hack
924,741 views
460 Discussing
ရေပန်းစားသော
နောက်ဆုံး
🚨 ALERT: North Korean Hackers Stole Record $2B in Crypto in 2025
💥 Just In: According to a new report from Chain analysis , North Korean state-backed hackers stole a record-breaking $2 billion worth of cryptocurrency in 2025.
🔐 Why This Matters to Every Trader & Holder:
· This marks a massive increase in scale and sophistication of attacks
· Highlights the urgent need for strong security (2FA, cold storage, smart contract audits)
· Could prompt tighter global regulations and exchange security measures
· Reminder that crypto’s growth attracts not just investors — but predators
⚠️ Stay Safe — Protect Your Assets:
✅Use hardware wallets for large holdings
✅ Enable multi-factor authentication (MFA) everywhere
✅ Avoid clicking suspicious links or approving unknown contracts
✅ Keep software & wallets updated
🌐 The Bigger Picture:
While thefts are alarming,they also push the industry toward better security infrastructure, insurance solutions, and regulatory clarity. Security is not optional — it's essential.
🛡️ Final Thought:
Crypto is aboutself-sovereignty — and with that comes responsibility. Stay informed, stay secure, and stay vigilant.
#CryptoNews #CyberSecurity #NorthKorea #Hack #Blockchain
$AKE
$AERGO
$RIVER
💥 Just In: According to a new report from Chain analysis , North Korean state-backed hackers stole a record-breaking $2 billion worth of cryptocurrency in 2025.
🔐 Why This Matters to Every Trader & Holder:
· This marks a massive increase in scale and sophistication of attacks
· Highlights the urgent need for strong security (2FA, cold storage, smart contract audits)
· Could prompt tighter global regulations and exchange security measures
· Reminder that crypto’s growth attracts not just investors — but predators
⚠️ Stay Safe — Protect Your Assets:
✅Use hardware wallets for large holdings
✅ Enable multi-factor authentication (MFA) everywhere
✅ Avoid clicking suspicious links or approving unknown contracts
✅ Keep software & wallets updated
🌐 The Bigger Picture:
While thefts are alarming,they also push the industry toward better security infrastructure, insurance solutions, and regulatory clarity. Security is not optional — it's essential.
🛡️ Final Thought:
Crypto is aboutself-sovereignty — and with that comes responsibility. Stay informed, stay secure, and stay vigilant.
#CryptoNews #CyberSecurity #NorthKorea #Hack #Blockchain
$AKE
$AERGO
$RIVER
⚠️Yearn Finance lại bị hack
Theo PeckShield, phiên bản V1 của giao thức DeFi Yearn Finance đã bị tấn công, gây ra thiệt hại khoảng 300.000 USD. Kẻ tấn công sau đó đã chuyển đổi toàn bộ số tiền bị đánh cắp thành 103 ETH và rút khỏi giao thức.
Đáng chú ý, đây không phải sự cố lần đầu. Chỉ vài tuần trước, Yearn.finance cũng từng hứng chịu một vụ tấn công khác gây thiệt hại lên tới 9 triệu USD, làm gia tăng lo ngại về mức độ an toàn của phiên bản V1 cũng như rủi ro bảo mật vẫn hiện hữu ngay cả với các giao thức DeFi lâu năm.
#Hack #defi
Theo PeckShield, phiên bản V1 của giao thức DeFi Yearn Finance đã bị tấn công, gây ra thiệt hại khoảng 300.000 USD. Kẻ tấn công sau đó đã chuyển đổi toàn bộ số tiền bị đánh cắp thành 103 ETH và rút khỏi giao thức.
Đáng chú ý, đây không phải sự cố lần đầu. Chỉ vài tuần trước, Yearn.finance cũng từng hứng chịu một vụ tấn công khác gây thiệt hại lên tới 9 triệu USD, làm gia tăng lo ngại về mức độ an toàn của phiên bản V1 cũng như rủi ro bảo mật vẫn hiện hữu ngay cả với các giao thức DeFi lâu năm.
#Hack #defi
Quá nhiều chiêu trò, tự chặn chính acc đào lửa —-> kích thích tính tò mò. Ấn vào link —-> bay acc
ACE chú ý nhé!
#Hack
ACE chú ý nhé!
#Hack
كيف فعليًا بيسرق الهاكرز محافظ الناس… وكيف تحمي نفسك؟ 👇🔥
عالم الكريبتو مليان فخاخ… خطوة غلط ممكن تمسح محفظتك للأبد.
دي أخطر الطرق اللي بيستخدموها الهاكرز — واللي لازم توقف عندها:
🔹 1) الـ Phishing — أخطر باب للسرقة
مواقع شبه الأصل، نفس الشكل، نفس اللوجو…
تسجّل دخول؟ Private Key راحت.
✔️ دايمًا راجع الرابط قبل ما توصل محفظتك.
🔹 2) Malware تتجسس عليك
تنزّل برنامج مكسور؟ ملف مجهول؟
الهكر يسجّل كل زرار بتكتبه.
✔️ استخدم جهاز نظيف وبرامج أصلية.
🔹 3) مصيدة الـ Approve
تعمل Airdrop أو Mint؟
توافق على عقد خبيث؟
الهكر ياخد Access كامل يسحب كل شيء.
✔️ شيّك صلاحياتك بـ Revoke.cash باستمرار.
