SlowMist_Team
0 Following
1 Followers
2 Liked
0 Shared
Posts
🚨SlowMist TI Alert🚨
MistEye has detected potential suspicious activities related to the @Bankroll_Status .
As always, stay vigilant!
https://bscscan.com/address/0xadefb902cab716b8043c5231ae9a50b8b4ee7c4e
MistEye has detected potential suspicious activities related to the @Bankroll_Status .
As always, stay vigilant!
https://bscscan.com/address/0xadefb902cab716b8043c5231ae9a50b8b4ee7c4e
🚨SlowMist Security Alert🚨
We have detected potential suspicious activities related to @meta_pool. The root cause is that the _deposit function has been rewritten, enabling arbitrary minting through the mint function without the need to transfer tokens.
As always, stay vigilant!
We have detected potential suspicious activities related to @meta_pool. The root cause is that the _deposit function has been rewritten, enabling arbitrary minting through the mint function without the need to transfer tokens.
As always, stay vigilant!
🚨 SlowMist Security Alert🚨
‼️Beware of a new threat from the LAZARUS APT group — #OtterCookie info-stealer malware is targeting professionals in the finance and crypto industries.
🎯 Attack tactics:
🔹Posing as reputable companies with fake interviews or investment pitches
🔹Using deepfakes to impersonate interviewers/investors in video calls
🔹Tricking victims into running malware disguised as coding challenges or video app updates
🔹Once executed, OtterCookie steals sensitive data silently
🕵️♂️ Targets include:
🔹Browser-stored credentials
🔹macOS Keychain passwords & certificates
🔹Locally stored crypto wallet info & private keys
🛡️ Stay safe:
🔹Verify all unsolicited job/investment offers
🔹Never run unknown binaries, especially “challenges” or “updates”
🔹Use anti-virus software and monitor for abnormal behaviors
📚 Read more about #APT:
https://t.co/hyzwQoiu23
cc @im23pds
‼️Beware of a new threat from the LAZARUS APT group — #OtterCookie info-stealer malware is targeting professionals in the finance and crypto industries.
🎯 Attack tactics:
🔹Posing as reputable companies with fake interviews or investment pitches
🔹Using deepfakes to impersonate interviewers/investors in video calls
🔹Tricking victims into running malware disguised as coding challenges or video app updates
🔹Once executed, OtterCookie steals sensitive data silently
🕵️♂️ Targets include:
🔹Browser-stored credentials
🔹macOS Keychain passwords & certificates
🔹Locally stored crypto wallet info & private keys
🛡️ Stay safe:
🔹Verify all unsolicited job/investment offers
🔹Never run unknown binaries, especially “challenges” or “updates”
🔹Use anti-virus software and monitor for abnormal behaviors
📚 Read more about #APT:
https://t.co/hyzwQoiu23
cc @im23pds
🚨SlowMist Security Alert🚨
SlowMist recently received intelligence indicating that the Lazarus APT group is using a new stealer called OtterCookie in targeted attacks on crypto & finance pros.
🎭Tactics:
- Fake job interviews/investor calls
- Deepfake videos to impersonate recruiters
- Malware disguised as “coding challenges” or “updates”
😈Steals:
- Browser-stored login credentials
- Passwords & certificates from macOS Keychain
- Wallet info & private keys
🛡️Security Recommendations:
🔹Treat unsolicited job/investment offers and remote interviews with caution.
🔹Never run unknown binaries, especially if presented as “technical challenges” or “update packages.”
🔹Enhance EDR capabilities and monitor for abnormal activity. Use antivirus tools and regularly audit your endpoints.
⚠️Stay safe — always verify before you trust.
#Lazarus #APT #OtterCookie #CryptoSecurity
SlowMist recently received intelligence indicating that the Lazarus APT group is using a new stealer called OtterCookie in targeted attacks on crypto & finance pros.
🎭Tactics:
- Fake job interviews/investor calls
- Deepfake videos to impersonate recruiters
- Malware disguised as “coding challenges” or “updates”
😈Steals:
- Browser-stored login credentials
- Passwords & certificates from macOS Keychain
- Wallet info & private keys
🛡️Security Recommendations:
🔹Treat unsolicited job/investment offers and remote interviews with caution.
