#phishing
phishing
Просмотров: 216,116
220 обсуждают
Популярные
Новые
🚨 CRITICAL PHISHING ALERT TARGETING $TRX USERS
SlowMist reports that a counterfeit TronLink Chrome extension loads a remote phishing page via an iframe, capturing seed phrases and private keys in real time. The malware includes anti‑analysis mechanisms to evade detection, raising concerns for retail investors.
SlowMist issued an urgent warning about a malicious Chrome extension masquerading as TronLink. The extension uses Unicode bidirectional control and Cyrillic look‑alike characters to mimic the official branding, then loads a remote iframe to harvest mnemonics, private keys and passwords, exfiltrating them via Telegram Bot. It also employs anti‑analysis features such as right‑click blocking and region‑based redirects. Users are advised to uninstall the suspect extension, monitor for abnormal traffic, and transfer assets to a new wallet if any credentials were entered.
Not financial advice. Manage your risk.
#CryptoSecurity #TRX #Phishing #DeFi #WalletSafety
🔒
SlowMist reports that a counterfeit TronLink Chrome extension loads a remote phishing page via an iframe, capturing seed phrases and private keys in real time. The malware includes anti‑analysis mechanisms to evade detection, raising concerns for retail investors.
SlowMist issued an urgent warning about a malicious Chrome extension masquerading as TronLink. The extension uses Unicode bidirectional control and Cyrillic look‑alike characters to mimic the official branding, then loads a remote iframe to harvest mnemonics, private keys and passwords, exfiltrating them via Telegram Bot. It also employs anti‑analysis features such as right‑click blocking and region‑based redirects. Users are advised to uninstall the suspect extension, monitor for abnormal traffic, and transfer assets to a new wallet if any credentials were entered.
Not financial advice. Manage your risk.
#CryptoSecurity #TRX #Phishing #DeFi #WalletSafety
🔒
PHISHING ALERT: $TRX USERS BEWARE! ⚠️
SlowMist warns of a sophisticated phishing campaign targeting $TRX wallets via a counterfeit TronLink Chrome extension. The malicious add‑on hijacks Unicode characters to mimic the official brand and streams stolen credentials to a Telegram bot in real time.
Hacker’s playbook: fake UI, invisible Unicode tricks, remote iframe theft. No suspicious code, just a silent data grab. Remove the rogue extension now, audit traffic, and migrate assets to a fresh wallet if any seed was entered. Retail users are the prime target – stay sharp, lock down your keys.
Not financial advice. Manage your risk.
#TRX #CryptoSecurity #Phishing #DeFi #BinanceSquare
🚀
SlowMist warns of a sophisticated phishing campaign targeting $TRX wallets via a counterfeit TronLink Chrome extension. The malicious add‑on hijacks Unicode characters to mimic the official brand and streams stolen credentials to a Telegram bot in real time.
Hacker’s playbook: fake UI, invisible Unicode tricks, remote iframe theft. No suspicious code, just a silent data grab. Remove the rogue extension now, audit traffic, and migrate assets to a fresh wallet if any seed was entered. Retail users are the prime target – stay sharp, lock down your keys.
Not financial advice. Manage your risk.
#TRX #CryptoSecurity #Phishing #DeFi #BinanceSquare
🚀
Según la empresa de seguridad Web3 Scam Sniffer, más de US$127 millones en #Criptomonedas fueron robados a inversores en el tercer trimestre de 2024, con aproximadamente US$46 millones perdidos en septiembre por ataques de phishing.
En los ataques de phishing, los estafadores engañan a los inversores para que vinculen sus billeteras cripto, como #MetaMask , a servicios fraudulentos. La vinculación de las billeteras cripto a sitios web de #phishing permite a los estafadores retirar #criptomonedas de los usuarios sin más autenticación.
En los ataques de phishing, los estafadores engañan a los inversores para que vinculen sus billeteras cripto, como #MetaMask , a servicios fraudulentos. La vinculación de las billeteras cripto a sitios web de #phishing permite a los estafadores retirar #criptomonedas de los usuarios sin más autenticación.
#ScrollCoFounderXAccountHacked 🚨 ALERTA DE SEGURANÇA: Cofundador da Scroll tem conta invadida!
.
A hashtag #ScrollCoFounderXAccountHacked está dominando as tendências e serve como um lembrete brutal: no mundo cripto, ninguém está 100% imune. No dia 25 de janeiro de 2026, a conta oficial de Kenneth Shen foi alvo de um ataque sofisticado de phishing.
.
🛡️ O que aconteceu?
.