🔹 4) SIM Swap — خطف رقمك
الهكر يسيطر على رقمك → يدخل حساباتك → يتجاوز SMS 2FA.
✔️ استخدم Authenticator مش رسائل SMS.
🔹 5) المحفظة الباردة… خط الدفاع الأخير
Ledger / Trezor
المفتاح الخاص ما يخرجش من الجهاز = مستحيل يتهكر عن بعد.
---
الخلاصة:
الهاكر مش دايمًا يهاجم البلوكتشين… أوقات كثيرة يهاجم عقلك ويستغلك.
أقوى حماية؟
وعي + محفظة باردة + رفض أي رابط مش موثوق.
❓ إنت شخصيًا… إيه أكتر فخ شفته منتشر هالفترة؟
#scam #Hack #protection #WalletProtection
عالم الكريبتو مليان فخاخ… خطوة غلط ممكن تمسح محفظتك للأبد.
دي أخطر الطرق اللي بيستخدموها الهاكرز — واللي لازم توقف عندها:
🔹 1) الـ Phishing — أخطر باب للسرقة
مواقع شبه الأصل، نفس الشكل، نفس اللوجو…
تسجّل دخول؟ Private Key راحت.
✔️ دايمًا راجع الرابط قبل ما توصل محفظتك.
🔹 2) Malware تتجسس عليك
تنزّل برنامج مكسور؟ ملف مجهول؟
الهكر يسجّل كل زرار بتكتبه.
✔️ استخدم جهاز نظيف وبرامج أصلية.
🔹 3) مصيدة الـ Approve
تعمل Airdrop أو Mint؟
توافق على عقد خبيث؟
الهكر ياخد Access كامل يسحب كل شيء.
✔️ شيّك صلاحياتك بـ Revoke.cash باستمرار.
🔹 4) SIM Swap — خطف رقمك
الهكر يسيطر على رقمك → يدخل حساباتك → يتجاوز SMS 2FA.
✔️ استخدم Authenticator مش رسائل SMS.
🔹 5) المحفظة الباردة… خط الدفاع الأخير
Ledger / Trezor
المفتاح الخاص ما يخرجش من الجهاز = مستحيل يتهكر عن بعد.
---
الخلاصة:
الهاكر مش دايمًا يهاجم البلوكتشين… أوقات كثيرة يهاجم عقلك ويستغلك.
أقوى حماية؟
وعي + محفظة باردة + رفض أي رابط مش موثوق.
❓ إنت شخصيًا… إيه أكتر فخ شفته منتشر هالفترة؟
#scam #Hack #protection #WalletProtection
أمير المعلومات:
رابط الموقع لما يفتح اسم المنصة Usdt
Hallo..sobat.
Menurut salah satu akun X bahwa insiden yang sedang menimpa $PIGGY adalah kesengajaan dan dilakukan dengan sangat teratur dan terkoordinasi dengan baik.
ini faktanya bukanlah #Hack tapi dilakukan dengan sengaja oleh pihak tertentu. dan ini juga merupakan permainan dalam masa depan yang akan terjadi pada #TOKENLAIN "just waiting and see our money is gone by them"
Menurut salah satu akun X bahwa insiden yang sedang menimpa $PIGGY adalah kesengajaan dan dilakukan dengan sangat teratur dan terkoordinasi dengan baik.
ini faktanya bukanlah #Hack tapi dilakukan dengan sengaja oleh pihak tertentu. dan ini juga merupakan permainan dalam masa depan yang akan terjadi pada #TOKENLAIN "just waiting and see our money is gone by them"
🔥 Scammers on the Rise: How the Meme Coin Boom on Solana Unlocked New Ways to Steal Millions 💸
🌐 The Crypto Market in Shock!
In 2024, total Web3 losses exceeded $2.9 billion. From DeFi to metaverses, no sector was spared. 🚨 The main vulnerability? Access control issues, responsible for 78% of all attacks.
💎 DeFi: Fewer losses, but major hacks persist
Losses decreased by 40%, but still reached $474 million. The biggest incident was the hack of Radiant Capital, costing $55 million.
🏦 CeFi in Trouble: Losses Double!
CeFi losses skyrocketed to $694 million. Notable attacks include a key leak at DMM Exchange ($305 million) and a multisignature vulnerability at WazirX ($230 million).
🎮 Games and Metaverses Lose Hundreds of Millions
The gaming sector reported $389 million in losses, accounting for 18% of all attacks. 🎲
🚩 Rug Pulls Shift to Solana
Scammers moved from BNB Chain to Solana, driven by the growing popularity of meme coins. 📈
🎯 Presales Turn into Traps: $122.5 Million Stolen in One Month!
In April 2024, scammers executed 27 fraud schemes using presales. 💰 They also exploited the names of celebrities and influencers to deceive investors.
👨💻 Phishing and North Korean Hackers
Phishing attacks led to $600 million in stolen funds, while North Korean hackers siphoned off $1.34 billion.
⚠️ Stay Alert!
Crypto scams are becoming increasingly sophisticated. 🛡️ Behind every meme coin, a trap could be waiting!
#Hack #scamriskwarning #solana
In 2024, total Web3 losses exceeded $2.9 billion. From DeFi to metaverses, no sector was spared. 🚨 The main vulnerability? Access control issues, responsible for 78% of all attacks.