🔹Never run unknown binaries, especially if presented as “technical challenges” or “update packages.”
🔹Enhance EDR capabilities and monitor for abnormal activity. Use antivirus tools and regularly audit your endpoints.
⚠️Stay safe — always verify before you trust.
#Lazarus #APT #OtterCookie #CryptoSecurity
⚠️As AI races forward, a darker side emerges: Unrestricted Large Language Models.
Unlike mainstream LLMs with built-in safety guards, these "jailbroken" or deliberately modified models are designed to bypass ethical restrictions—enabling phishing, malware generation, and fraud.
In this article, we explore the rise of tools like WormGPT, FraudGPT, and GhostGPT, their abuse in the crypto space, and the growing security challenges they pose.
Read the full analysis👇
https://t.co/yt1r95mlP4
#AI #Cybersecurity #LLM #Phishing #Malware
Unlike mainstream LLMs with built-in safety guards, these "jailbroken" or deliberately modified models are designed to bypass ethical restrictions—enabling phishing, malware generation, and fraud.
In this article, we explore the rise of tools like WormGPT, FraudGPT, and GhostGPT, their abuse in the crypto space, and the growing security challenges they pose.
Read the full analysis👇
https://t.co/yt1r95mlP4
#AI #Cybersecurity #LLM #Phishing #Malware
🚨 SlowMist Security Alert🚨
The Android banking trojan #Crocodilus is now targeting crypto users and banking apps globally after recent upgrades.
⚠️ Key threats:
🔹Spreads via fake browser updates in Facebook ads
🔹Steals login credentials using overlay attacks
🔹Extracts crypto wallet seed phrases & private keys
🔹Injects fake "bank support" numbers into contact lists
🔹Malware-as-a-Service: Available for rent (100–300 USDT/attack)
📵 Avoid unknown app updates & ad links.
Stay alert! (Source: @ThreatFabric)
The Android banking trojan #Crocodilus is now targeting crypto users and banking apps globally after recent upgrades.
⚠️ Key threats:
🔹Spreads via fake browser updates in Facebook ads
🔹Steals login credentials using overlay attacks
🔹Extracts crypto wallet seed phrases & private keys
🔹Injects fake "bank support" numbers into contact lists
🔹Malware-as-a-Service: Available for rent (100–300 USDT/attack)
📵 Avoid unknown app updates & ad links.
Stay alert! (Source: @ThreatFabric)
🚨May 2025 Web3 Security Recap🚨
📊According to SlowMist’s Hacked(https://t.co/e90CSvTm6B):
⚠️15 hacks ➡️ ~$257M lost
❄️~$162M recovered/frozen
🎣Phishing losses via @realScamSniffer:
7,164 victims ➡️ ~$9.6M stolen
Major incidents:
• Cetus Protocol lost $230M in a math overflow attack
• Cork Protocol exploited for $12M+ due to insufficient validation of user-supplied data
• BitoPro lost $11.5M; funds laundered via Tornado Cash, Thorchain, and Wasabi
• Demex lost $950K from an oracle manipulation targeting a deprecated vault
• Zunami Protocol lost $500K; root cause under investigation
Security Highlights:
⚠️Contract vulnerabilities caused 95% of total hack losses
🎭Account takeovers surged again
😈Lazarus Group is now targeting individuals—one victim lost $5.2M to malware
✍️Full report:
📊According to SlowMist’s Hacked(https://t.co/e90CSvTm6B):
⚠️15 hacks ➡️ ~$257M lost
❄️~$162M recovered/frozen
🎣Phishing losses via @realScamSniffer:
7,164 victims ➡️ ~$9.6M stolen
Major incidents:
• Cetus Protocol lost $230M in a math overflow attack
• Cork Protocol exploited for $12M+ due to insufficient validation of user-supplied data
• BitoPro lost $11.5M; funds laundered via Tornado Cash, Thorchain, and Wasabi
• Demex lost $950K from an oracle manipulation targeting a deprecated vault
• Zunami Protocol lost $500K; root cause under investigation
Security Highlights:
⚠️Contract vulnerabilities caused 95% of total hack losses
🎭Account takeovers surged again
😈Lazarus Group is now targeting individuals—one victim lost $5.2M to malware
✍️Full report:
🚨Scam Warning
We recently assisted a user who encountered a suspicious tool claiming his wallet had a “risky authorization.” The tool prompted him to paste his private key to resolve the issue.