Hackers assumiram o controle do perfil para disseminar links maliciosos, tentando drenar carteiras de usuários desavisados através de falsas promessas de airdrops ou alertas de suporte urgentes.
.
💡 Como se proteger agora:
.
Desconfie de Urgência: Se um fundador postar um link "clique agora ou perca sua conta", pare e respire. É o gatilho favorito dos golpistas.
.
Verifique as Fontes: Antes de interagir, confira os canais oficiais do projeto (Discord, Telegram, Site Oficial).
.
Revise Permissões: Nunca conecte sua carteira principal em sites desconhecidos. Use uma "burner wallet" para interações suspeitas.
.
2FA de Hardware: Use chaves físicas (como Yubikey) sempre que possível, elas são muito mais seguras que SMS ou apps de autenticação.
.
✅ O ecossistema Scroll continua sólido, mas a segurança individual depende da nossa atenção constante. Fiquem espertos!
.
🤔 O que você achou dessa falha? Acha que as redes sociais precisam de camadas extras de segurança para figuras públicas de cripto? 👇
.
#Scroll #SecurityAlert #Phishing
.
A hashtag #ScrollCoFounderXAccountHacked está dominando as tendências e serve como um lembrete brutal: no mundo cripto, ninguém está 100% imune. No dia 25 de janeiro de 2026, a conta oficial de Kenneth Shen foi alvo de um ataque sofisticado de phishing.
.
🛡️ O que aconteceu?
.
Hackers assumiram o controle do perfil para disseminar links maliciosos, tentando drenar carteiras de usuários desavisados através de falsas promessas de airdrops ou alertas de suporte urgentes.
.
💡 Como se proteger agora:
.
Desconfie de Urgência: Se um fundador postar um link "clique agora ou perca sua conta", pare e respire. É o gatilho favorito dos golpistas.
.
Verifique as Fontes: Antes de interagir, confira os canais oficiais do projeto (Discord, Telegram, Site Oficial).
.
Revise Permissões: Nunca conecte sua carteira principal em sites desconhecidos. Use uma "burner wallet" para interações suspeitas.
.
2FA de Hardware: Use chaves físicas (como Yubikey) sempre que possível, elas são muito mais seguras que SMS ou apps de autenticação.
.
✅ O ecossistema Scroll continua sólido, mas a segurança individual depende da nossa atenção constante. Fiquem espertos!
.
🤔 O que você achou dessa falha? Acha que as redes sociais precisam de camadas extras de segurança para figuras públicas de cripto? 👇
.
#Scroll #SecurityAlert #Phishing
Uma baleia (ou possível instituição) que sofreu um golpe de phishing envolvendo US$ 50 milhões em USDT tentou contato direto com o responsável por meio de uma mensagem on-chain.
Segundo o ChainCatcher, a vítima chegou a oferecer US$ 1 milhão como recompensa pela devolução dos fundos. Até o momento, não houve qualquer resposta do golpista.
A chance de recuperação é considerada baixa, já que os valores foram convertidos em ETH e passaram pelo Tornado Cash, dificultando o rastreamento e a reversão da transação.
#USDT #defi #phishing #whalealerts #blockchain $ETH $USDT
Segundo o ChainCatcher, a vítima chegou a oferecer US$ 1 milhão como recompensa pela devolução dos fundos. Até o momento, não houve qualquer resposta do golpista.
A chance de recuperação é considerada baixa, já que os valores foram convertidos em ETH e passaram pelo Tornado Cash, dificultando o rastreamento e a reversão da transação.
#USDT #defi #phishing #whalealerts #blockchain $ETH $USDT
Stay #SAFU on X and other socials.
@JasonYanowitz on X narrates his #hack odeal.
I got hacked yesterday. At the risk of looking foolish, I'll share how it happened so you can avoid this nightmare. For the past few weeks, people have been trying to get into my accounts. #Crypto accounts, email, twitter, etc... every few days I get an email that someone is trying to access one of my accounts. Thankfully I have non-text #2FA set up for everything so nothing got hacked. So when I got back from dinner last night and saw this email, I panicked.
Someone in North Cyprus had finally managed to hack into my account. I guess my security wasn't strong enough and they found a loophole.
I clicked the link to "secure my account". I entered my username and password, updated to a new password, and voila: I'm back in. Crisis averted. Or so I thought. Moments later, I got an email saying my email address had been changed.
This was the real hack.
I was now officially locked out of my account. So how did this happen? It turns out the original email, which looks incredibly real, was not so real. Most email clients hide the actual address.
But when you expand it, you can see that this email was sent from "verify@x-notify.com" Fake address. I got phished. Very foolish mistake. I don't open Google Docs when they're sent to me. I don't click links. I typically check addresses. But Friday 8pm after a long week, they got me. I am aware this thread exposes a pretty dumb mistake but if I can save one person from this same mistake, it's worth it.
