安全漏洞
35,126 views
16 Discussing
Hot
Latest
See original
OKX security breach triggers capital outflow: $204 million evacuated in 24 hours
Recently, the cryptocurrency exchange OKX encountered a major crisis of trust. The security vulnerabilities exposed by the authentication system damaged user confidence and triggered a large-scale outflow of funds.
In the past 24 hours, OKX's capital outflow reached 204 million US dollars, and the cumulative outflow in the past week reached 630 million US dollars, which exceeded the outflow of other major cryptocurrency exchanges.
OKX’s design flaws
On June 9, the OKX exchange’s two-factor authentication (2FA) security system was revealed to have a flaw that caused two users to lose a large amount of money in a suspected SIM swap attack. Yu Xian, founder of blockchain security company SlowMist, noted that before users established a new API key for account verification, they received a text message risk notification from Hong Kong.
In the past 24 hours, OKX's capital outflow reached 204 million US dollars, and the cumulative outflow in the past week reached 630 million US dollars, which exceeded the outflow of other major cryptocurrency exchanges.
OKX’s design flaws
On June 9, the OKX exchange’s two-factor authentication (2FA) security system was revealed to have a flaw that caused two users to lose a large amount of money in a suspected SIM swap attack. Yu Xian, founder of blockchain security company SlowMist, noted that before users established a new API key for account verification, they received a text message risk notification from Hong Kong.
See original
Turnaround | Gaming platform security breach ends with $62 million in cryptocurrency returns
Late on Tuesday night, the crypto community witnessed another breach. Ethereum Layer-2 NFT gaming platform Munchables reported that it was attacked on an X post.
The cryptocurrency heist, which at one point stole more than $62 million, took a shocking turn when the identity of the attacker was revealed.
Cryptocurrency Developer Turns Hacker
Yesterday, Blast-powered gaming platform Munchables suffered a security breach that resulted in the theft of 17,400 ETH worth approximately $62.5 million. Shortly after this X announcement, crypto sleuth ZachXBT revealed the amount stolen and the address to which the funds were sent.
The cryptocurrency heist, which at one point stole more than $62 million, took a shocking turn when the identity of the attacker was revealed.
Cryptocurrency Developer Turns Hacker
Yesterday, Blast-powered gaming platform Munchables suffered a security breach that resulted in the theft of 17,400 ETH worth approximately $62.5 million. Shortly after this X announcement, crypto sleuth ZachXBT revealed the amount stolen and the address to which the funds were sent.
See original
Hackers reveal security flaw that allowed unauthorized access to 2-factor verification codes
Summary:
•A security researcher recently revealed that a large database containing company two-step verification codes was publicly exposed.
•The data relates to a service used by Google, Meta and TikTok to send text messages containing verification codes to verify a user's identity as quickly as possible. .
•These two-factor authentications present many forms of crime, from hacking into a person's iCloud to stealing their phone number to bypassing encryption.
A security researcher has discovered an unprotected database that managed access to the services of some of the world's largest tech companies. The database belongs to a short message service (SMS) routing operator responsible for sending two-factor authentication (2FA) codes to users of Meta, Google and possibly crypto companies.
•A security researcher recently revealed that a large database containing company two-step verification codes was publicly exposed.
•The data relates to a service used by Google, Meta and TikTok to send text messages containing verification codes to verify a user's identity as quickly as possible. .
•These two-factor authentications present many forms of crime, from hacking into a person's iCloud to stealing their phone number to bypassing encryption.
A security researcher has discovered an unprotected database that managed access to the services of some of the world's largest tech companies. The database belongs to a short message service (SMS) routing operator responsible for sending two-factor authentication (2FA) codes to users of Meta, Google and possibly crypto companies.
See original
💰 Mt. Gox has seen huge asset flows again, with more than $2 billion in Bitcoin mysteriously transferred!