After investigation, we identified the site—signature[.]land—as a phishing platform. The site has also been flagged as malicious by Web3 anti-scam platform @realScamSniffer.
Key findings:
♦️UI mimics the legitimate Revoke tool
♦️Risk results are fabricated for any input
♦️All user input is sent directly to: abpulimali@gmail[.]com
The operator behind this site, @Titanspace3, employs multiple deceptive tactics:
🎭Uses @zachxbt’s avatar on Telegram
🎭Poses as a SlowMist employee
🎭Runs a 74K-follower X account, frequently commenting under crypto users’ posts, falsely claiming their wallets are at risk and directing them to a phishing link disguised as a “security tool.”
Scam flow:
1⃣Fabricate panic around “risky approvals”
2⃣Lure victims into using a phishing site
3⃣Instruct them to input private keys for “revocation”
🛡️Recommendations
– Never paste your private key into any website
– Only use security tools from verified, official sources
– Stay vigilant and follow a zero-trust mindset
For a full breakdown of this case, see our latest article:
https://t.co/IvrVPrT6Su
#Phishing #Crypto #Web3 #Scam #SocialEngineering #Revoke
We recently assisted a user who encountered a suspicious tool claiming his wallet had a “risky authorization.” The tool prompted him to paste his private key to resolve the issue.
After investigation, we identified the site—signature[.]land—as a phishing platform. The site has also been flagged as malicious by Web3 anti-scam platform @realScamSniffer.
Key findings:
♦️UI mimics the legitimate Revoke tool
♦️Risk results are fabricated for any input
♦️All user input is sent directly to: abpulimali@gmail[.]com
The operator behind this site, @Titanspace3, employs multiple deceptive tactics:
🎭Uses @zachxbt’s avatar on Telegram
🎭Poses as a SlowMist employee
🎭Runs a 74K-follower X account, frequently commenting under crypto users’ posts, falsely claiming their wallets are at risk and directing them to a phishing link disguised as a “security tool.”
Scam flow:
1⃣Fabricate panic around “risky approvals”
2⃣Lure victims into using a phishing site
3⃣Instruct them to input private keys for “revocation”
🛡️Recommendations
– Never paste your private key into any website
– Only use security tools from verified, official sources
– Stay vigilant and follow a zero-trust mindset
For a full breakdown of this case, see our latest article:
https://t.co/IvrVPrT6Su
#Phishing #Crypto #Web3 #Scam #SocialEngineering #Revoke
🎉 SlowMist x Foresight News Dragon Boat Festival Giveaway 🎉
Your mnemonic phrase is the lifeline of your crypto — keep it safe, keep it in mind. 🧠⛓️
@Foresight_News just dropped a cool new collectible, we're giving away 3 to the community!
To enter:
1⃣ Follow @Foresight_News & @SlowMist_Team
2⃣ Like + RT this tweet & tag 3 friends
Winners announced: June 4 🎁
Good luck to everyone!🤩
Your mnemonic phrase is the lifeline of your crypto — keep it safe, keep it in mind. 🧠⛓️
@Foresight_News just dropped a cool new collectible, we're giving away 3 to the community!
To enter:
1⃣ Follow @Foresight_News & @SlowMist_Team
2⃣ Like + RT this tweet & tag 3 friends
Winners announced: June 4 🎁
Good luck to everyone!🤩
🚨SlowMist Security Alert🚨
We detected potential suspicious activity related to @Corkprotocol.
As always, stay vigilant!
We detected potential suspicious activity related to @Corkprotocol.
As always, stay vigilant!
🚨SlowMist Security Alert🚨
☠️Recently, multiple users have reported receiving SMS messages from "well-known exchanges", saying:
🎭"Your withdrawal verification code is xxx. If you did not request this transaction, call xxx immediately for assistance."
📱Once you call back, you're told it's a “security breach” and are connected to someone claiming to be from “hardware wallet support.”