Some takeaways:
- Don't click links
- If you do click a link, review the actual email address
- Set up non-text 2FA on everything
- If you've done that, trust your own security process
- If you think you've been hacked, slow down and think about how this could have happened
Big thank you to @KeithGrossman and some folks at X for helping me get my account back so quickly.
If you're still reading, go read the self-audit series from @samczsun.
And this best practices from @bobbyong.
Lot more you can do but start there. #phishing
@JasonYanowitz on X narrates his #hack odeal.
I got hacked yesterday. At the risk of looking foolish, I'll share how it happened so you can avoid this nightmare. For the past few weeks, people have been trying to get into my accounts. #Crypto accounts, email, twitter, etc... every few days I get an email that someone is trying to access one of my accounts. Thankfully I have non-text #2FA set up for everything so nothing got hacked. So when I got back from dinner last night and saw this email, I panicked.
Someone in North Cyprus had finally managed to hack into my account. I guess my security wasn't strong enough and they found a loophole.
I clicked the link to "secure my account". I entered my username and password, updated to a new password, and voila: I'm back in. Crisis averted. Or so I thought. Moments later, I got an email saying my email address had been changed.
This was the real hack.
I was now officially locked out of my account. So how did this happen? It turns out the original email, which looks incredibly real, was not so real. Most email clients hide the actual address.
But when you expand it, you can see that this email was sent from "verify@x-notify.com" Fake address. I got phished. Very foolish mistake. I don't open Google Docs when they're sent to me. I don't click links. I typically check addresses. But Friday 8pm after a long week, they got me. I am aware this thread exposes a pretty dumb mistake but if I can save one person from this same mistake, it's worth it.
Some takeaways:
- Don't click links
- If you do click a link, review the actual email address
- Set up non-text 2FA on everything
- If you've done that, trust your own security process
- If you think you've been hacked, slow down and think about how this could have happened
Big thank you to @KeithGrossman and some folks at X for helping me get my account back so quickly.
If you're still reading, go read the self-audit series from @samczsun.
And this best practices from @bobbyong.
Lot more you can do but start there. #phishing
🚨 ALERT: ENS founder Nick Johnson warns of an "extremely sophisticated" Google phishing scam targeting users with fake subpoena notices. 🛑
⚠️ The emails pass DKIM checks and appear as legit Gmail security alerts.
📩 Stay sharp — even your inbox isn’t safe.
#Phishing #Crypto #CyberSecurity #ENS #Web3
⚠️ The emails pass DKIM checks and appear as legit Gmail security alerts.
📩 Stay sharp — even your inbox isn’t safe.
#Phishing #Crypto #CyberSecurity #ENS #Web3
🚨 SCAM ALERT: New Fake Customer Support Scams Target Binance Users 🚨
⚠️ Scammers are leveraging face-videos and QR codes to
impersonate official support.
🚫 Stay vigilant and never scan suspicious codes or share personal data with unverified accounts.
#CryptoScam #Phishing #BinanceSecurity #Write2Earn #BinanceSquare
⚠️ Scammers are leveraging face-videos and QR codes to
impersonate official support.
🚫 Stay vigilant and never scan suspicious codes or share personal data with unverified accounts.
#CryptoScam #Phishing #BinanceSecurity #Write2Earn #BinanceSquare
🚨 WLFI Blacklists 272 Wallets Amid Rising Phishing Threats
World Liberty Financial Inc. (WLFI) has announced the blacklisting of 272 crypto wallets in response to a surge of phishing attacks and wallet compromises.
🔐 WLFI emphasized this move is protective, not punitive—aimed at shielding users from malicious activity, not restricting legitimate trading.
📊 Breakdown of actions:
215 wallets linked to phishing attacks
50 wallets blacklisted at user requests after compromise
5 wallets flagged for high-risk exposure
1 wallet under investigation for misappropriating funds
✅ WLFI assured affected users it is working directly with rightful owners to secure and relocate assets, while maintaining transparency by sharing investigation outcomes publicly.
⚡ Key takeaway: User safety remains the top priority as WLFI strengthens protections against evolving threats in the crypto space.
---
#CryptoSecurity #Phishing #BlockchainSafety #WLF I #CryptoNews
World Liberty Financial Inc. (WLFI) has announced the blacklisting of 272 crypto wallets in response to a surge of phishing attacks and wallet compromises.
🔐 WLFI emphasized this move is protective, not punitive—aimed at shielding users from malicious activity, not restricting legitimate trading.
