Hack
863,225 vues
344 mentions
Populaire
Récents
Shibarium After $2.4 Million Hack: Network in Damage Control Mode as Community Waits for Recovery
The Shiba Inu ecosystem has come under heavy pressure after its Shibarium network fell victim to a flash loan attack on September 13. Hackers exploited its cross-chain bridge, stealing more than $2.4 million in cryptocurrencies.
How the Attack Happened
According to developers, the exploit compromised 10 out of 12 validators, with attackers targeting Ethereum (ETH) and Shiba Inu (SHIB) tokens. The incident shook the entire ecosystem and triggered steep price declines across related tokens.
An Unusual Offer for Recovery
The Shibarium team is attempting to recover the stolen assets. K9 Finance DAO has offered hackers a 5 ETH bounty in exchange for returning the funds. The “peace agreement” is valid for 30 days, with the offer decreasing gradually after seven days.
Shiba Inu developer Kaal Dhairya stated:
“Once secure key transfers are completed and validator controls are verified, the stake manager’s funds will be fully restored. Our top priority is protecting the network and community assets.”
Dhairya also admitted that it remains unclear whether the breach originated from a compromised server or a developer’s device.
Token Prices Plunge
The exploit immediately rippled across the Shiba Inu ecosystem:
SHIB dropped to $0.00001301, down 6.28% in the past 24 hoursBONE plunged from $0.31 to $0.1928, marking a 38% decline since September 14KNINE fell 4.28% to $0.052557
Forensic Investigation and Next Steps
The Shiba Inu team has engaged security firms Hexens, Seal 911, and PeckShield to conduct forensic analysis and check whether additional validator keys were compromised.
Officials said that once secure key transfers are finalized, staking manager funds will be restored. Until then, the network remains in “damage control mode,” with traders awaiting updates before regaining confidence in the ecosystem.
Conclusion: The $2.4 million exploit cast a shadow over Shibarium, raising serious questions about its security. Still, if the funds are recovered and infrastructure reinforced, the ecosystem could gradually bounce back.
#Shibarium , #shibaInu , #SHIB , #Hack , #CryptoSecurity
Stay one step ahead – follow our profile and stay informed about everything important in the world of cryptocurrencies!
Notice:
,,The information and views presented in this article are intended solely for educational purposes and should not be taken as investment advice in any situation. The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.“
How the Attack Happened
According to developers, the exploit compromised 10 out of 12 validators, with attackers targeting Ethereum (ETH) and Shiba Inu (SHIB) tokens. The incident shook the entire ecosystem and triggered steep price declines across related tokens.
An Unusual Offer for Recovery
The Shibarium team is attempting to recover the stolen assets. K9 Finance DAO has offered hackers a 5 ETH bounty in exchange for returning the funds. The “peace agreement” is valid for 30 days, with the offer decreasing gradually after seven days.
Shiba Inu developer Kaal Dhairya stated:
“Once secure key transfers are completed and validator controls are verified, the stake manager’s funds will be fully restored. Our top priority is protecting the network and community assets.”
Dhairya also admitted that it remains unclear whether the breach originated from a compromised server or a developer’s device.
Token Prices Plunge
The exploit immediately rippled across the Shiba Inu ecosystem:
SHIB dropped to $0.00001301, down 6.28% in the past 24 hoursBONE plunged from $0.31 to $0.1928, marking a 38% decline since September 14KNINE fell 4.28% to $0.052557
Forensic Investigation and Next Steps
The Shiba Inu team has engaged security firms Hexens, Seal 911, and PeckShield to conduct forensic analysis and check whether additional validator keys were compromised.
Officials said that once secure key transfers are finalized, staking manager funds will be restored. Until then, the network remains in “damage control mode,” with traders awaiting updates before regaining confidence in the ecosystem.
Conclusion: The $2.4 million exploit cast a shadow over Shibarium, raising serious questions about its security. Still, if the funds are recovered and infrastructure reinforced, the ecosystem could gradually bounce back.
#Shibarium , #shibaInu , #SHIB , #Hack , #CryptoSecurity
Stay one step ahead – follow our profile and stay informed about everything important in the world of cryptocurrencies!
Notice:
,,The information and views presented in this article are intended solely for educational purposes and should not be taken as investment advice in any situation. The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.“
#BREAKING 🚨
@Bubblemaps.io has revealed another major sybil attack. This time targeting the $AVNT airdrop.
👉 One single entity managed to claim $4M worth of tokens, spreading the attack across 300+ addresses to bypass detection.
This isn’t just bad news for AVNT — it’s another reminder that airdrops remain one of the biggest attack vectors in crypto. Projects face a constant challenge: reward real community members, while filtering out bots & coordinated attackers.