💎 DeFi: Fewer losses, but major hacks persist
Losses decreased by 40%, but still reached $474 million. The biggest incident was the hack of Radiant Capital, costing $55 million.
🏦 CeFi in Trouble: Losses Double!
CeFi losses skyrocketed to $694 million. Notable attacks include a key leak at DMM Exchange ($305 million) and a multisignature vulnerability at WazirX ($230 million).
🎮 Games and Metaverses Lose Hundreds of Millions
The gaming sector reported $389 million in losses, accounting for 18% of all attacks. 🎲
🚩 Rug Pulls Shift to Solana
Scammers moved from BNB Chain to Solana, driven by the growing popularity of meme coins. 📈
🎯 Presales Turn into Traps: $122.5 Million Stolen in One Month!
In April 2024, scammers executed 27 fraud schemes using presales. 💰 They also exploited the names of celebrities and influencers to deceive investors.
👨💻 Phishing and North Korean Hackers
Phishing attacks led to $600 million in stolen funds, while North Korean hackers siphoned off $1.34 billion.
⚠️ Stay Alert!
Crypto scams are becoming increasingly sophisticated. 🛡️ Behind every meme coin, a trap could be waiting!
#Hack #scamriskwarning #solana
🍔 Hackeo de Memecoin de McDonald's: ladrones ciberneticos roban alrededor de $700,000 en Solana
En un giro inesperado, el 21 de agosto, estafadores hackearon la cuenta oficial de Instagram de McDonald's, utilizando la plataforma del gigante de la comida rápida para vender una memecoin falsa basada en la mascota Grimace. Los hackers lograron recaudar más de $700,000 en Solana antes de que se descubriera la estafa.
💀 La estafa del Memecoin de Grimace 👾
Aprovechando la página de Instagram de McDonald's, con 5.1 millones de seguidores, los hackers promocionaron el token falso de Grimace como un "experimento de McDonald's en Solana". Esta táctica rápidamente captó la atención de la comunidad criptográfica, haciendo que la capitalización de mercado del token pasara de unos pocos miles de dólares a $25 millones en solo 30 minutos.
📊 Pump & Dump
Los malandros ya habían asegurado el 75% del suministro de tokens Grimace usando el implementador de memecoin Solana pump.fun. Luego distribuyeron estos tokens en 100 billeteras diferentes. A medida que el valor del token aumentaba, los hackers comenzaron a vender sus tenencias, lo que provocó que el precio del token cayera a $650,000 en solo 40 minutos.
💸 El desembolso
En total, los choros se llevaron alrededor de $700,000 en Solana de este esquema de pump and dump. Incluso editaron la biografía de Instagram de McDonald's para presumir de su éxito, escribiendo: "Lo siento, India_X_Kr3w acaba de engañarte, gracias por los $700,000 en Solana".
⚠️ Consecuencias
Las publicaciones y la biografía finalmente fueron restauradas, y McDonald's emitió una declaración reconociendo el ataque como un "incidente aislado". Este incidente es un recordatorio de los peligros en el mundo de las criptomonedas, donde incluso marcas conocidas pueden ser utilizadas para facilitar estafas.
#scam #hack #Solana $SOL #RiskManagement
En un giro inesperado, el 21 de agosto, estafadores hackearon la cuenta oficial de Instagram de McDonald's, utilizando la plataforma del gigante de la comida rápida para vender una memecoin falsa basada en la mascota Grimace. Los hackers lograron recaudar más de $700,000 en Solana antes de que se descubriera la estafa.
💀 La estafa del Memecoin de Grimace 👾
Aprovechando la página de Instagram de McDonald's, con 5.1 millones de seguidores, los hackers promocionaron el token falso de Grimace como un "experimento de McDonald's en Solana". Esta táctica rápidamente captó la atención de la comunidad criptográfica, haciendo que la capitalización de mercado del token pasara de unos pocos miles de dólares a $25 millones en solo 30 minutos.
📊 Pump & Dump
Los malandros ya habían asegurado el 75% del suministro de tokens Grimace usando el implementador de memecoin Solana pump.fun. Luego distribuyeron estos tokens en 100 billeteras diferentes. A medida que el valor del token aumentaba, los hackers comenzaron a vender sus tenencias, lo que provocó que el precio del token cayera a $650,000 en solo 40 minutos.
💸 El desembolso
En total, los choros se llevaron alrededor de $700,000 en Solana de este esquema de pump and dump. Incluso editaron la biografía de Instagram de McDonald's para presumir de su éxito, escribiendo: "Lo siento, India_X_Kr3w acaba de engañarte, gracias por los $700,000 en Solana".
⚠️ Consecuencias
Las publicaciones y la biografía finalmente fueron restauradas, y McDonald's emitió una declaración reconociendo el ataque como un "incidente aislado". Este incidente es un recordatorio de los peligros en el mundo de las criptomonedas, donde incluso marcas conocidas pueden ser utilizadas para facilitar estafas.
#scam #hack #Solana $SOL #RiskManagement
North Korean Hackers Target Crypto with Nim-Based Malware Disguised as Zoom Updates
🔹 Fake Zoom meeting invites and update links deceive Web3 teams
🔹 New NimDoor malware infiltrates macOS with advanced evasion techniques
🔹 Attackers steal browser data, passwords, and Telegram chats
Web3 and Crypto Companies Under Siege by NimDoor Malware
Security experts at SentinelLabs have uncovered a sophisticated malware campaign targeting Web3 startups and cryptocurrency firms. The attacks, linked to North Korean groups, use a combination of social engineering and technical stealth to deploy NimDoor malware, written in the rarely used Nim programming language to bypass antivirus detection.
