#web3security
web3security
Počet zobrazení: 589,054
Diskutuje: 967
Hot
Najnovšie
DeFi vs. The SEC: The Battle for "Permanent" Legal Certainty Begins 🇺🇸⚖️
The honeymoon phase with the new, crypto-friendly SEC is over—now, the industry wants the rules written in stone. Led by the DeFi Education Fund and the Digital Chamber, a coalition of advocacy groups has officially sent a joint letter to the SEC. Their demand? A formal rulemaking process that protects the future of decentralized infrastructure.
My Take: Why "No-Action" Letters Aren't Enough
This move comes just days after the SEC’s Division of Trading and Markets issued a landmark statement on April 13, 2026, giving a "green light" to software interfaces. While that was a win, the industry knows that "guidance" can be revoked. Here is my breakdown:
The Infrastructure Shield: The coalition is specifically asking the SEC to codify that validators, API providers, RPC nodes, oracles, and cloud services are NOT brokers. By locking this into formal regulation, developers can build without the fear of a future "policy flip" at the SEC.
The Atkins Effect: Under Chairman Paul Atkins, the SEC has shifted from "Regulation by Enforcement" to "Regulation by Innovation." This is the first time in years that the industry feels comfortable enough to ask for rules, rather than hiding from them.
Beyond the UI: While the SEC staff recently exempted "Covered User Interfaces" (non-custodial wallets/front-ends) from broker registration, this petition aims to broaden that safety net to the entire DeFi stack.
The Market Reality:
This is a massive bullish signal for $UNI , $AAVE , and $LINK . When oracles and front-ends get legal immunity, the "institutional grade" label for DeFi becomes real. We are seeing a shift where the SEC is finally distinguishing between intermediaries (who need regulation) and infrastructure (which needs protection).
Should DeFi be regulated like a bank, or should the code be left alone? Share your thoughts below! 👇
#SEC #PaulAtkins #CryptoNews #Web3Security #DeFiEducation
$UNI $AAVE $LINK
The honeymoon phase with the new, crypto-friendly SEC is over—now, the industry wants the rules written in stone. Led by the DeFi Education Fund and the Digital Chamber, a coalition of advocacy groups has officially sent a joint letter to the SEC. Their demand? A formal rulemaking process that protects the future of decentralized infrastructure.
My Take: Why "No-Action" Letters Aren't Enough
This move comes just days after the SEC’s Division of Trading and Markets issued a landmark statement on April 13, 2026, giving a "green light" to software interfaces. While that was a win, the industry knows that "guidance" can be revoked. Here is my breakdown:
The Infrastructure Shield: The coalition is specifically asking the SEC to codify that validators, API providers, RPC nodes, oracles, and cloud services are NOT brokers. By locking this into formal regulation, developers can build without the fear of a future "policy flip" at the SEC.
The Atkins Effect: Under Chairman Paul Atkins, the SEC has shifted from "Regulation by Enforcement" to "Regulation by Innovation." This is the first time in years that the industry feels comfortable enough to ask for rules, rather than hiding from them.
Beyond the UI: While the SEC staff recently exempted "Covered User Interfaces" (non-custodial wallets/front-ends) from broker registration, this petition aims to broaden that safety net to the entire DeFi stack.
The Market Reality:
This is a massive bullish signal for $UNI , $AAVE , and $LINK . When oracles and front-ends get legal immunity, the "institutional grade" label for DeFi becomes real. We are seeing a shift where the SEC is finally distinguishing between intermediaries (who need regulation) and infrastructure (which needs protection).
Should DeFi be regulated like a bank, or should the code be left alone? Share your thoughts below! 👇
#SEC #PaulAtkins #CryptoNews #Web3Security #DeFiEducation
$UNI $AAVE $LINK
🚨 AI Telegram Bot Scam Alert (April 2026)
AI-powered Telegram bots are draining crypto wallets in minutes — and victims don’t even realize it.
