draining: Malicious sites and apps designed to steal keys and crypto assets.
⚠️ Malware on Telegram or direct messages: Disguised applications and bots that install spyware or extract sensitive data.
The best defense remains knowledge and teamwork. Share this information with your community and stay vigilant.
#CriptoEstafasAumen #CriptoSeguridad #BinanceSquare #CriptoEducación #DeFi #phishing #RugPull
The crypto community facing scams: how to recognize, prevent, and act.
The rise in cryptocurrency prices has brought with it a concerning increase in increasingly elaborate frauds, threatening the credibility of the crypto environment and opening the door to greater regulatory controls.
How can the crypto ecosystem respond?
🔹 Continuous education: It is vital to share information about frauds such as rug pulls, phishing, misleading giveaways, and emotional scams. Workshops, educational threads, and open resources can make a difference.
🔹 Real transparency: Encourage projects to present clear documentation, verifiable teams, and publicly available audits.
🔹 Joint action: Platforms, wallets, and users must work together by sharing lists of scammers and reporting suspicious activities.
🔹 Analytical tools: Promote the use of services like Token Sniffer or DEXTools to evaluate contracts and tokens before investing.
🔹 Active support for victims: Create spaces where users can report scams and share alerts to prevent others from falling victim.
Main crypto scams in 2025
⚠️ Deepfakes: Manipulated videos or audios where supposed celebrities promote false investments.
⚠️ Pig Butchering: Emotional scams that build false relationships to later steal funds.
⚠️ Rug pulls and pump & dump schemes: Projects that inflate their value and disappear with the money.
⚠️ Phishing and wallet draining: Malicious sites and apps designed to steal keys and crypto assets.
⚠️ Malware on Telegram or direct messages: Disguised applications and bots that install spyware or extract sensitive data.
The best defense remains knowledge and teamwork. Share this information with your community and stay vigilant.
#CriptoEstafasAumen #CriptoSeguridad #BinanceSquare #CriptoEducación #DeFi #phishing #RugPull
Stay #SAFU on X and other socials.
@JasonYanowitz on X narrates his #hack odeal.
I got hacked yesterday. At the risk of looking foolish, I'll share how it happened so you can avoid this nightmare. For the past few weeks, people have been trying to get into my accounts. #Crypto accounts, email, twitter, etc... every few days I get an email that someone is trying to access one of my accounts. Thankfully I have non-text #2FA set up for everything so nothing got hacked. So when I got back from dinner last night and saw this email, I panicked.
Someone in North Cyprus had finally managed to hack into my account. I guess my security wasn't strong enough and they found a loophole.
I clicked the link to "secure my account". I entered my username and password, updated to a new password, and voila: I'm back in. Crisis averted. Or so I thought. Moments later, I got an email saying my email address had been changed.
This was the real hack.
I was now officially locked out of my account. So how did this happen? It turns out the original email, which looks incredibly real, was not so real. Most email clients hide the actual address.
But when you expand it, you can see that this email was sent from "verify@x-notify.com" Fake address. I got phished. Very foolish mistake. I don't open Google Docs when they're sent to me. I don't click links. I typically check addresses. But Friday 8pm after a long week, they got me. I am aware this thread exposes a pretty dumb mistake but if I can save one person from this same mistake, it's worth it.
Some takeaways:
- Don't click links
- If you do click a link, review the actual email address
- Set up non-text 2FA on everything
- If you've done that, trust your own security process
- If you think you've been hacked, slow down and think about how this could have happened
Big thank you to @KeithGrossman and some folks at X for helping me get my account back so quickly.
If you're still reading, go read the self-audit series from @samczsun.
And this best practices from @bobbyong.
Lot more you can do but start there. #phishing
@JasonYanowitz on X narrates his #hack odeal.
I got hacked yesterday. At the risk of looking foolish, I'll share how it happened so you can avoid this nightmare. For the past few weeks, people have been trying to get into my accounts. #Crypto accounts, email, twitter, etc... every few days I get an email that someone is trying to access one of my accounts. Thankfully I have non-text #2FA set up for everything so nothing got hacked. So when I got back from dinner last night and saw this email, I panicked.
Someone in North Cyprus had finally managed to hack into my account. I guess my security wasn't strong enough and they found a loophole.
I clicked the link to "secure my account". I entered my username and password, updated to a new password, and voila: I'm back in. Crisis averted. Or so I thought. Moments later, I got an email saying my email address had been changed.
This was the real hack.
I was now officially locked out of my account. So how did this happen? It turns out the original email, which looks incredibly real, was not so real. Most email clients hide the actual address.