The Setup: Fake Zoom Meetings Through Telegram
Hackers initiate contact via Telegram, posing as known contacts. They invite victims to schedule meetings via Calendly, then send them links to what appear to be Zoom software updates. These links lead to fake domains like support.us05web-zoom.cloud, mimicking Zoom's legitimate URLs and hosting malicious installation files.
These files contain thousands of lines of whitespace, making them appear "legitimately large." Hidden within are only three crucial lines of code, which download and execute the real attack payload.
NimDoor Malware: Spyware Specifically Targeting macOS
Once executed, the NimDoor malware operates in two main phases:
🔹 Data extraction – stealing saved passwords, browsing histories, and login credentials from popular browsers like Chrome, Firefox, Brave, Edge, and Arc.
🔹 System persistence – maintaining long-term access through stealth background processes and disguised system files.
A key component specifically targets Telegram, stealing encrypted chat databases and decryption keys, giving attackers access to private conversations offline.
Built to Survive: Evasion and Reinstallation Techniques
NimDoor employs a range of advanced persistence mechanisms:
🔹 Automatically reinstalls itself if users try to terminate or delete it
🔹 Creates hidden files and folders that look like legitimate macOS system components
🔹 Connects to the attacker’s server every 30 seconds for instructions, disguised as normal internet traffic
🔹 Delays execution for 10 minutes to avoid early detection by security software
Difficult to Remove Without Professional Tools
Because of these techniques, NimDoor is extremely hard to remove with standard tools. Specialized security software or professional intervention is often required to clean infected systems completely.
Conclusion: Modern Cyberattacks Now Look Like Calendar Invites
Attacks like NimDoor prove how cleverly North Korean groups mimic daily workflows to penetrate even cautious targets. Fake Zoom links and innocent-looking updates can lead to full system compromise.
Users should never download updates from unofficial sources, always verify domain names, and stay vigilant against unexpected software prompts or invitations.
#CyberSecurity , #NorthKoreaHackers , #Web3Security , #CryptoNews , #Hack
Stay one step ahead – follow our profile and stay informed about everything important in the world of cryptocurrencies!
Notice:
,,The information and views presented in this article are intended solely for educational purposes and should not be taken as investment advice in any situation. The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.“
🔹 New NimDoor malware infiltrates macOS with advanced evasion techniques
🔹 Attackers steal browser data, passwords, and Telegram chats
Web3 and Crypto Companies Under Siege by NimDoor Malware
Security experts at SentinelLabs have uncovered a sophisticated malware campaign targeting Web3 startups and cryptocurrency firms. The attacks, linked to North Korean groups, use a combination of social engineering and technical stealth to deploy NimDoor malware, written in the rarely used Nim programming language to bypass antivirus detection.
The Setup: Fake Zoom Meetings Through Telegram
Hackers initiate contact via Telegram, posing as known contacts. They invite victims to schedule meetings via Calendly, then send them links to what appear to be Zoom software updates. These links lead to fake domains like support.us05web-zoom.cloud, mimicking Zoom's legitimate URLs and hosting malicious installation files.
These files contain thousands of lines of whitespace, making them appear "legitimately large." Hidden within are only three crucial lines of code, which download and execute the real attack payload.
NimDoor Malware: Spyware Specifically Targeting macOS
Once executed, the NimDoor malware operates in two main phases:
🔹 Data extraction – stealing saved passwords, browsing histories, and login credentials from popular browsers like Chrome, Firefox, Brave, Edge, and Arc.
🔹 System persistence – maintaining long-term access through stealth background processes and disguised system files.
A key component specifically targets Telegram, stealing encrypted chat databases and decryption keys, giving attackers access to private conversations offline.
Built to Survive: Evasion and Reinstallation Techniques
NimDoor employs a range of advanced persistence mechanisms:
🔹 Automatically reinstalls itself if users try to terminate or delete it
🔹 Creates hidden files and folders that look like legitimate macOS system components
🔹 Connects to the attacker’s server every 30 seconds for instructions, disguised as normal internet traffic
🔹 Delays execution for 10 minutes to avoid early detection by security software
Difficult to Remove Without Professional Tools
Because of these techniques, NimDoor is extremely hard to remove with standard tools. Specialized security software or professional intervention is often required to clean infected systems completely.
Conclusion: Modern Cyberattacks Now Look Like Calendar Invites
Attacks like NimDoor prove how cleverly North Korean groups mimic daily workflows to penetrate even cautious targets. Fake Zoom links and innocent-looking updates can lead to full system compromise.
Users should never download updates from unofficial sources, always verify domain names, and stay vigilant against unexpected software prompts or invitations.
#CyberSecurity , #NorthKoreaHackers , #Web3Security , #CryptoNews , #Hack
Stay one step ahead – follow our profile and stay informed about everything important in the world of cryptocurrencies!
Notice:
,,The information and views presented in this article are intended solely for educational purposes and should not be taken as investment advice in any situation. The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.“
Breaking News: Orbit Chain Hackers Unveil $81.4 Million Exploit to Ring in the New Year
The cross-chain bridge of Orbit Chain was compromised by an exploit, which led to the loss of Tether, DAI, USDC, wBTC, and ETH with a combined value of around $81.4 million.