How it works:
• You’re added to a “alpha/signals/airdrop” group
• AI bot chats like a real human (support/influencer/exchange rep)
• Sends a dApp link to “verify” or “claim rewards”
• You connect wallet + sign → gives full access
• Funds drained instantly
Targets: Beginners, airdrop hunters, signal traders, new DEX users
Red Flags:
🔴 Unsolicited DM
🔴 Wallet connection requests
🔴 “Guaranteed profits” / urgency
🔴 Fake domains
Stay Safe:
✅ Never connect wallet via Telegram links
✅ Revoke old approvals (use revoke tools)
✅ Use cold wallets for storage
✅ Verify only via official sources
🧠 Rule: No legit platform asks you to sign to receive funds.
🚨 Seen this scam? Spread awareness.
#CryptoAlert #Web3Security #TelegramScams #StaySafe
AI-powered Telegram bots are draining crypto wallets in minutes — and victims don’t even realize it.
How it works:
• You’re added to a “alpha/signals/airdrop” group
• AI bot chats like a real human (support/influencer/exchange rep)
• Sends a dApp link to “verify” or “claim rewards”
• You connect wallet + sign → gives full access
• Funds drained instantly
Targets: Beginners, airdrop hunters, signal traders, new DEX users
Red Flags:
🔴 Unsolicited DM
🔴 Wallet connection requests
🔴 “Guaranteed profits” / urgency
🔴 Fake domains
Stay Safe:
✅ Never connect wallet via Telegram links
✅ Revoke old approvals (use revoke tools)
✅ Use cold wallets for storage
✅ Verify only via official sources
🧠 Rule: No legit platform asks you to sign to receive funds.
🚨 Seen this scam? Spread awareness.
#CryptoAlert #Web3Security #TelegramScams #StaySafe
WEEK IN REVIEW: $2.54B IN — $292M OUT
Two stories defined crypto this week. One is bullish. One is a wake-up call.
BULLISH: The Biggest Corporate Bitcoin Buy Since 2024
Strategy (formerly MicroStrategy) acquired 34,164 BTC for $2.54 billion at an average price of $74,395 per coin. Total holdings: 815,000 BTC — that's 3.88% of Bitcoin's entire circulating supply, and more than most nation-state reserves.
But Strategy wasn't alone. On-chain data from Lookonchain and Glassnode shows 2,140 whale addresses (≥1,000 BTC each) accumulated 270,000 BTC over 30 days — the largest monthly whale accumulation since 2013. Bitcoin exchange reserves are now at their lowest since December 2017.
Bitcoin ETFs pulled in $663M in a single trading day. Miners stopped selling — outflows hit a 3-year low. Every metric points to institutional and smart-money accumulation at scale.
WAKE-UP CALL: $292M Gone in 46 Minutes
KelpDAO suffered 2026's largest DeFi exploit. Attackers — attributed to DPRK's Lazarus Group — exploited a single misconfigured DVN in the LayerZero bridge, minting 116,500 non-existent rsETH tokens across 20 blockchain networks. DeFi TVL dropped $14B in 48 hours. The Arbitrum Security Council froze $70M in ETH.
This wasn't an obscure vulnerability — it was a configuration failure that existing audits didn't catch. The attack exposed a systemic risk: most cross-chain bridge security frameworks don't stress-test DVN configurations under adversarial conditions.
WHAT TO WATCH:
The divergence is clear. Bitcoin is becoming institutionally entrenched — price holding $74K–$77K through geopolitical tension and DeFi crisis signals structural demand. DeFi, meanwhile, faces a credibility problem that only better security infrastructure can solve.
Accumulation phase or distribution phase? On-chain says accumulation. Be data-driven.
#bitcoin #defi #cryptotrading #BTC #Web3Security
Two stories defined crypto this week. One is bullish. One is a wake-up call.
BULLISH: The Biggest Corporate Bitcoin Buy Since 2024
Strategy (formerly MicroStrategy) acquired 34,164 BTC for $2.54 billion at an average price of $74,395 per coin. Total holdings: 815,000 BTC — that's 3.88% of Bitcoin's entire circulating supply, and more than most nation-state reserves.