🎣They guide you to a phishing site and trick you into entering your mnemonic phrase — resulting in cold wallet thefts worth over $1 million.
⚠️Scammers know you trust exchanges — and they exploit that trust to trick you, step by step.
We recently disclosed a similar case — check out our detailed write-up to strengthen your awareness and defenses:
https://t.co/OLGtlY1HBV
Remember:
🔒Never share your mnemonic phrase.
🚫Don’t trust unexpected calls, texts, or links. Always verify via official sources.
#Web3Security #PhishingAlert #ColdWallet #CryptoScam #SocialEngineering
☠️Recently, multiple users have reported receiving SMS messages from "well-known exchanges", saying:
🎭"Your withdrawal verification code is xxx. If you did not request this transaction, call xxx immediately for assistance."
📱Once you call back, you're told it's a “security breach” and are connected to someone claiming to be from “hardware wallet support.”
🎣They guide you to a phishing site and trick you into entering your mnemonic phrase — resulting in cold wallet thefts worth over $1 million.
⚠️Scammers know you trust exchanges — and they exploit that trust to trick you, step by step.
We recently disclosed a similar case — check out our detailed write-up to strengthen your awareness and defenses:
https://t.co/OLGtlY1HBV
Remember:
🔒Never share your mnemonic phrase.
🚫Don’t trust unexpected calls, texts, or links. Always verify via official sources.
#Web3Security #PhishingAlert #ColdWallet #CryptoScam #SocialEngineering
In recent years, Coinbase users have repeatedly become targets of social engineering attacks — and on May 15, Coinbase confirmed insider involvement.
How it works:
📞 Fake support call
📲 Walk user through Coinbase Wallet
⚠️ Provide scam mnemonic phrase
💸 Drain assets under stress & urgency
With @MistTrack_io, we traced the flows:
▪️ BTC bridged via THORChain / Chainflip / Defiway Bridge → DAI/USDT
▪️ ETH swapped on Uniswap → DAI/USDT
▪️ Funds laundered or still dormant
Full breakdown👇
https://t.co/OLGtlY2frt
#CryptoSecurity #SocialEngineering #Web3Security #Coinbase #Phishing
How it works:
📞 Fake support call
📲 Walk user through Coinbase Wallet
⚠️ Provide scam mnemonic phrase
💸 Drain assets under stress & urgency
With @MistTrack_io, we traced the flows:
▪️ BTC bridged via THORChain / Chainflip / Defiway Bridge → DAI/USDT
▪️ ETH swapped on Uniswap → DAI/USDT
▪️ Funds laundered or still dormant
Full breakdown👇
https://t.co/OLGtlY2frt
#CryptoSecurity #SocialEngineering #Web3Security #Coinbase #Phishing
🚨SlowMist Scam Alert🚨
We’ve received reports of fake Telegram groups impersonating #SlowMist and scamming users via phishing investment links. One example: ❌t[.]me/slowmist1 — this is NOT us.‼️
✅ Please report such groups to Telegram immediately.
For your safety, always refer to our official channels:
1⃣Website: https://t.co/IO2VWk2pae
2⃣X: @SlowMist_Team & @MistTrack_io
3⃣Email: [email protected]
If in doubt, feel free to DM us directly.
⚠️Stay vigilant and verify before you trust.
We’ve received reports of fake Telegram groups impersonating #SlowMist and scamming users via phishing investment links. One example: ❌t[.]me/slowmist1 — this is NOT us.‼️
✅ Please report such groups to Telegram immediately.
For your safety, always refer to our official channels:
1⃣Website: https://t.co/IO2VWk2pae
2⃣X: @SlowMist_Team & @MistTrack_io
3⃣Email: [email protected]
If in doubt, feel free to DM us directly.
⚠️Stay vigilant and verify before you trust.
🚀Big news! @MistTrack_io MCP is now live for testing!
You can now use natural language in #Claude, #Cursor, and other MCP-supported clients to call #MistTrack’s on-chain analysis APIs — from address profiling & risk scoring to fund flow graphs.
🧐Smarter, faster, and easier blockchain investigations — powered by AI.