The vulnerability was exploited by the exploiter, who then transferred funds to a new wallet.
A weakness in the bridge or a hack in the centralized server was discovered as the primary reason by the blockchain security company SlowMist which was responsible for the investigation.
It has been revealed that a hack occurred on Orbit Bridge, which is a protocol for interchain communication that is utilized for asset conversion. A total of around $81.4 million worth of cryptocurrency were stolen from the system.
The Orbit Bridge was struck by a number of significant discharges.
An vulnerability that was worth $81.4 million was apparently used by hackers to ring in the New Year with Orbit Bridge. A number of significant outflows were discovered by the blockchain security company SlowMist and the on-chain intelligence service LookOnChain. These outflows were encountered via the cross-chain protocol.
According to the latter, the Orbit Bridge was responsible for the transfer of 30 million Tether (USDT), 10 million DAI, 10 million USDCoin (USDC), 231 wBTC (worth over $10 million), and 9,500 ETH (worth around $21.5 million) in five distinct transactions.
After doing a preliminary examination from the outside, SlowMist came to the conclusion that either the centralized server has been compromised or there is a potential vulnerability in the Orbit Chain bridge. A further in-depth investigation is currently being carried out by the company in order to obtain additional information on the attack.
The hacking of Orbit Chain has been confirmed.
Orbit Chain reported the hack on its protocol in a tweet that was published not too long ago on X. The tweet described the breach as a "unidentified access" to the bridge. A comprehensive investigation into the underlying cause of the assault is currently being carried out by the company, which has said that it is actively collaborating with law enforcement authorities in order to identify the perpetrator of the incident.
#hack #OrbitChain
The vulnerability was exploited by the exploiter, who then transferred funds to a new wallet.
A weakness in the bridge or a hack in the centralized server was discovered as the primary reason by the blockchain security company SlowMist which was responsible for the investigation.
It has been revealed that a hack occurred on Orbit Bridge, which is a protocol for interchain communication that is utilized for asset conversion. A total of around $81.4 million worth of cryptocurrency were stolen from the system.
The Orbit Bridge was struck by a number of significant discharges.
An vulnerability that was worth $81.4 million was apparently used by hackers to ring in the New Year with Orbit Bridge. A number of significant outflows were discovered by the blockchain security company SlowMist and the on-chain intelligence service LookOnChain. These outflows were encountered via the cross-chain protocol.
According to the latter, the Orbit Bridge was responsible for the transfer of 30 million Tether (USDT), 10 million DAI, 10 million USDCoin (USDC), 231 wBTC (worth over $10 million), and 9,500 ETH (worth around $21.5 million) in five distinct transactions.
After doing a preliminary examination from the outside, SlowMist came to the conclusion that either the centralized server has been compromised or there is a potential vulnerability in the Orbit Chain bridge. A further in-depth investigation is currently being carried out by the company in order to obtain additional information on the attack.
The hacking of Orbit Chain has been confirmed.
Orbit Chain reported the hack on its protocol in a tweet that was published not too long ago on X. The tweet described the breach as a "unidentified access" to the bridge. A comprehensive investigation into the underlying cause of the assault is currently being carried out by the company, which has said that it is actively collaborating with law enforcement authorities in order to identify the perpetrator of the incident.
#hack #OrbitChain
Stay #SAFU on X and other socials.
@JasonYanowitz on X narrates his #hack odeal.
I got hacked yesterday. At the risk of looking foolish, I'll share how it happened so you can avoid this nightmare. For the past few weeks, people have been trying to get into my accounts. #Crypto accounts, email, twitter, etc... every few days I get an email that someone is trying to access one of my accounts. Thankfully I have non-text #2FA set up for everything so nothing got hacked. So when I got back from dinner last night and saw this email, I panicked.
Someone in North Cyprus had finally managed to hack into my account. I guess my security wasn't strong enough and they found a loophole.
I clicked the link to "secure my account". I entered my username and password, updated to a new password, and voila: I'm back in. Crisis averted. Or so I thought. Moments later, I got an email saying my email address had been changed.
This was the real hack.
I was now officially locked out of my account. So how did this happen? It turns out the original email, which looks incredibly real, was not so real. Most email clients hide the actual address.
But when you expand it, you can see that this email was sent from "verify@x-notify.com" Fake address. I got phished. Very foolish mistake. I don't open Google Docs when they're sent to me. I don't click links. I typically check addresses. But Friday 8pm after a long week, they got me. I am aware this thread exposes a pretty dumb mistake but if I can save one person from this same mistake, it's worth it.
Some takeaways:
- Don't click links
- If you do click a link, review the actual email address
- Set up non-text 2FA on everything
- If you've done that, trust your own security process
- If you think you've been hacked, slow down and think about how this could have happened
Big thank you to @KeithGrossman and some folks at X for helping me get my account back so quickly.
If you're still reading, go read the self-audit series from @samczsun.
And this best practices from @bobbyong.
Lot more you can do but start there. #phishing
@JasonYanowitz on X narrates his #hack odeal.