But when you expand it, you can see that this email was sent from "verify@x-notify.com" Fake address. I got phished. Very foolish mistake. I don't open Google Docs when they're sent to me. I don't click links. I typically check addresses. But Friday 8pm after a long week, they got me. I am aware this thread exposes a pretty dumb mistake but if I can save one person from this same mistake, it's worth it.
Some takeaways:
- Don't click links
- If you do click a link, review the actual email address
- Set up non-text 2FA on everything
- If you've done that, trust your own security process
- If you think you've been hacked, slow down and think about how this could have happened
Big thank you to @KeithGrossman and some folks at X for helping me get my account back so quickly.
If you're still reading, go read the self-audit series from @samczsun.
And this best practices from @bobbyong.
Lot more you can do but start there. #phishing
🚨 SCAM ALERT: New Fake Customer Support Scams Target Binance Users 🚨
⚠️ Scammers are leveraging face-videos and QR codes to
impersonate official support.
🚫 Stay vigilant and never scan suspicious codes or share personal data with unverified accounts.
#CryptoScam #Phishing #BinanceSecurity #Write2Earn #BinanceSquare
⚠️ Scammers are leveraging face-videos and QR codes to
impersonate official support.
🚫 Stay vigilant and never scan suspicious codes or share personal data with unverified accounts.
#CryptoScam #Phishing #BinanceSecurity #Write2Earn #BinanceSquare
🚨 Beware of Phishing!
🎣 Criminals try to imitate official websites and apps to steal your data.
✅ Always check the website address.
✅ Enable two-factor authentication (2FA).
❌ Never click on suspicious links received via email, SMS, or social media.
🔒 Security is a priority: protect your access and your cryptocurrencies.
📌 Golden rule: if it seems strange, it's a scam.
#CriptoSeguro #Phishing #SegurançaDigital #ProtejaSeusAtivos #BitcoinBrasil
🎣 Criminals try to imitate official websites and apps to steal your data.
✅ Always check the website address.
✅ Enable two-factor authentication (2FA).
❌ Never click on suspicious links received via email, SMS, or social media.
🔒 Security is a priority: protect your access and your cryptocurrencies.
📌 Golden rule: if it seems strange, it's a scam.
#CriptoSeguro #Phishing #SegurançaDigital #ProtejaSeusAtivos #BitcoinBrasil
🔐 Do you have crypto? Then you need to protect it.
The market does not forgive those who are distracted. Here are the 3 basics to know:
1️⃣ Use a secure wallet
Start with a non-custodial (e.g., Metamask, Trust Wallet)
If you invest significant amounts, consider a hardware wallet
2️⃣ Never share the seed phrase
Not even with friends, not even as a joke
Write it down offline. Better on paper, in multiple copies
3️⃣ Watch out for phishing
Don't click on strange links
Always check that the site is the real one
🧠 Crypto is freedom, but it requires responsibility.
🔁 Follow me to learn how to manage it without getting scammed.
$BTC
#CryptoSicurezza #SeedPhras #Phishing #CryptoMindset
The market does not forgive those who are distracted. Here are the 3 basics to know:
1️⃣ Use a secure wallet
Start with a non-custodial (e.g., Metamask, Trust Wallet)
If you invest significant amounts, consider a hardware wallet
2️⃣ Never share the seed phrase
Not even with friends, not even as a joke
Write it down offline. Better on paper, in multiple copies
3️⃣ Watch out for phishing
Don't click on strange links
Always check that the site is the real one
🧠 Crypto is freedom, but it requires responsibility.
🔁 Follow me to learn how to manage it without getting scammed.
$BTC
#CryptoSicurezza #SeedPhras #Phishing #CryptoMindset
🚨 WLFI Blacklists 272 Wallets Amid Rising Phishing Threats
World Liberty Financial Inc. (WLFI) has announced the blacklisting of 272 crypto wallets in response to a surge of phishing attacks and wallet compromises.
🔐 WLFI emphasized this move is protective, not punitive—aimed at shielding users from malicious activity, not restricting legitimate trading.
📊 Breakdown of actions:
215 wallets linked to phishing attacks
50 wallets blacklisted at user requests after compromise
5 wallets flagged for high-risk exposure
1 wallet under investigation for misappropriating funds
✅ WLFI assured affected users it is working directly with rightful owners to secure and relocate assets, while maintaining transparency by sharing investigation outcomes publicly.
⚡ Key takeaway: User safety remains the top priority as WLFI strengthens protections against evolving threats in the crypto space.
