SlowMist
1,432 views
7 Discussing
Hot
Latest
šØ URGENT SECURITY ALERT: HashiCorp Vault Vulnerabilities Expose Crypto Wallets & Keys
š Critical Risk:Ā MultipleĀ zero-day vulnerabilitiesĀ found inĀ HashiCorp Vaultāa top tool for crypto wallet/key management.
Exploits could:
ā Ā Bypass MFA & locks
ā Ā Enable remote code execution
ā Ā Compromise entire infrastructures
š”ļø Action Steps:
1ļøā£Ā Upgrade immediatelyĀ to the latest patched version.
2ļøā£Ā Audit access logsĀ for suspicious activity.
3ļøā£Ā Isolate critical systemsĀ until confirmed secure.
š Official Response:
HashiCorp + CyataĀ are collaborating on fixes.
SlowMist CISOĀ warns:Ā "Delay = Risk."
#HashiCorp #SlowMist #BinanceSecurity
š¬ Discussion:
āĀ Are your orgs affected?Ā Comment protocols below!
āĀ Tag projects using HashiCorp Vault!
š Critical Risk:Ā MultipleĀ zero-day vulnerabilitiesĀ found inĀ HashiCorp Vaultāa top tool for crypto wallet/key management.
Exploits could:
ā Ā Bypass MFA & locks
ā Ā Enable remote code execution
ā Ā Compromise entire infrastructures
š”ļø Action Steps:
1ļøā£Ā Upgrade immediatelyĀ to the latest patched version.
2ļøā£Ā Audit access logsĀ for suspicious activity.
3ļøā£Ā Isolate critical systemsĀ until confirmed secure.
š Official Response:
HashiCorp + CyataĀ are collaborating on fixes.
SlowMist CISOĀ warns:Ā "Delay = Risk."
#HashiCorp #SlowMist #BinanceSecurity
š¬ Discussion:
āĀ Are your orgs affected?Ā Comment protocols below!
āĀ Tag projects using HashiCorp Vault!
šØ Breaking News Alert šØ
ā ļø Fake Ledger Scam Resurfaces ā Targeting High-Net-Worth Users! š¤š°
According to PANews, the notorious āFake Ledgerā scam is BACK!
Hackers are š¦ mailing counterfeit Ledger devices with fake manuals, urging victims to enter their real recovery phrases into a šµļøāāļø malicious app ā leading to šø asset theft!
This attack, first spotted in 2021, now includes:
š Preset recovery phrases
š² Tampered RNG chips
š§ Expert Warning: These physical phishing attacks may seem rare but have a š high success rate, especially among š¼ high-net-worth users.
How to Stay Safe:
ā Never enter your seed phrase into ANY app or website
ā Buy ONLY from official sources
ā Donāt trust unsolicited packages ā even if it looks āofficialā
š Protect your crypto. Stay sharp. Stay safe!
#CryptoSecurity #LedgerScam #Web3Alert #PhishingScam #SlowMist
$BTC
$ETH
$XRP
ā ļø Fake Ledger Scam Resurfaces ā Targeting High-Net-Worth Users! š¤š°
According to PANews, the notorious āFake Ledgerā scam is BACK!
Hackers are š¦ mailing counterfeit Ledger devices with fake manuals, urging victims to enter their real recovery phrases into a šµļøāāļø malicious app ā leading to šø asset theft!
This attack, first spotted in 2021, now includes:
š Preset recovery phrases
š² Tampered RNG chips
š§ Expert Warning: These physical phishing attacks may seem rare but have a š high success rate, especially among š¼ high-net-worth users.
How to Stay Safe:
ā Never enter your seed phrase into ANY app or website
ā Buy ONLY from official sources
ā Donāt trust unsolicited packages ā even if it looks āofficialā
š Protect your crypto. Stay sharp. Stay safe!
#CryptoSecurity #LedgerScam #Web3Alert #PhishingScam #SlowMist
$BTC
$ETH
$XRP
$27M Heist Hits BigONE in Sophisticated Supply Chain Attack šØ
In a major blow to crypto security, BigONE Exchange has fallen victim to a supply chain attack that drained over $27 million from its platform.