I got hacked yesterday. At the risk of looking foolish, I'll share how it happened so you can avoid this nightmare. For the past few weeks, people have been trying to get into my accounts. #Crypto accounts, email, twitter, etc... every few days I get an email that someone is trying to access one of my accounts. Thankfully I have non-text #2FA set up for everything so nothing got hacked. So when I got back from dinner last night and saw this email, I panicked.
Someone in North Cyprus had finally managed to hack into my account. I guess my security wasn't strong enough and they found a loophole.
I clicked the link to "secure my account". I entered my username and password, updated to a new password, and voila: I'm back in. Crisis averted. Or so I thought. Moments later, I got an email saying my email address had been changed.
This was the real hack.
I was now officially locked out of my account. So how did this happen? It turns out the original email, which looks incredibly real, was not so real. Most email clients hide the actual address.
But when you expand it, you can see that this email was sent from "verify@x-notify.com" Fake address. I got phished. Very foolish mistake. I don't open Google Docs when they're sent to me. I don't click links. I typically check addresses. But Friday 8pm after a long week, they got me. I am aware this thread exposes a pretty dumb mistake but if I can save one person from this same mistake, it's worth it.
Some takeaways:
- Don't click links
- If you do click a link, review the actual email address
- Set up non-text 2FA on everything
- If you've done that, trust your own security process
- If you think you've been hacked, slow down and think about how this could have happened
Big thank you to @KeithGrossman and some folks at X for helping me get my account back so quickly.
If you're still reading, go read the self-audit series from @samczsun.
And this best practices from @bobbyong.
Lot more you can do but start there. #phishing
30.1K #BTC ($2.1B) of #Silk Road #hack funds controlled by US government is on the move right now.
0.001 BTC ($69) transferred to a Coinbase deposit address so it’s a test transfer possibly.
txn hash
9c3af4b48e66565f1da1da8278036fa1dbb09f2beaaca99c3504475390ba4590
Coinbase deposit address
3KrZVU9Jz4UKHpKUtuvkEMX1tY8zeiTvX2
0.001 BTC ($69) transferred to a Coinbase deposit address so it’s a test transfer possibly.
txn hash
9c3af4b48e66565f1da1da8278036fa1dbb09f2beaaca99c3504475390ba4590
Coinbase deposit address
3KrZVU9Jz4UKHpKUtuvkEMX1tY8zeiTvX2
🚨 Did North Korea Just Pull Off the Biggest Crypto Heist? 🔥
Yesterday, the crypto world exploded with two shocking headlines:
1️⃣ A major exchange lost $1.5 billion in Ethereum after a massive hack.
2️⃣ Just hours later, North Korea claimed it had a $1.5 billion ETH reserve. 🤯
Coincidence? Or something bigger?
🔹 The Hack: Hackers drained 400,000 ETH from the exchange’s secure wallet. Experts suspect North Korea’s Lazarus Group, a well-known cybercrime gang.
🔹 North Korea’s Announcement: Out of nowhere, North Korea declared a massive Ethereum reserve—the exact same amount stolen!
🔹 Social Media Buzz: "Did North Korea just rob an exchange and call it a reserve?" Many are connecting the dots.
💬 What do you think? A wild coincidence or the biggest crypto heist ever? Drop your thoughts below! 👇🔥
🔔 Follow for more real-time crypto updates! 🚀
#BybitSecurityBreach #Binance #HackerAlert #Hack #ETH
Yesterday, the crypto world exploded with two shocking headlines:
1️⃣ A major exchange lost $1.5 billion in Ethereum after a massive hack.
2️⃣ Just hours later, North Korea claimed it had a $1.5 billion ETH reserve. 🤯
Coincidence? Or something bigger?
🔹 The Hack: Hackers drained 400,000 ETH from the exchange’s secure wallet. Experts suspect North Korea’s Lazarus Group, a well-known cybercrime gang.
🔹 North Korea’s Announcement: Out of nowhere, North Korea declared a massive Ethereum reserve—the exact same amount stolen!
🔹 Social Media Buzz: "Did North Korea just rob an exchange and call it a reserve?" Many are connecting the dots.
💬 What do you think? A wild coincidence or the biggest crypto heist ever? Drop your thoughts below! 👇🔥
🔔 Follow for more real-time crypto updates! 🚀
#BybitSecurityBreach #Binance #HackerAlert #Hack #ETH
Ronin Wallets of 'Axie Infinity' Founders Hacked, $9.5 Million Loss in Ethereum
On Thursday, Ronin gaming platform wallets were compromised, resulting in the theft of approximately $9.5 million worth of Ethereum. The perpetrators utilized Tornado Cash service to launder the stolen funds, mixing transactions from multiple users to obscure the cryptocurrency's origin. Among the affected individuals is one of the founders of Ronin and Axie Infinity, who disclosed the incident on Twitter.
Theft Details: 3,250 ETH Moved by Unknown Perpetrators
A precise sum of 3,250 ETH was siphoned from gaming wallets on the Ronin network, amounting to $9.5 million. The attackers subsequently transferred these funds to three distinct Ethereum wallets via a network bridge. The ETH was then laundered through the Tornado Cash service, complicating its traceability.
Personal Accounts of Jeff 'Jiho' Zirlin Compromised
Jeff "Jiho" Zirlin, co-founder of Ronin and Axie Infinity, announced on Thursday evening that his personal wallets had been compromised in the attack. He stated that the attack solely targeted his personal accounts and did not impact the security or operations of the Ronin network or the activities of Sky Mavis, the company behind it.