📊 Breakdown of actions:
215 wallets linked to phishing attacks
50 wallets blacklisted at user requests after compromise
5 wallets flagged for high-risk exposure
1 wallet under investigation for misappropriating funds
✅ WLFI assured affected users it is working directly with rightful owners to secure and relocate assets, while maintaining transparency by sharing investigation outcomes publicly.
⚡ Key takeaway: User safety remains the top priority as WLFI strengthens protections against evolving threats in the crypto space.
---
#CryptoSecurity #Phishing #BlockchainSafety #WLF I #CryptoNews
🔐 Hai crypto? Allora devi proteggerle.
Il mercato non perdona chi è distratto. Ecco le 3 basi da conoscere:
1️⃣ Usa un wallet sicuro
Inizia con un non-custodial (es: Metamask, Trust Wallet)
Se investi cifre importanti, valuta un hardware wallet
2️⃣ Mai condividere la seed phrase
Neanche con amici, neanche per scherzo
Scrivila offline. Meglio su carta, in più copie
3️⃣ Occhio al phishing
Non cliccare su link strani
Controlla sempre che il sito sia quello vero
🧠 Le crypto sono libertà, ma richiedono responsabilità.
🔁 Seguimi per imparare a gestirle senza farti fregare.
$BTC
#CryptoSicurezza #SeedPhras #Phishing #CryptoMindset
Il mercato non perdona chi è distratto. Ecco le 3 basi da conoscere:
1️⃣ Usa un wallet sicuro
Inizia con un non-custodial (es: Metamask, Trust Wallet)
Se investi cifre importanti, valuta un hardware wallet
2️⃣ Mai condividere la seed phrase
Neanche con amici, neanche per scherzo
Scrivila offline. Meglio su carta, in più copie
3️⃣ Occhio al phishing
Non cliccare su link strani
Controlla sempre che il sito sia quello vero
🧠 Le crypto sono libertà, ma richiedono responsabilità.
🔁 Seguimi per imparare a gestirle senza farti fregare.
$BTC
#CryptoSicurezza #SeedPhras #Phishing #CryptoMindset
🚨 Cuidado com Phishing!
🎣 Criminosos tentam imitar sites e apps oficiais para roubar seus dados.
✅ Sempre verifique o endereço do site.
✅ Ative a autenticação em 2 fatores (2FA).
❌ Nunca clique em links suspeitos recebidos por e-mail, SMS ou redes sociais.
🔒 Segurança é prioridade: proteja seu acesso e seus criptoativos.
📌 Regra de ouro: se parece estranho, é golpe.
#CriptoSeguro #Phishing #SegurançaDigital #ProtejaSeusAtivos #BitcoinBrasil
🎣 Criminosos tentam imitar sites e apps oficiais para roubar seus dados.
✅ Sempre verifique o endereço do site.
✅ Ative a autenticação em 2 fatores (2FA).
❌ Nunca clique em links suspeitos recebidos por e-mail, SMS ou redes sociais.
🔒 Segurança é prioridade: proteja seu acesso e seus criptoativos.
📌 Regra de ouro: se parece estranho, é golpe.
#CriptoSeguro #Phishing #SegurançaDigital #ProtejaSeusAtivos #BitcoinBrasil
Serenity : 🧠 You Are the Final Firewall
A major cyberattack has just compromised over 184 million user credentials, affecting global tech giants including Google, Apple, and Microsoft. The hackers exploited multiple systems and leaked login #data across the dark web — exposing the alarming fragility of password based #security models.
🔐 The attackers broke through every wall – but sAxess ensures there’s one they can’t cross:
Your fingerprint.
✅ No more passwords to steal
✅ No #phishing traps to fall into
✅ No central databases to breach
✅ Your identity, secured by biometrics + blockchain
#Serenity #sAxess isn’t just a wallet. It’s a personal firewall. A biometric, self-custodial solution that removes traditional vulnerabilities and gives you total control over your digital access.
With sAxess, you become the key.
And hackers can’t steal what they can’t replicate.
A major cyberattack has just compromised over 184 million user credentials, affecting global tech giants including Google, Apple, and Microsoft. The hackers exploited multiple systems and leaked login #data across the dark web — exposing the alarming fragility of password based #security models.
🔐 The attackers broke through every wall – but sAxess ensures there’s one they can’t cross:
Your fingerprint.
✅ No more passwords to steal
✅ No #phishing traps to fall into
✅ No central databases to breach
✅ Your identity, secured by biometrics + blockchain
#Serenity #sAxess isn’t just a wallet. It’s a personal firewall. A biometric, self-custodial solution that removes traditional vulnerabilities and gives you total control over your digital access.