---
#CryptoSecurity #Phishing #BlockchainSafety #WLF I #CryptoNews
World Liberty Financial Inc. (WLFI) has announced the blacklisting of 272 crypto wallets in response to a surge of phishing attacks and wallet compromises.
🔐 WLFI emphasized this move is protective, not punitive—aimed at shielding users from malicious activity, not restricting legitimate trading.
📊 Breakdown of actions:
215 wallets linked to phishing attacks
50 wallets blacklisted at user requests after compromise
5 wallets flagged for high-risk exposure
1 wallet under investigation for misappropriating funds
✅ WLFI assured affected users it is working directly with rightful owners to secure and relocate assets, while maintaining transparency by sharing investigation outcomes publicly.
⚡ Key takeaway: User safety remains the top priority as WLFI strengthens protections against evolving threats in the crypto space.
---
#CryptoSecurity #Phishing #BlockchainSafety #WLF I #CryptoNews
Serenity : 🧠 You Are the Final Firewall
A major cyberattack has just compromised over 184 million user credentials, affecting global tech giants including Google, Apple, and Microsoft. The hackers exploited multiple systems and leaked login #data across the dark web — exposing the alarming fragility of password based #security models.
🔐 The attackers broke through every wall – but sAxess ensures there’s one they can’t cross:
Your fingerprint.
✅ No more passwords to steal
✅ No #phishing traps to fall into
✅ No central databases to breach
✅ Your identity, secured by biometrics + blockchain
#Serenity #sAxess isn’t just a wallet. It’s a personal firewall. A biometric, self-custodial solution that removes traditional vulnerabilities and gives you total control over your digital access.
With sAxess, you become the key.
And hackers can’t steal what they can’t replicate.
A major cyberattack has just compromised over 184 million user credentials, affecting global tech giants including Google, Apple, and Microsoft. The hackers exploited multiple systems and leaked login #data across the dark web — exposing the alarming fragility of password based #security models.
🔐 The attackers broke through every wall – but sAxess ensures there’s one they can’t cross:
Your fingerprint.
✅ No more passwords to steal
✅ No #phishing traps to fall into
✅ No central databases to breach
✅ Your identity, secured by biometrics + blockchain
#Serenity #sAxess isn’t just a wallet. It’s a personal firewall. A biometric, self-custodial solution that removes traditional vulnerabilities and gives you total control over your digital access.
With sAxess, you become the key.
And hackers can’t steal what they can’t replicate.
Twenty malicious #npm packages impersonating the #Hardhat #Ethereum✅ development environment have targeted private keys and sensitive data. These packages, downloaded over 1,000 times, were uploaded by three accounts using #typosquatting techniques to trick developers. Once installed, the packages steal private keys, mnemonics, and configuration files, encrypt them with a hardcoded AES key, and send them to attackers. This exposes developers to risks like unauthorized transactions, compromised production systems, #phishing , and malicious dApps.
Mitigation tips: Developers should verify package authenticity, avoid typosquatting, inspect source code, store private keys securely, and minimize dependency usage. Using lock files and defining specific versions can also reduce risks.
$ETH
Mitigation tips: Developers should verify package authenticity, avoid typosquatting, inspect source code, store private keys securely, and minimize dependency usage. Using lock files and defining specific versions can also reduce risks.
$ETH
Enhancing Digital Security: A Shared Responsibility.
In today's digital landscape, the importance of robust security measures cannot be overstated. A recent reminder to the community highlighted a crucial principle: security is a shared responsibility. While platforms and service providers dedicate significant resources to safeguarding assets through initiatives like SAFU funds and advanced monitoring systems, the end-user's vigilance remains a critical line of defense.
The call to action emphasizes simple yet highly effective practices: enabling Two-Factor Authentication (2FA) and maintaining a sharp awareness of phishing attempts. 2FA adds an essential layer of security by requiring a second form of verification in addition to a password, significantly reducing the risk of unauthorized access. Simultaneously, staying alert to phishing — fraudulent attempts to obtain sensitive information by disguising as a trustworthy entity — is paramount. Phishing scams are constantly evolving, making continuous vigilance necessary for all users.
Ultimately, the safety of digital assets hinges on a collaborative effort. Platforms provide the infrastructure and protection, but users must actively participate in securing their own accounts. This partnership ensures that collective digital security remains strong against evolving threats.
#Cybersecurity #2FA #Phishing #SAFU #DigitalSafety
@SALIM MAYO
In today's digital landscape, the importance of robust security measures cannot be overstated. A recent reminder to the community highlighted a crucial principle: security is a shared responsibility. While platforms and service providers dedicate significant resources to safeguarding assets through initiatives like SAFU funds and advanced monitoring systems, the end-user's vigilance remains a critical line of defense.