Security of Ronin and Sky Mavis Unaffected
In response to the incident, Aleksander "Psycheout" Larsen, another founder of Sky Mavis, emphasized that the attack has no bearing on the security measures of the Ronin network bridge or the company's financial assets. Larsen highlighted that the bridge itself has undergone several security audits and is equipped with mechanisms to prevent excessive fund withdrawals.
Impact on Ronin's Market Value
As a consequence of the attack and fund depletion, the value of Ronin cryptocurrency (RON) experienced a decline, with its price plummeting from approximately $3.17 to $2.74, marking a decrease of over 13% within minutes. At the time of writing, the price partially recovered to $2.97.
Historical Context: Ronin Bridge Attack
The incident occurs two years after the attack on the Ethereum Ronin bridge, during which cryptocurrency worth $622 million was stolen. The attack was attributed to the Lazarus hacking group from North Korea, exploiting the insufficient decentralization at that time. Subsequently, a portion of the stolen funds was recovered, and Sky Mavis reimbursed users for all losses from the February 2022 attack.
$ETH
#Ronin #hack
Notice:
,,The information and views presented in this article are intended solely for educational purposes and should not be taken as investment advice in any situation. The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.“
Theft Details: 3,250 ETH Moved by Unknown Perpetrators
A precise sum of 3,250 ETH was siphoned from gaming wallets on the Ronin network, amounting to $9.5 million. The attackers subsequently transferred these funds to three distinct Ethereum wallets via a network bridge. The ETH was then laundered through the Tornado Cash service, complicating its traceability.
Personal Accounts of Jeff 'Jiho' Zirlin Compromised
Jeff "Jiho" Zirlin, co-founder of Ronin and Axie Infinity, announced on Thursday evening that his personal wallets had been compromised in the attack. He stated that the attack solely targeted his personal accounts and did not impact the security or operations of the Ronin network or the activities of Sky Mavis, the company behind it.
Security of Ronin and Sky Mavis Unaffected
In response to the incident, Aleksander "Psycheout" Larsen, another founder of Sky Mavis, emphasized that the attack has no bearing on the security measures of the Ronin network bridge or the company's financial assets. Larsen highlighted that the bridge itself has undergone several security audits and is equipped with mechanisms to prevent excessive fund withdrawals.
Impact on Ronin's Market Value
As a consequence of the attack and fund depletion, the value of Ronin cryptocurrency (RON) experienced a decline, with its price plummeting from approximately $3.17 to $2.74, marking a decrease of over 13% within minutes. At the time of writing, the price partially recovered to $2.97.
Historical Context: Ronin Bridge Attack
The incident occurs two years after the attack on the Ethereum Ronin bridge, during which cryptocurrency worth $622 million was stolen. The attack was attributed to the Lazarus hacking group from North Korea, exploiting the insufficient decentralization at that time. Subsequently, a portion of the stolen funds was recovered, and Sky Mavis reimbursed users for all losses from the February 2022 attack.
$ETH
#Ronin #hack
Notice:
,,The information and views presented in this article are intended solely for educational purposes and should not be taken as investment advice in any situation. The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.“
🥶MetaMask thông báo trên nền tảng X rằng tài khoản Farcaster của Dan Finlay, đồng sáng lập công ty, đã bị xâm phạm và sử dụng để quảng bá một đồng tiền meme. Kẻ tấn công đã sử dụng nền tảng trộn để rửa tiền, thu về hơn 1.000 SOL. Công ty đã làm việc với Farcaster để điều tra vụ việc.
Vụ tấn công đã gây ra lo ngại trong cộng đồng tiền điện tử về vấn đề bảo mật tài khoản của các nhà sáng lập và tổ chức lớn.
Đây cũng là một lời nhắc nhở rằng không ai, kể cả các nhà sáng lập hoặc chuyên gia trong lĩnh vực blockchain, được miễn nhiễm khỏi các rủi ro bảo mật. Việc nâng cao nhận thức và bảo mật cá nhân là điều tối quan trọng để bảo vệ tài sản kỹ thuật số của bạn mà thôi.
#Hack #MetaMask #memecoin
Vụ tấn công đã gây ra lo ngại trong cộng đồng tiền điện tử về vấn đề bảo mật tài khoản của các nhà sáng lập và tổ chức lớn.
Đây cũng là một lời nhắc nhở rằng không ai, kể cả các nhà sáng lập hoặc chuyên gia trong lĩnh vực blockchain, được miễn nhiễm khỏi các rủi ro bảo mật. Việc nâng cao nhận thức và bảo mật cá nhân là điều tối quan trọng để bảo vệ tài sản kỹ thuật số của bạn mà thôi.
#Hack #MetaMask #memecoin
⚠️ MARKET MAYHEM IN JUST 2 HOURS ⚠️
📈 PPI & Core PPI — Both came in WAY hotter than forecasts, shaking rate-cut hopes.
🚫 US Treasury Secretary — Confirms the government will NOT buy Bitcoin.
💥 Turkish Crypto Exchange Hack — $49M vanished in a major breach.
📉 My Portfolio — Feels like WWIII just started in my account.
Stay sharp. Volatility is at DEFCON 1.
#CryptoNews #Bitcoin #Inflation #Hack #Markets
📈 PPI & Core PPI — Both came in WAY hotter than forecasts, shaking rate-cut hopes.