✍️In our latest post:
🔹What is MistTrack MCP
🔹How to use it
🔹Core features
🔹Real use case examples
https://t.co/Fvn2YZIuoI
👋Ready to explore the new AI paradigm for on-chain tracing? Start here:
https://t.co/UCDcC9Dt51
#Web3 #AI #BlockchainSecurity #MCP
You can now use natural language in #Claude, #Cursor, and other MCP-supported clients to call #MistTrack’s on-chain analysis APIs — from address profiling & risk scoring to fund flow graphs.
🧐Smarter, faster, and easier blockchain investigations — powered by AI.
✍️In our latest post:
🔹What is MistTrack MCP
🔹How to use it
🔹Core features
🔹Real use case examples
https://t.co/Fvn2YZIuoI
👋Ready to explore the new AI paradigm for on-chain tracing? Start here:
https://t.co/UCDcC9Dt51
#Web3 #AI #BlockchainSecurity #MCP
🔥Solana Smart Contract Security Best Practices is back with a major update!🚀
Since its release, the Solana Smart Contract Security Best Practices has received positive feedback from the community, with many developers and security researchers endorsing and recommending the guide.
Based on the latest SlowMist audit experience, we've extensively enhanced the guide to provide comprehensive security solutions for developers within the Solana ecosystem. This update covers vulnerability descriptions, attack scenarios, and fix recommendations.
👀Read the full update on GitHub:
https://t.co/2hVMeo7rHo
#Solana #SmartContractSecurity #BlockchainSecurity #audit
Since its release, the Solana Smart Contract Security Best Practices has received positive feedback from the community, with many developers and security researchers endorsing and recommending the guide.
Based on the latest SlowMist audit experience, we've extensively enhanced the guide to provide comprehensive security solutions for developers within the Solana ecosystem. This update covers vulnerability descriptions, attack scenarios, and fix recommendations.
👀Read the full update on GitHub:
https://t.co/2hVMeo7rHo
#Solana #SmartContractSecurity #BlockchainSecurity #audit
🚨SlowMist Security Alert🚨
A user lost over $20K after visiting a fake @ChangeNOW_io site.
📌Notice the letter “e” in Pic 1?
It’s a #Punycode attack — a trick we’ve covered in the blockchain dark forest selfguard handbook(Pic 2).
⚠️Beware of browser recommendations — they may suggest phishing sites. Always verify URLs from multiple sources. Here’s a simple way to find the correct official site:
1️⃣ X Verification
Users often rely on the website link shown in a project’s official X account. But don’t trust it blindly — always check the account’s follower count, verification badge, and registration date.⚠️These can be faked. So don’t stop here — proceed to cross-verify.
2️⃣ Cross-Verification
Use trusted platforms like @DefiLlama, @coingecko, or @CoinMarketCap to confirm the domain matches the one on X.
3️⃣ Bookmark It
🛡️For more attack patterns and security tips, check out the blockchain dark forest selfguard handbook:
https://t.co/v6lrUYgrI9
Stay vigilant!
#Phishing #CryptoSecurity #Web3
A user lost over $20K after visiting a fake @ChangeNOW_io site.
📌Notice the letter “e” in Pic 1?
It’s a #Punycode attack — a trick we’ve covered in the blockchain dark forest selfguard handbook(Pic 2).
⚠️Beware of browser recommendations — they may suggest phishing sites. Always verify URLs from multiple sources. Here’s a simple way to find the correct official site:
1️⃣ X Verification
Users often rely on the website link shown in a project’s official X account. But don’t trust it blindly — always check the account’s follower count, verification badge, and registration date.⚠️These can be faked. So don’t stop here — proceed to cross-verify.
2️⃣ Cross-Verification
Use trusted platforms like @DefiLlama, @coingecko, or @CoinMarketCap to confirm the domain matches the one on X.
3️⃣ Bookmark It
🛡️For more attack patterns and security tips, check out the blockchain dark forest selfguard handbook:
https://t.co/v6lrUYgrI9
Stay vigilant!
#Phishing #CryptoSecurity #Web3
🔥MistTrack Cross-Chain Protocol Analysis Series is back!