But Strategy wasn't alone. On-chain data from Lookonchain and Glassnode shows 2,140 whale addresses (≥1,000 BTC each) accumulated 270,000 BTC over 30 days — the largest monthly whale accumulation since 2013. Bitcoin exchange reserves are now at their lowest since December 2017.
Bitcoin ETFs pulled in $663M in a single trading day. Miners stopped selling — outflows hit a 3-year low. Every metric points to institutional and smart-money accumulation at scale.
WAKE-UP CALL: $292M Gone in 46 Minutes
KelpDAO suffered 2026's largest DeFi exploit. Attackers — attributed to DPRK's Lazarus Group — exploited a single misconfigured DVN in the LayerZero bridge, minting 116,500 non-existent rsETH tokens across 20 blockchain networks. DeFi TVL dropped $14B in 48 hours. The Arbitrum Security Council froze $70M in ETH.
This wasn't an obscure vulnerability — it was a configuration failure that existing audits didn't catch. The attack exposed a systemic risk: most cross-chain bridge security frameworks don't stress-test DVN configurations under adversarial conditions.
WHAT TO WATCH:
The divergence is clear. Bitcoin is becoming institutionally entrenched — price holding $74K–$77K through geopolitical tension and DeFi crisis signals structural demand. DeFi, meanwhile, faces a credibility problem that only better security infrastructure can solve.
Accumulation phase or distribution phase? On-chain says accumulation. Be data-driven.
#bitcoin #defi #cryptotrading #BTC #Web3Security
callmesae187:
check my pinned post and claim your free red package and quiz in USTD🎁🎁
Kelp DAO just turned a protocol exploit into a full-blown DeFi stress event.
On April 18, 2026, attackers drained roughly $290M–$293M tied to rsETH, making it one of the biggest DeFi exploits of the year. Kelp flagged “suspicious cross-chain activity,” paused rsETH contracts across Ethereum mainnet and several L2s, and the blast radius quickly spread across lending markets.
What makes this hit harder is the mechanism. LayerZero says the protocol itself was not exploited; instead, the attacker allegedly poisoned downstream RPC infrastructure used by LayerZero Labs’ DVN, and Kelp’s 1-of-1 DVN setup left rsETH exposed as a single point of failure. LayerZero says it had recommended a multi-DVN configuration, while Kelp has publicly pushed back on where responsibility sits. 
The real damage was not just the theft. Aave said its own contracts were not exploited, but it still froze affected markets because of the rsETH bridge incident. Reports since then say the event triggered heavy withdrawals, bad debt concerns, and a sharp drop in DeFi confidence far beyond Kelp itself. 
This is why the story feels bigger than a hack headline: the code did not need to break for trust to break. In DeFi, one weak cross-chain assumption can turn yield into panic in a matter of hours.
#KelpDAO
#defi
#CryptoHack
#rseth
#Web3Security
On April 18, 2026, attackers drained roughly $290M–$293M tied to rsETH, making it one of the biggest DeFi exploits of the year. Kelp flagged “suspicious cross-chain activity,” paused rsETH contracts across Ethereum mainnet and several L2s, and the blast radius quickly spread across lending markets.
What makes this hit harder is the mechanism. LayerZero says the protocol itself was not exploited; instead, the attacker allegedly poisoned downstream RPC infrastructure used by LayerZero Labs’ DVN, and Kelp’s 1-of-1 DVN setup left rsETH exposed as a single point of failure. LayerZero says it had recommended a multi-DVN configuration, while Kelp has publicly pushed back on where responsibility sits. 
The real damage was not just the theft. Aave said its own contracts were not exploited, but it still froze affected markets because of the rsETH bridge incident. Reports since then say the event triggered heavy withdrawals, bad debt concerns, and a sharp drop in DeFi confidence far beyond Kelp itself. 
This is why the story feels bigger than a hack headline: the code did not need to break for trust to break. In DeFi, one weak cross-chain assumption can turn yield into panic in a matter of hours.