š According to on-chain security firm SlowMist, the attacker compromised BigONEās production networkāspecifically the servers handling account management and risk control.
Instead of stealing private keys, the attacker manipulated the operating logic of these systems, authorizing fraudulent withdrawals without triggering alarms.
š» The breach allowed the hacker to siphon funds across multiple chains including Ethereum, BNB Chain, Solana, Bitcoin, and Tron. SlowMist has already tracked the suspicious wallet addresses and is actively monitoring the movement of stolen assets.
š”ļø In response, BigONE has:
Shut down deposit and withdrawal services temporarily
Identified and patched the vulnerability
Activated internal security reserves to protect user assets
Started borrowing external liquidity to restore platform operations
āAll private keys remain secure,ā said BigONE, adding that services will resume shortly after implementing enhanced security reinforcements.
This incident underscores a growing threat in the crypto world: server-side logic manipulation, where attackers donāt need access to walletsāthey just change the rules of the game.
Stay alert, stay secure. š§ š
#BigONE #CryptoHack #SupplyChainAttack #SlowMist #Web3Security
In a major blow to crypto security, BigONE Exchange has fallen victim to a supply chain attack that drained over $27 million from its platform.
š According to on-chain security firm SlowMist, the attacker compromised BigONEās production networkāspecifically the servers handling account management and risk control.
Instead of stealing private keys, the attacker manipulated the operating logic of these systems, authorizing fraudulent withdrawals without triggering alarms.
š» The breach allowed the hacker to siphon funds across multiple chains including Ethereum, BNB Chain, Solana, Bitcoin, and Tron. SlowMist has already tracked the suspicious wallet addresses and is actively monitoring the movement of stolen assets.
š”ļø In response, BigONE has:
Shut down deposit and withdrawal services temporarily
Identified and patched the vulnerability
Activated internal security reserves to protect user assets
Started borrowing external liquidity to restore platform operations
āAll private keys remain secure,ā said BigONE, adding that services will resume shortly after implementing enhanced security reinforcements.
This incident underscores a growing threat in the crypto world: server-side logic manipulation, where attackers donāt need access to walletsāthey just change the rules of the game.
Stay alert, stay secure. š§ š
#BigONE #CryptoHack #SupplyChainAttack #SlowMist #Web3Security
ā ļø Warning: $EOS Address Spoofing Attack!
#SlowMist reports an ongoing attack in the EOS network where scammers are creating fake accounts resembling #OKX and Binance. They send small amounts (0.001 EOS) to users with the goal of tricking them into making transactions, leading to stolen funds. šš°
Be cautious, double-check addresses before interacting with any EOS transactions, and stay alert! š„
#EOSé大å©å„½
#SlowMist reports an ongoing attack in the EOS network where scammers are creating fake accounts resembling #OKX and Binance. They send small amounts (0.001 EOS) to users with the goal of tricking them into making transactions, leading to stolen funds. šš°
Be cautious, double-check addresses before interacting with any EOS transactions, and stay alert! š„
#EOSé大å©å„½
SlowMist Security Alert: Android banking Trojan "Crocodilus" attacks crypto users
On June 4, SlowMist issued a security alert that the Android banking Trojan "Crocodilus" has recently been upgraded and has attacked global cryptocurrency users and banking applications. The main threats include:
Spreading through fake browser updates in Facebook ads;
Using overlay attacks to steal login credentials;
Extracting crypto wallet mnemonics and private keys;
Injecting fake "bank support" numbers into contact lists;
Malware as a service: available for rent ($100-300 per attack).
Remind users to avoid unknown app updates and ad links.
#Trojan #SlowMist
On June 4, SlowMist issued a security alert that the Android banking Trojan "Crocodilus" has recently been upgraded and has attacked global cryptocurrency users and banking applications. The main threats include:
Spreading through fake browser updates in Facebook ads;
Using overlay attacks to steal login credentials;
Extracting crypto wallet mnemonics and private keys;
Injecting fake "bank support" numbers into contact lists;
Malware as a service: available for rent ($100-300 per attack).
Remind users to avoid unknown app updates and ad links.
#Trojan #SlowMist
Login to explore more contents