The call to action emphasizes simple yet highly effective practices: enabling Two-Factor Authentication (2FA) and maintaining a sharp awareness of phishing attempts. 2FA adds an essential layer of security by requiring a second form of verification in addition to a password, significantly reducing the risk of unauthorized access. Simultaneously, staying alert to phishing — fraudulent attempts to obtain sensitive information by disguising as a trustworthy entity — is paramount. Phishing scams are constantly evolving, making continuous vigilance necessary for all users.
Ultimately, the safety of digital assets hinges on a collaborative effort. Platforms provide the infrastructure and protection, but users must actively participate in securing their own accounts. This partnership ensures that collective digital security remains strong against evolving threats.
#Cybersecurity #2FA #Phishing #SAFU #DigitalSafety
@SALIM MAYO
#ScrollCoFounderXAccountHacked 🚨 SECURITY ALERT: Scroll co-founder has had their account hacked!
.
The hashtag #ScrollCoFounderXAccountHacked is dominating the trends and serves as a brutal reminder: in the crypto world, no one is 100% immune. On January 25, 2026, Kenneth Shen's official account was targeted in a sophisticated phishing attack.
.
🛡️ What happened?
.
Hackers took control of the profile to spread malicious links, attempting to drain unsuspecting users' wallets through false promises of airdrops or urgent support alerts.
.
💡 How to protect yourself now:
.
Beware of Urgency: If a founder posts a link "click now or lose your account", stop and breathe. It’s the favorite trigger of scammers.
.
Verify Sources: Before interacting, check the project's official channels (Discord, Telegram, Official Site).
.
Review Permissions: Never connect your main wallet to unknown sites. Use a "burner wallet" for suspicious interactions.
.
Hardware 2FA: Use physical keys (like Yubikey) whenever possible, they are much more secure than SMS or authentication apps.
.
✅ The Scroll ecosystem remains strong, but individual security depends on our constant attention. Stay alert!
.
🤔 What do you think of this breach? Do you think social networks need extra layers of security for public crypto figures? 👇
.
#Scroll #SecurityAlert #Phishing
.
The hashtag #ScrollCoFounderXAccountHacked is dominating the trends and serves as a brutal reminder: in the crypto world, no one is 100% immune. On January 25, 2026, Kenneth Shen's official account was targeted in a sophisticated phishing attack.
.
🛡️ What happened?
.
Hackers took control of the profile to spread malicious links, attempting to drain unsuspecting users' wallets through false promises of airdrops or urgent support alerts.
.
💡 How to protect yourself now:
.
Beware of Urgency: If a founder posts a link "click now or lose your account", stop and breathe. It’s the favorite trigger of scammers.
.
Verify Sources: Before interacting, check the project's official channels (Discord, Telegram, Official Site).
.
Review Permissions: Never connect your main wallet to unknown sites. Use a "burner wallet" for suspicious interactions.
.
Hardware 2FA: Use physical keys (like Yubikey) whenever possible, they are much more secure than SMS or authentication apps.
.
✅ The Scroll ecosystem remains strong, but individual security depends on our constant attention. Stay alert!
.
🤔 What do you think of this breach? Do you think social networks need extra layers of security for public crypto figures? 👇
.
#Scroll #SecurityAlert #Phishing
A whale (or possible institution) that suffered a phishing attack involving US$ 50 million in USDT attempted direct contact with the responsible party through an on-chain message.
According to ChainCatcher, the victim even offered US$ 1 million as a reward for the return of the funds. So far, there has been no response from the scammer.
The chance of recovery is considered low, as the amounts were converted to ETH and passed through Tornado Cash, making tracking and reversing the transaction difficult.
#USDT #defi #phishing #whalealerts #blockchain $ETH $USDT
According to ChainCatcher, the victim even offered US$ 1 million as a reward for the return of the funds. So far, there has been no response from the scammer.
The chance of recovery is considered low, as the amounts were converted to ETH and passed through Tornado Cash, making tracking and reversing the transaction difficult.
#USDT #defi #phishing #whalealerts #blockchain $ETH $USDT
🚨#CyberSecurityAlert: There are now over 2,650 fake DeepSeek phishing sites, with a significant spike since Jan 26.
These sites trick users into revealing login credentials or buying virtual assets through misleading domains and interfaces.
Stay vigilant and double-check URLs! 🛑 #phishing #DeepSeek #CryptoScams
These sites trick users into revealing login credentials or buying virtual assets through misleading domains and interfaces.
Stay vigilant and double-check URLs! 🛑 #phishing #DeepSeek #CryptoScams
Login to explore more contents