#KelpDAO
#defi
#CryptoHack
#rseth
#Web3Security
$GPSUSDT Quick Analysis @ $0.00999
GoPlus Security ($GPS ) is finding its direction with a sharp +17.81% move in 24h, zeroing in on the critical $0.01 psychological resistance. The surge follows the recent launch of the GoPlus Security API for AI Agents, which is designed to handle 30M+ calls across 40+ chains, addressing the urgent "Agent-to-Agent" security gap.
Narrative Check: As AI agents begin to trade autonomously in 2026, $GPS is positioning itself as the "Security Guard" for the agentic economy. With the SafuSkill Marketplace now live on BNB Chain and the upcoming DeepScan SDK rollout, the protocol is evolving from a data provider to a modular infrastructure play. Momentum is being driven by the "AI x Security" narrative, as traders look for projects with actual revenue-generating utility.
TA Snapshot
Immediate Resistance: Pressing against $0.01020. A decisive daily close above this level could trigger a "blue sky" run toward the next pivot at $0.01150.
Support Base: Reclaimed the 7-day SMA at $0.00855. Strong liquidity clusters remain at $0.00900.
Momentum: MACD has flashed a fresh bullish cross on the 4H timeframe. RSI is heating up at 68, approaching the overbought zone but still showing room for a final push.
The setup is "coiling" for a volatility event. Watch for a volume-backed break of the $0.01 barrier or a healthy retest of the $0.0092 level before the next leg.
DYOR | NFA
#GPS #GoPlusSecurity #AI #Web3Security #GPSUSDT @GoPlus Security @EliteDailySignals $GPS
📹 We Live-stream a Bitcoin Footprint Chart every US (NY) session, it runs from ⏰️ 9h30 am EST/ (14h30 GMT) Set an Alarm, be disciplined! 🇺🇲🇬🇧🇩🇪
Move with the market - move with us!
GoPlus Security ($GPS ) is finding its direction with a sharp +17.81% move in 24h, zeroing in on the critical $0.01 psychological resistance. The surge follows the recent launch of the GoPlus Security API for AI Agents, which is designed to handle 30M+ calls across 40+ chains, addressing the urgent "Agent-to-Agent" security gap.
Narrative Check: As AI agents begin to trade autonomously in 2026, $GPS is positioning itself as the "Security Guard" for the agentic economy. With the SafuSkill Marketplace now live on BNB Chain and the upcoming DeepScan SDK rollout, the protocol is evolving from a data provider to a modular infrastructure play. Momentum is being driven by the "AI x Security" narrative, as traders look for projects with actual revenue-generating utility.
TA Snapshot
Immediate Resistance: Pressing against $0.01020. A decisive daily close above this level could trigger a "blue sky" run toward the next pivot at $0.01150.
Support Base: Reclaimed the 7-day SMA at $0.00855. Strong liquidity clusters remain at $0.00900.
Momentum: MACD has flashed a fresh bullish cross on the 4H timeframe. RSI is heating up at 68, approaching the overbought zone but still showing room for a final push.
The setup is "coiling" for a volatility event. Watch for a volume-backed break of the $0.01 barrier or a healthy retest of the $0.0092 level before the next leg.
DYOR | NFA
#GPS #GoPlusSecurity #AI #Web3Security #GPSUSDT @GoPlus Security @EliteDailySignals $GPS
📹 We Live-stream a Bitcoin Footprint Chart every US (NY) session, it runs from ⏰️ 9h30 am EST/ (14h30 GMT) Set an Alarm, be disciplined! 🇺🇲🇬🇧🇩🇪
Move with the market - move with us!
cryptowithsam:
yeah 👍
$GPS gaining +18.34% today in the security sector of crypto is interesting context. As Web3 grows, security infrastructure becomes more valuable — more assets on-chain means more need for protection layers. GoPlus Security addresses this.
#GPS #GoPlus #Web3Security
#GPS #GoPlus #Web3Security
🔥 Aave just got hit with a $292M exploit.
And one of the most respected voices in crypto just said it survives.
Dragonfly's Haseeb Qureshi came out immediately. Clear. Calm. Direct. Aave will absorb some debt from the KelpDAO rsETH exploit. But the equity is there. The protocol holds.