Mt. Gox, once the world's leading Bitcoin exchange, later went bankrupt due to a hacker attack. But just yesterday, the bankrupt exchange transferred 32,371 Bitcoins (worth $2.19 billion) to an undisclosed address.
At that time, the price of Bitcoin fluctuated between $65,000 and $73,000, and the world was nervously waiting for the results of the US election. This series of actions also caused the entire community to speculate!
According to Arkham Intelligence monitoring data, Mt. Gox's wallet first transferred 30,371 Bitcoins to a wallet starting with "1FG2Cv...", and then transferred 2,000 Bitcoins to another address.
Mt. Gox currently holds 44,378 Bitcoins, which is worth about $3 billion at the current market price. Many experts speculate that the movement of these wallets may be related to their planned settlement and repayment of creditors after their bankruptcy in 2014.
Although the Mt. Gox exchange has ceased operations, its wallets are still active. For example, after the transfer of 32,371 BTC, there was a buy/sell action of 2,000 Bitcoins, and recently they transferred 500 Bitcoins (about 35 million US dollars) to an undisclosed address.
Mt. Gox once handled more than 70% of the world's cryptocurrency transactions, but lost 850,000 Bitcoins due to hacking and security vulnerabilities between 2011 and 2014. Although 140,000 Bitcoins were recovered, it was not enough to avoid its bankruptcy fate.
As part of the bankruptcy plan, Mt. Gox had to choose to pay back creditors and former customers. As a result, their trustee applied for an extension of the repayment deadline, and the new repayment period is set in the last week of October 2025.
Mt. Gox now faces a difficult repayment process involving billions of dollars. Because of the huge amount, some analysts are worried that former creditors of Mt. Gox may sell their digital assets, which may trigger a market sell-off.
After all, it's not just about money, but also about the stability and transparency of the cryptocurrency market.
💬What do you think of this? What do you think is the logic behind this? Is it a series of repayment actions to cooperate with the debt repayment process, or a potential arbitrage action?
#MtGox破产 #比特币损失 #安全漏洞
Mt. Gox, once the world's leading Bitcoin exchange, later went bankrupt due to a hacker attack. But just yesterday, the bankrupt exchange transferred 32,371 Bitcoins (worth $2.19 billion) to an undisclosed address.
At that time, the price of Bitcoin fluctuated between $65,000 and $73,000, and the world was nervously waiting for the results of the US election. This series of actions also caused the entire community to speculate!
According to Arkham Intelligence monitoring data, Mt. Gox's wallet first transferred 30,371 Bitcoins to a wallet starting with "1FG2Cv...", and then transferred 2,000 Bitcoins to another address.
Mt. Gox currently holds 44,378 Bitcoins, which is worth about $3 billion at the current market price. Many experts speculate that the movement of these wallets may be related to their planned settlement and repayment of creditors after their bankruptcy in 2014.
Although the Mt. Gox exchange has ceased operations, its wallets are still active. For example, after the transfer of 32,371 BTC, there was a buy/sell action of 2,000 Bitcoins, and recently they transferred 500 Bitcoins (about 35 million US dollars) to an undisclosed address.
Mt. Gox once handled more than 70% of the world's cryptocurrency transactions, but lost 850,000 Bitcoins due to hacking and security vulnerabilities between 2011 and 2014. Although 140,000 Bitcoins were recovered, it was not enough to avoid its bankruptcy fate.
As part of the bankruptcy plan, Mt. Gox had to choose to pay back creditors and former customers. As a result, their trustee applied for an extension of the repayment deadline, and the new repayment period is set in the last week of October 2025.
Mt. Gox now faces a difficult repayment process involving billions of dollars. Because of the huge amount, some analysts are worried that former creditors of Mt. Gox may sell their digital assets, which may trigger a market sell-off.
After all, it's not just about money, but also about the stability and transparency of the cryptocurrency market.
💬What do you think of this? What do you think is the logic behind this? Is it a series of repayment actions to cooperate with the debt repayment process, or a potential arbitrage action?