🧐This time, we dive into @BitgetWallet Swap — covering its core features, technical architecture, and most importantly, how to trace cross-chain swaps:
1️⃣Blockchain explorers : focus on receiver & dstChainId
2️⃣@MistTrack_io : right-click "Bitget Wallet Swap Bridge"➡️ select "Cross-chain Parsing"⚡️
MistTrack also supports:
@Bridgersxyz, @TransitFinance, @StargateFinance, @AcrossProtocol, @deBridgeFinance, @THORChain, @SynapseProtocol, and more coming soon.
👇Read the full analysis:
🧐This time, we dive into @BitgetWallet Swap — covering its core features, technical architecture, and most importantly, how to trace cross-chain swaps:
1️⃣Blockchain explorers : focus on receiver & dstChainId
2️⃣@MistTrack_io : right-click "Bitget Wallet Swap Bridge"➡️ select "Cross-chain Parsing"⚡️
MistTrack also supports:
@Bridgersxyz, @TransitFinance, @StargateFinance, @AcrossProtocol, @deBridgeFinance, @THORChain, @SynapseProtocol, and more coming soon.
👇Read the full analysis:
🚨LockBit got hacked.
Its onion site was breached — the attacker took over the management panel and leaked a packaged file containing the database.
Exposed:
🪙BTC addresses & private keys
💬Internal chat logs
🏢Linked companies info
The attacker left a message:
"Don’t do crime CRIME IS BAD xoxo from Prague"
Who is #LockBit? One of the most prolific #RaaS gangs since 2019
😈known for its technical sophistication, automation, and efficient extortion tactics
💰Estimated $150M+ in ransom profits
⚠️Labeled #APT by multiple national security agencies
🧐SlowMist analyzed the leaked files — including code, directory structure, and DB entries — to reconstruct LockBit’s internal architecture.
📰Full analysis:
https://t.co/rs3EbMuegc
➕Previous deep dive:
Its onion site was breached — the attacker took over the management panel and leaked a packaged file containing the database.
Exposed:
🪙BTC addresses & private keys
💬Internal chat logs
🏢Linked companies info
The attacker left a message:
"Don’t do crime CRIME IS BAD xoxo from Prague"
Who is #LockBit? One of the most prolific #RaaS gangs since 2019
😈known for its technical sophistication, automation, and efficient extortion tactics
💰Estimated $150M+ in ransom profits
⚠️Labeled #APT by multiple national security agencies
🧐SlowMist analyzed the leaked files — including code, directory structure, and DB entries — to reconstruct LockBit’s internal architecture.
📰Full analysis:
https://t.co/rs3EbMuegc
➕Previous deep dive:
🚨LockBit got hacked.
Its onion site was breached — the attacker took over the management panel and leaked a packaged file containing the database.
Exposed:
🪙BTC addresses & private keys
💬Internal chat logs
🏢Linked companies info
The attacker left a message:
"Don’t do crime CRIME IS BAD crime is bad xoxo from Prague"
Who is #LockBit? One of the most prolific #RaaS gangs since 2019
😈known for its technical sophistication, automation, and efficient extortion tactics
💰Estimated $150M+ in ransom profits
⚠️Labeled #APT by multiple national security agencies
🧐SlowMist analyzed the leaked files — including code, directory structure, and DB entries — to reconstruct LockBit’s internal architecture.
📰Full analysis:
https://t.co/rs3EbMuegc
➕Previous deep dive:
Its onion site was breached — the attacker took over the management panel and leaked a packaged file containing the database.
Exposed:
🪙BTC addresses & private keys
💬Internal chat logs
🏢Linked companies info
The attacker left a message:
"Don’t do crime CRIME IS BAD crime is bad xoxo from Prague"
Who is #LockBit? One of the most prolific #RaaS gangs since 2019
😈known for its technical sophistication, automation, and efficient extortion tactics
💰Estimated $150M+ in ransom profits
⚠️Labeled #APT by multiple national security agencies
🧐SlowMist analyzed the leaked files — including code, directory structure, and DB entries — to reconstruct LockBit’s internal architecture.
📰Full analysis:
https://t.co/rs3EbMuegc
➕Previous deep dive:
Login to explore more contents