This matters more than the headline number.
Because $292M sounds catastrophic until you understand what Aave actually is. This isn't a startup with a treasury held together by token emissions and hope. This is battle-tested, revenue-generating DeFi infrastructure that has weathered storms most protocols didn't survive.
Haseeb reminded everyone of something the panic merchants conveniently forget.
DeFi has been here before.
2020 liquidation cascade failures nearly broke the entire system. Survived. Terra collapse $40 billion evaporated overnight, contagion spread everywhere. Survived. 2022 stETH depeg Celsius went under, Three Arrows collapsed, the whole sector bled. Survived.
Every single time, the protocols that were real came out the other side stronger. More audited. More capitalized. More trusted.
The weak hands exited. The infrastructure remained.
Here's the cold truth about DeFi that critics refuse to acknowledge it doesn't need to be perfect. It needs to be resilient. And Aave has proven resilience in conditions that would have bankrupted any traditional financial institution without a government bailout.
No bailout coming here. Just equity. Just code. Just survival.
This is what antifragile actually looks like.
#Aave #KelpDAO #DeFi #CryptoHack #Web3Security
And one of the most respected voices in crypto just said it survives.
Dragonfly's Haseeb Qureshi came out immediately. Clear. Calm. Direct. Aave will absorb some debt from the KelpDAO rsETH exploit. But the equity is there. The protocol holds.
This matters more than the headline number.
Because $292M sounds catastrophic until you understand what Aave actually is. This isn't a startup with a treasury held together by token emissions and hope. This is battle-tested, revenue-generating DeFi infrastructure that has weathered storms most protocols didn't survive.
Haseeb reminded everyone of something the panic merchants conveniently forget.
DeFi has been here before.
2020 liquidation cascade failures nearly broke the entire system. Survived. Terra collapse $40 billion evaporated overnight, contagion spread everywhere. Survived. 2022 stETH depeg Celsius went under, Three Arrows collapsed, the whole sector bled. Survived.
Every single time, the protocols that were real came out the other side stronger. More audited. More capitalized. More trusted.
The weak hands exited. The infrastructure remained.
Here's the cold truth about DeFi that critics refuse to acknowledge it doesn't need to be perfect. It needs to be resilient. And Aave has proven resilience in conditions that would have bankrupted any traditional financial institution without a government bailout.
No bailout coming here. Just equity. Just code. Just survival.
This is what antifragile actually looks like.
#Aave #KelpDAO #DeFi #CryptoHack #Web3Security
🚨 DEFI EMERGENCY: The $292M Kelp DAO Exploit Explained!
The Attack: A massive breach allowed hackers to mint 116,500 rsETH out of thin air.
The Culprit: Initial reports link the attack to the Lazarus Group (North Korea).
Contagion: Over 15 protocols (including Ethena and TRON DAO) have frozen their bridges to stop the bleeding.
Stay Safe: If you hold rsETH, check your wallet immediately. Aave has already frozen these markets to protect users.
👉 Do follow for the latest DeFi security patches and safety tips!
#KelpDAOFacesAttack #DeFiExploit #Web3Security #ETH #LazarusGroup $
The Attack: A massive breach allowed hackers to mint 116,500 rsETH out of thin air.
The Culprit: Initial reports link the attack to the Lazarus Group (North Korea).
Contagion: Over 15 protocols (including Ethena and TRON DAO) have frozen their bridges to stop the bleeding.
Stay Safe: If you hold rsETH, check your wallet immediately. Aave has already frozen these markets to protect users.
👉 Do follow for the latest DeFi security patches and safety tips!
#KelpDAOFacesAttack #DeFiExploit #Web3Security #ETH #LazarusGroup $
Security and simplicity usually pull in opposite directions, but @ston_fi and @thisisarculus are proving they can coexist on the @ton_blockchain.
On April 23, they're going live to break down how to keep your DeFi assets secure using Arculus
, a 3-factor authentication system (app + card + biometrics), while leveraging STONfi for seamless swaps.