🚫 US Treasury Secretary — Confirms the government will NOT buy Bitcoin.
💥 Turkish Crypto Exchange Hack — $49M vanished in a major breach.
📉 My Portfolio — Feels like WWIII just started in my account.
Stay sharp. Volatility is at DEFCON 1.
#CryptoNews #Bitcoin #Inflation #Hack #Markets
🥷💸 أكثر من 280 مليون دولار سُرقت هذا الصيف بسبب اختراقات الكريبتو!
🔟 هذه قائمة بأكبر 10 اختراقات وخروقات أمنية:
1️⃣ Nobitex – $82M (اختراق Hot Wallet)
2️⃣ BtcTurk – $48M (اختراق مفاتيح خاصة)
3️⃣ CoinDCX – $44.2M (فقدان صلاحيات وصول)
4️⃣ GMX – $42M (ثغرة Re-entrancy)
5️⃣ BigONE – $27M (فقدان صلاحيات وصول)
6️⃣ WOO X – $14M (Phishing)
7️⃣ Resupply – $9.6M (التلاعب بأوراكل الأسعار)
8️⃣ ALEX – $8.4M (تحويلات خبيثة)
9️⃣ BetterBank – $5M (ثغرة بروتوكول)
🔟 CrediX – $4.5M (اختراق مفاتيح خاصة)
⚠️ المجموع: +280M$ خلال الصيف فقط!
👉 الدرس: المخاطر الأمنية في عالم الكريبتو ما زالت مرتفعة جدًا، والحماية يجب أن تكون أولوية قصوى لكل مستثمر أو مؤسسة.
#Hack
#Crypto #Security #DeFi #Hacks #Blockchain #Binance #crypto #عملات_رقمية #ضرار_الحضري
🔟 هذه قائمة بأكبر 10 اختراقات وخروقات أمنية:
1️⃣ Nobitex – $82M (اختراق Hot Wallet)
2️⃣ BtcTurk – $48M (اختراق مفاتيح خاصة)
3️⃣ CoinDCX – $44.2M (فقدان صلاحيات وصول)
4️⃣ GMX – $42M (ثغرة Re-entrancy)
5️⃣ BigONE – $27M (فقدان صلاحيات وصول)
6️⃣ WOO X – $14M (Phishing)
7️⃣ Resupply – $9.6M (التلاعب بأوراكل الأسعار)
8️⃣ ALEX – $8.4M (تحويلات خبيثة)
9️⃣ BetterBank – $5M (ثغرة بروتوكول)
🔟 CrediX – $4.5M (اختراق مفاتيح خاصة)
⚠️ المجموع: +280M$ خلال الصيف فقط!
👉 الدرس: المخاطر الأمنية في عالم الكريبتو ما زالت مرتفعة جدًا، والحماية يجب أن تكون أولوية قصوى لكل مستثمر أو مؤسسة.
#Hack
#Crypto #Security #DeFi #Hacks #Blockchain #Binance #crypto #عملات_رقمية #ضرار_الحضري
Breaking News: Bybit Exchange Hacked
On February 21, 2025. Bybit Exchange, a prominent cryptocurrency exchange, experienced a significant security breach resulting in the unauthorized transfer of approximately $1.46 billion worth of assets. The incident involved the compromise of Bybit's Ethereum (ETH) cold wallet, leading to the loss of 401,346 ETH (approximately $1.1 billion) and various staked Ether (stETH) tokens. The perpetrator has been liquidating these assets on decentralized exchanges.
Bybit's CEO, Ben Zhou, confirmed the breach, explaining that a planned transfer was manipulated, allowing the attacker to gain control over the specific ETH cold wallet. Zhou assured users that all other cold wallets remain secure and that withdrawals are functioning normally.
This event marks one of the largest cryptocurrency hacks to date, surpassing previous incidents such as the Mt. Gox hack ($470 million), the CoinCheck hack in 2018 ($530 million), and the Ronin Bridge exploit ($650 million).
In response to the breach, major cryptocurrencies experienced price declines. Ethereum's price fell nearly 3% to approximately $2,727, while Bitcoin dipped by nearly 1% to around $98,091.
Users are advised to monitor their accounts closely and exercise caution with their assets during this period.
#BybitSecurityBreach #CryptocurrencyWealth #cryptouniverseofficial #Hack #bybit
Bybit's CEO, Ben Zhou, confirmed the breach, explaining that a planned transfer was manipulated, allowing the attacker to gain control over the specific ETH cold wallet. Zhou assured users that all other cold wallets remain secure and that withdrawals are functioning normally.
This event marks one of the largest cryptocurrency hacks to date, surpassing previous incidents such as the Mt. Gox hack ($470 million), the CoinCheck hack in 2018 ($530 million), and the Ronin Bridge exploit ($650 million).
In response to the breach, major cryptocurrencies experienced price declines. Ethereum's price fell nearly 3% to approximately $2,727, while Bitcoin dipped by nearly 1% to around $98,091.
Users are advised to monitor their accounts closely and exercise caution with their assets during this period.
#BybitSecurityBreach #CryptocurrencyWealth #cryptouniverseofficial #Hack #bybit
နောက်ထပ်အကြောင်းအရာများကို စူးစမ်းလေ့လာရန် အကောင့်ဝင်ပါ