#MtGox破产 #比特币损失 #安全漏洞
See original
A competitor has released a major scoop!
Current comprehensive news is that the multi-signature wallet of Bybit has been hacked; security in the crypto space is truly the most important thing!!!
#安全漏洞
Current comprehensive news is that the multi-signature wallet of Bybit has been hacked; security in the crypto space is truly the most important thing!!!
#安全漏洞
See original
Loopring Wallet responds to $5 million security breach, launching emergency measures to ensure user assets are safe
Loopring, an Ethereum zero-knowledge rollup protocol, announced on Sunday that its smart wallet had suffered a major security breach, with attackers impersonating wallet owners to reset ownership and redeem assets.
The attack was allegedly linked to Loopring's official Guardian service, and the project is currently working with security and law enforcement agencies to investigate how the two-factor authentication system was compromised and hunt down the cybercriminals.
Loopring officially discloses the theft
According to a comprehensive announcement released by Loopring on the X platform, the attacker targeted a subset of wallets and exploited a vulnerability in the official Guardian service. This caused some wallets in Loopring to fall victim to this security breach.
The attack was allegedly linked to Loopring's official Guardian service, and the project is currently working with security and law enforcement agencies to investigate how the two-factor authentication system was compromised and hunt down the cybercriminals.
Loopring officially discloses the theft
According to a comprehensive announcement released by Loopring on the X platform, the attacker targeted a subset of wallets and exploited a vulnerability in the official Guardian service. This caused some wallets in Loopring to fall victim to this security breach.
See original
CoinStats suspends service due to security breach, 1,590 wallets affected
Cryptocurrency portfolio management app CoinStats has temporarily shut down its app to address a security breach that affected 1,590 wallets.
According to CoinStats, the number of affected wallets only accounts for 1.3% of all wallets, and the centralized exchanges (CEX) connected to these wallets were not affected.
Emergency security operations launched to address security breaches
Cryptocurrency portfolio management app CoinStats has urgently suspended its services due to a security incident. The incident affected 1,590 user wallets, accounting for 1.3% of the total number of CoinStats wallets. Fortunately, the centralized exchanges connected to these wallets were not affected by the security breach. At the same time, CoinStats is currently investigating scam notifications received by some iOS and Android users.
According to CoinStats, the number of affected wallets only accounts for 1.3% of all wallets, and the centralized exchanges (CEX) connected to these wallets were not affected.
Emergency security operations launched to address security breaches
Cryptocurrency portfolio management app CoinStats has urgently suspended its services due to a security incident. The incident affected 1,590 user wallets, accounting for 1.3% of the total number of CoinStats wallets. Fortunately, the centralized exchanges connected to these wallets were not affected by the security breach. At the same time, CoinStats is currently investigating scam notifications received by some iOS and Android users.
See original
GoPlus Security Team Professional Guide: Blockchain Asset Security Remediation Measures
The security of blockchain assets is of vital importance to users. When assets are stolen, the GoPlus Security Team recommends that users take the following professional remediation measures:
I. Take immediate action
1. Analyze the cause of the theft: Check whether the assets were stolen due to private key leakage, authorization to malicious addresses, etc.
2. Asset rescue: If there are still remaining assets in the wallet, transfer them to a safe new wallet immediately.
3. Track the flow of funds: Use blockchain analysis tools to track the flow path of stolen funds and provide clues for asset recovery.
II. Report to relevant departments
1. Contact wallet customer service: Feedback the problem to the wallet provider and get technical support.
2. Call the police: Report to the local police, provide all relevant information, and assist the police in the investigation.