What they can covering:
1. Non-custodial 101: Keeping control of your keys without the headache.
2. Live Workflow: Navigating STON.fi swaps and liquidity via Arculus.
3. Security Checklist: Critical common mistakes to avoid in DeFi.
🎁 Bonus: There is a 150 $STON giveaway for those who tune in and answer the stream question on X by April 24.
📅 Save the Date: April 23 | 15:00 UTC (4 PM WAT)
#TON #STON #DeFi #WalletConnect #Web3Security $HIGH $CFG $TST #
On April 23, they're going live to break down how to keep your DeFi assets secure using Arculus
, a 3-factor authentication system (app + card + biometrics), while leveraging STONfi for seamless swaps.
What they can covering:
1. Non-custodial 101: Keeping control of your keys without the headache.
2. Live Workflow: Navigating STON.fi swaps and liquidity via Arculus.
3. Security Checklist: Critical common mistakes to avoid in DeFi.
🎁 Bonus: There is a 150 $STON giveaway for those who tune in and answer the stream question on X by April 24.
📅 Save the Date: April 23 | 15:00 UTC (4 PM WAT)
#TON #STON #DeFi #WalletConnect #Web3Security $HIGH $CFG $TST #
1️⃣ Security Alert: $482.6M Lost in Q1 ⚠️
According to the latest Hacken report, Web3 losses surged 20.9% this quarter. Phishing accounts for 63.4% of these losses ($306M).
• Pro Tip: Verify every link and never share your seed phrase. Stay sharp!
2️⃣ Market Momentum: $币安人生 (USDT) Explodes! 🚀
While security is a concern, certain assets are showing incredible strength.
• Performance: Up +40.06% today!
• Current Price: $0.4699
• Technical View: Hit a 24h high of $0.4880. With RSI at 86, we are in overbought territory. Expect a short-term consolidation before the next move.
Final Verdict: Bullish on the asset, but Bearish on market security. Trade with a Stop-Loss! 🛑
🔔 Follow for elite market analysis and real-time security alerts.
❤️ Like & Share to protect your fellow traders!
💰 Support my work: If this data helps your portfolio, consider leaving a Tip. Your support drives high-quality research! 🤝
#BinanceLife #Web3Security #CryptoNews #Bullish #BinanceSquare #TradingSignals #TipsAppreciated
$币安人生
According to the latest Hacken report, Web3 losses surged 20.9% this quarter. Phishing accounts for 63.4% of these losses ($306M).
• Pro Tip: Verify every link and never share your seed phrase. Stay sharp!
2️⃣ Market Momentum: $币安人生 (USDT) Explodes! 🚀
While security is a concern, certain assets are showing incredible strength.
• Performance: Up +40.06% today!
• Current Price: $0.4699
• Technical View: Hit a 24h high of $0.4880. With RSI at 86, we are in overbought territory. Expect a short-term consolidation before the next move.
Final Verdict: Bullish on the asset, but Bearish on market security. Trade with a Stop-Loss! 🛑
🔔 Follow for elite market analysis and real-time security alerts.
❤️ Like & Share to protect your fellow traders!
💰 Support my work: If this data helps your portfolio, consider leaving a Tip. Your support drives high-quality research! 🤝
#BinanceLife #Web3Security #CryptoNews #Bullish #BinanceSquare #TradingSignals #TipsAppreciated
$币安人生
FXRonin:
Appreciate your work. Just connected with you. If you add me back, our posts will show up on each others feeds daily for better reach. Sorry for the bother.
🚨 Security Alert: Rhea Finance Breach Update 🚨
The $RHEA Finance team recently confirmed a major security breach. The damage was initially estimated at $7.6 million, but new reports indicate the amount has risen to $18.4 million.
🔍 What happened? (Post-mortem Analysis)
Detailed analysis conducted on Friday revealed that the attacker misused the protocol's Margin Trading feature. The attacker cleverly constructed a "swap route" that exploited the protocol's vulnerabilities.
🛡️ Recovery Updates:
The Rhea Finance team has taken immediate action and successfully secured some funds:
4.34 million USDT has been frozen.