With sAxess, you become the key.
And hackers can’t steal what they can’t replicate.
Twenty malicious #npm packages impersonating the #Hardhat #Ethereum✅ development environment have targeted private keys and sensitive data. These packages, downloaded over 1,000 times, were uploaded by three accounts using #typosquatting techniques to trick developers. Once installed, the packages steal private keys, mnemonics, and configuration files, encrypt them with a hardcoded AES key, and send them to attackers. This exposes developers to risks like unauthorized transactions, compromised production systems, #phishing , and malicious dApps.
Mitigation tips: Developers should verify package authenticity, avoid typosquatting, inspect source code, store private keys securely, and minimize dependency usage. Using lock files and defining specific versions can also reduce risks.
$ETH
Mitigation tips: Developers should verify package authenticity, avoid typosquatting, inspect source code, store private keys securely, and minimize dependency usage. Using lock files and defining specific versions can also reduce risks.
$ETH
Enhancing Digital Security: A Shared Responsibility.
In today's digital landscape, the importance of robust security measures cannot be overstated. A recent reminder to the community highlighted a crucial principle: security is a shared responsibility. While platforms and service providers dedicate significant resources to safeguarding assets through initiatives like SAFU funds and advanced monitoring systems, the end-user's vigilance remains a critical line of defense.
The call to action emphasizes simple yet highly effective practices: enabling Two-Factor Authentication (2FA) and maintaining a sharp awareness of phishing attempts. 2FA adds an essential layer of security by requiring a second form of verification in addition to a password, significantly reducing the risk of unauthorized access. Simultaneously, staying alert to phishing — fraudulent attempts to obtain sensitive information by disguising as a trustworthy entity — is paramount. Phishing scams are constantly evolving, making continuous vigilance necessary for all users.
Ultimately, the safety of digital assets hinges on a collaborative effort. Platforms provide the infrastructure and protection, but users must actively participate in securing their own accounts. This partnership ensures that collective digital security remains strong against evolving threats.
#Cybersecurity #2FA #Phishing #SAFU #DigitalSafety
@SALIM MAYO
In today's digital landscape, the importance of robust security measures cannot be overstated. A recent reminder to the community highlighted a crucial principle: security is a shared responsibility. While platforms and service providers dedicate significant resources to safeguarding assets through initiatives like SAFU funds and advanced monitoring systems, the end-user's vigilance remains a critical line of defense.
The call to action emphasizes simple yet highly effective practices: enabling Two-Factor Authentication (2FA) and maintaining a sharp awareness of phishing attempts. 2FA adds an essential layer of security by requiring a second form of verification in addition to a password, significantly reducing the risk of unauthorized access. Simultaneously, staying alert to phishing — fraudulent attempts to obtain sensitive information by disguising as a trustworthy entity — is paramount. Phishing scams are constantly evolving, making continuous vigilance necessary for all users.
Ultimately, the safety of digital assets hinges on a collaborative effort. Platforms provide the infrastructure and protection, but users must actively participate in securing their own accounts. This partnership ensures that collective digital security remains strong against evolving threats.
#Cybersecurity #2FA #Phishing #SAFU #DigitalSafety
@SALIM MAYO
#ScrollCoFounderXAccountHacked
🚨 Alert! The X account of Scroll's co-founder (@shenhaichen) got hacked today.
Bad guys are using it to send private messages (DMs) pretending to be from X staff. They trick people into clicking bad links to steal crypto money or keys.
Important:
Don't click ANY links from this account.
Don't share your info or wallet stuff.
Stay safe!
Crypto friends, be careful.
#ScrollCoFounderXAccountHacked #CryptoScam #Phishing
🚨 Alert! The X account of Scroll's co-founder (@shenhaichen) got hacked today.
Bad guys are using it to send private messages (DMs) pretending to be from X staff. They trick people into clicking bad links to steal crypto money or keys.
Important:
Don't click ANY links from this account.
Don't share your info or wallet stuff.
Stay safe!
Crypto friends, be careful.
#ScrollCoFounderXAccountHacked #CryptoScam #Phishing
🚨#CyberSecurityAlert: There are now over 2,650 fake DeepSeek phishing sites, with a significant spike since Jan 26.
These sites trick users into revealing login credentials or buying virtual assets through misleading domains and interfaces.
Stay vigilant and double-check URLs! 🛑 #phishing #DeepSeek #CryptoScams
These sites trick users into revealing login credentials or buying virtual assets through misleading domains and interfaces.
Stay vigilant and double-check URLs! 🛑 #phishing #DeepSeek #CryptoScams
Войдите, чтобы посмотреть больше материала