III. Ask for help from the blockchain community
1. Publish an announcement: Publish the news of asset theft on social media and seek help from the community.
2. Provide rewards: Set up rewards to encourage white hats or community members to help recover assets.
IV. Preventing future risks
1. Strengthen security awareness: Learn more about blockchain security and improve prevention awareness.
2. Use cold wallets: Store most assets in offline cold wallets to reduce the risk of theft.
3. Safe backup: Regularly back up wallet private keys and mnemonics and keep them properly.
The GoPlus security team emphasizes that timely action and multiple remedial measures are the key to reducing losses. At the same time, users should improve security awareness, strengthen preventive measures, and ensure the security of blockchain assets.
#安全漏洞
The security of blockchain assets is of vital importance to users. When assets are stolen, the GoPlus Security Team recommends that users take the following professional remediation measures:
I. Take immediate action
1. Analyze the cause of the theft: Check whether the assets were stolen due to private key leakage, authorization to malicious addresses, etc.
2. Asset rescue: If there are still remaining assets in the wallet, transfer them to a safe new wallet immediately.
3. Track the flow of funds: Use blockchain analysis tools to track the flow path of stolen funds and provide clues for asset recovery.
II. Report to relevant departments
1. Contact wallet customer service: Feedback the problem to the wallet provider and get technical support.
2. Call the police: Report to the local police, provide all relevant information, and assist the police in the investigation.
III. Ask for help from the blockchain community
1. Publish an announcement: Publish the news of asset theft on social media and seek help from the community.
2. Provide rewards: Set up rewards to encourage white hats or community members to help recover assets.
IV. Preventing future risks
1. Strengthen security awareness: Learn more about blockchain security and improve prevention awareness.
2. Use cold wallets: Store most assets in offline cold wallets to reduce the risk of theft.
3. Safe backup: Regularly back up wallet private keys and mnemonics and keep them properly.
The GoPlus security team emphasizes that timely action and multiple remedial measures are the key to reducing losses. At the same time, users should improve security awareness, strengthen preventive measures, and ensure the security of blockchain assets.
#安全漏洞
See original
A major vulnerability in Apple's commonly used software could be exploited by hackers to steal wallets
🚂Cisco Talos, a cybersecurity company, recently discovered eight vulnerabilities in the Microsoft 365 app for macOS. Hackers can use these vulnerabilities to bypass the macOS permission model and use existing application permissions to perform malicious operations without additional user verification. In short,
Hackers can send emails, record audio, take photos or videos without the user's permission.
Talos reported these vulnerabilities to the Microsoft team, and Microsoft responded that these vulnerabilities are of low risk. Since these Microsoft applications need to allow unsigned libraries to be loaded to support plug-in functionality, these vulnerabilities cannot be fixed. However, Microsoft has fixed the vulnerabilities for the following applications that do not support plug-ins:
Hackers can send emails, record audio, take photos or videos without the user's permission.
Talos reported these vulnerabilities to the Microsoft team, and Microsoft responded that these vulnerabilities are of low risk. Since these Microsoft applications need to allow unsigned libraries to be loaded to support plug-in functionality, these vulnerabilities cannot be fixed. However, Microsoft has fixed the vulnerabilities for the following applications that do not support plug-ins:
See original
🚨Shocked! YOLO GAMES LBP sales are urgently stopped and funds are fully refunded. The reason behind this is...😱💥
[YOLO GAMES: Due to security vulnerabilities in Bazaar LBP smart contracts, YOLO LBP sales ended early]
Never expected! Blast ecosystem project YOLO GAMES broke the news on social platforms that due to major security vulnerabilities found in Bazaar LBP smart contracts, YOLO LBP sales were forced to end early! 👀 Users will no longer be able to participate in LBP, but don't worry, all users who purchased rYOLO during the sale will receive a full ETH refund based on the amount spent. The team is already processing it urgently and will complete the refund within a few days. 💸
The YOLO GAMES team is working closely to investigate the issue, and there will be more updates later. 🔍🔐
#YOLOGAMES #智能合约 #安全漏洞 #ETH退款 #非农就业人数高于预期
[YOLO GAMES: Due to security vulnerabilities in Bazaar LBP smart contracts, YOLO LBP sales ended early]
Never expected! Blast ecosystem project YOLO GAMES broke the news on social platforms that due to major security vulnerabilities found in Bazaar LBP smart contracts, YOLO LBP sales were forced to end early! 👀 Users will no longer be able to participate in LBP, but don't worry, all users who purchased rYOLO during the sale will receive a full ETH refund based on the amount spent. The team is already processing it urgently and will complete the refund within a few days. 💸
The YOLO GAMES team is working closely to investigate the issue, and there will be more updates later. 🔍🔐
#YOLOGAMES #智能合约 #安全漏洞 #ETH退款 #非农就业人数高于预期
See original
The New York Times revealed: OpenAI's 2023 security vulnerability was never made public
Despite the New York Times reporting that OpenAI had security vulnerabilities, the artificial intelligence company did not inform the FBI, law enforcement, or the public.