Work is underway with security firms and exchanges to track the remaining stolen funds.
Note: If you are using the Rhea Finance protocol, please monitor official channels and wait for further updates before conducting any new transactions.
#RheaFinance #CryptoHack #defi #Web3Security #BlockchainNews #CryptoUpdate #NS3AI
The $RHEA Finance team recently confirmed a major security breach. The damage was initially estimated at $7.6 million, but new reports indicate the amount has risen to $18.4 million.
🔍 What happened? (Post-mortem Analysis)
Detailed analysis conducted on Friday revealed that the attacker misused the protocol's Margin Trading feature. The attacker cleverly constructed a "swap route" that exploited the protocol's vulnerabilities.
🛡️ Recovery Updates:
The Rhea Finance team has taken immediate action and successfully secured some funds:
4.34 million USDT has been frozen.
Work is underway with security firms and exchanges to track the remaining stolen funds.
Note: If you are using the Rhea Finance protocol, please monitor official channels and wait for further updates before conducting any new transactions.
#RheaFinance #CryptoHack #defi #Web3Security #BlockchainNews #CryptoUpdate #NS3AI
A security researcher on Reddit has uncovered a fake Ledger Nano S+ being sold on a Chinese marketplace at the same price as the official device.
The counterfeit hardware looked legitimate from the outside, but an internal analysis revealed a generic ESP32-S3 chip by Espressif Systems instead of the secure element used in real Ledger devices. Some component markings were deliberately scraped off, and sensitive data, including PIN codes and seed phrases, were found stored in plain text in the device's firmware.
The attack does not rely on bypassing Ledger's security. The official Ledger Live app correctly detects the fake device through its built-in Genuine Check. The real threat comes from a QR code inside the packaging that redirects users to a cloned website resembling ledger.com. From there, users are pushed to download malicious versions of Ledger Live for Android, iOS, Windows, and macOS.
These fake apps show a hardcoded verification screen that does not actually check anything. In the background, they capture seed phrases and send them to attacker-controlled servers. The Android version also monitors wallet balances and intercepts communication between the device and the app.
The researcher linked the operation to a Shanghai-registered shell company set up specifically to sell on JD.com, with infrastructure supporting multiple distribution channels across desktop and mobile.
The scam appears to be designed to target first-time hardware wallet users, who are more likely to follow onboarding instructions, scan QR codes, and download software from links in the box.
Ledger has not issued a public statement, but a verified support account asked the researcher to file a formal report. Always buy hardware wallets from official sources and download software only from the official website.
#CryptoSecurity #Ledger #Cryptoscam #Web3Security #phishingscam
The counterfeit hardware looked legitimate from the outside, but an internal analysis revealed a generic ESP32-S3 chip by Espressif Systems instead of the secure element used in real Ledger devices. Some component markings were deliberately scraped off, and sensitive data, including PIN codes and seed phrases, were found stored in plain text in the device's firmware.
The attack does not rely on bypassing Ledger's security. The official Ledger Live app correctly detects the fake device through its built-in Genuine Check. The real threat comes from a QR code inside the packaging that redirects users to a cloned website resembling ledger.com. From there, users are pushed to download malicious versions of Ledger Live for Android, iOS, Windows, and macOS.
These fake apps show a hardcoded verification screen that does not actually check anything. In the background, they capture seed phrases and send them to attacker-controlled servers. The Android version also monitors wallet balances and intercepts communication between the device and the app.
The researcher linked the operation to a Shanghai-registered shell company set up specifically to sell on JD.com, with infrastructure supporting multiple distribution channels across desktop and mobile.
The scam appears to be designed to target first-time hardware wallet users, who are more likely to follow onboarding instructions, scan QR codes, and download software from links in the box.
Ledger has not issued a public statement, but a verified support account asked the researcher to file a formal report. Always buy hardware wallets from official sources and download software only from the official website.
#CryptoSecurity #Ledger #Cryptoscam #Web3Security #phishingscam
Ak chcete preskúmať ďalší obsah, prihláste sa