The New York Times reported on July 4 that artificial intelligence company OpenAI suffered a security breach in 2023 but chose not to disclose the incident. It is reported that the company's executives mentioned the security incident in an internal meeting in April but did not disclose it to the public on the grounds that the attackers did not have access to customer or partner information.
In addition, OpenAI's management also believes that this security incident does not pose a threat to national security because they judged that the attacker was an individual actor and had no connection with any foreign government, so they did not report the matter to the FBI or other law enforcement agencies.
The New York Times reported on July 4 that artificial intelligence company OpenAI suffered a security breach in 2023 but chose not to disclose the incident. It is reported that the company's executives mentioned the security incident in an internal meeting in April but did not disclose it to the public on the grounds that the attackers did not have access to customer or partner information.
In addition, OpenAI's management also believes that this security incident does not pose a threat to national security because they judged that the attacker was an individual actor and had no connection with any foreign government, so they did not report the matter to the FBI or other law enforcement agencies.
See original
Secure transactions in blockchain environment to avoid phishing attacks
GoPlus Security Team Professional Guide:
In order to ensure the security of users' transactions in the blockchain environment and effectively avoid becoming the target of phishing attacks, the GoPlus security team proposes the following professional guidelines:
1. Verify the source of information
Official channel confirmation: Make sure all transactions and login operations are conducted through official channels, such as official websites or official dapps. Avoid clicking on links from unknown sources, especially links in private messages received in emails, social media, or instant messaging apps. Bookmark frequently used websites and apps for quick access and avoid visiting fake websites.
In order to ensure the security of users' transactions in the blockchain environment and effectively avoid becoming the target of phishing attacks, the GoPlus security team proposes the following professional guidelines:
1. Verify the source of information
Official channel confirmation: Make sure all transactions and login operations are conducted through official channels, such as official websites or official dapps. Avoid clicking on links from unknown sources, especially links in private messages received in emails, social media, or instant messaging apps. Bookmark frequently used websites and apps for quick access and avoid visiting fake websites.
See original
Tether CEO issues security alert: Cryptocurrency company email service provider may have been hacked
Tether CEO Paolo Ardoino recently issued a warning to cryptocurrency users, reminding them to be wary of emails related to cryptocurrency airdrops that they have received in the past 24 hours.
Potential Phishing Attacks
In a post on social media platform X, Ardoino noted that they had obtained two independent documents that revealed a possible security breach and said the breach was related to a well-known email provider that often provided services to cryptocurrency companies.
He further stated that they would not disclose the specific name of the email service provider until the investigation was thoroughly completed. But he also advised users to be vigilant and avoid possible risks when receiving any emails mentioning cryptocurrency airdrops.
Potential Phishing Attacks
In a post on social media platform X, Ardoino noted that they had obtained two independent documents that revealed a possible security breach and said the breach was related to a well-known email provider that often provided services to cryptocurrency companies.
He further stated that they would not disclose the specific name of the email service provider until the investigation was thoroughly completed. But he also advised users to be vigilant and avoid possible risks when receiving any emails mentioning cryptocurrency airdrops.
Login to explore more contents