Will this affect prices? Will the developers discontinue future airdrops or increase security?
$BMT
#AltcoinSeasonComing? #FedRateCutExpectations #Hack
@Bubblemaps.io has revealed another major sybil attack. This time targeting the $AVNT airdrop.
👉 One single entity managed to claim $4M worth of tokens, spreading the attack across 300+ addresses to bypass detection.
This isn’t just bad news for AVNT — it’s another reminder that airdrops remain one of the biggest attack vectors in crypto. Projects face a constant challenge: reward real community members, while filtering out bots & coordinated attackers.
Will this affect prices? Will the developers discontinue future airdrops or increase security?
$BMT
#AltcoinSeasonComing? #FedRateCutExpectations #Hack
🚨 Hack Alert: $120M YU Exploit
On-chain sleuths at Lookonchain report a hacker minted 120M YU tokens on Polygon. So far:
7.71M YU sold for $7.7M USDC across Ethereum & Solana.
Proceeds swapped into 1,501 ETH, then spread across multiple wallets.Attacker still sits on a large YU stash, raising fears of more dumps.
#DeFi #Hack #CryptoSecurity #Polygon #Ethereum $ETH
Source By :x.com/0xcryptosea
On-chain sleuths at Lookonchain report a hacker minted 120M YU tokens on Polygon. So far:
7.71M YU sold for $7.7M USDC across Ethereum & Solana.
Proceeds swapped into 1,501 ETH, then spread across multiple wallets.Attacker still sits on a large YU stash, raising fears of more dumps.
#DeFi #Hack #CryptoSecurity #Polygon #Ethereum $ETH
Source By :x.com/0xcryptosea
🚨 $120 MILLION EXPLOITED IN STABLECOIN #HACK 🚨
🔹A hacker just broke YU, the so-called Bitcoin-backed stablecoin.
🔹They minted 120M YU out of thin air and crashed the peg. Here’s the story 👇
🔹A hacker just broke YU, the so-called Bitcoin-backed stablecoin.
🔹They minted 120M YU out of thin air and crashed the peg. Here’s the story 👇
CryptoCaffeine:
Mevolaxy is a staking platform where users can earn daily rewards from MEV Bot activity while maintaining high liquidity and transparency.
Midday News Update #Web3
🪙Yala has suspended the Convert and Bridge functions for system upgrades.
🎾Binance will open Alpha airdrops at 15:00, with a minimum of 200 Binance Alpha points.
🪪A high-interest financial management fraud case worth over 6 million yuan was uncovered in Taizhou, China, using U-coins as a medium to transfer stolen money.
💶Tether issues 1 billion USDT
#Hack #UST
🪙Yala has suspended the Convert and Bridge functions for system upgrades.
🎾Binance will open Alpha airdrops at 15:00, with a minimum of 200 Binance Alpha points.
🪪A high-interest financial management fraud case worth over 6 million yuan was uncovered in Taizhou, China, using U-coins as a medium to transfer stolen money.
💶Tether issues 1 billion USDT
#Hack #UST
🚨💥 ALERTA MÁXIMO NO MUNDO CRIPTO! 💥🚨
A stablecoin YU (Yala) sofreu um hack de mais de US$ 7,7 MILHÕES e perdeu sua paridade! 😱📉 A cotação despencou de 1:1 para US$ 0,2046, causando pânico entre os holders!
Mas calma que a Yala já tá correndo atrás do prejuízo, trabalhando com as autoridades e prometendo:
✅ Garantia total de liquidez — todos os pools serão reabastecidos para garantir que você possa resgatar seu YU 1:1 em $USDC!
✅ Transparência total — com roadmap claro para restaurar a liquidez e melhorar a segurança do protocolo.
🔥 Mesmo com esse ataque, o protocolo segue forte, gerando receita de mais de US$ 750 MIL por mês! Isso mostra a resiliência da Yala no mercado. 💪
Se você tem YU ou pensa em entrar nesse projeto, fique ligado e acompanhe cada movimento! Esse pode ser o momento de “HODL” ou “sair na hora certa” — o jogo é de nervos!
⚠️ Curta, compartilhe e marque aquele amigo que não pode ficar de fora desse bombástico capítulo do mundo cripto!
#stablecoin #yalatge #Hack #CryptoNews #HODL #FOMO #ToTheMoon
A stablecoin YU (Yala) sofreu um hack de mais de US$ 7,7 MILHÕES e perdeu sua paridade! 😱📉 A cotação despencou de 1:1 para US$ 0,2046, causando pânico entre os holders!
Mas calma que a Yala já tá correndo atrás do prejuízo, trabalhando com as autoridades e prometendo:
✅ Garantia total de liquidez — todos os pools serão reabastecidos para garantir que você possa resgatar seu YU 1:1 em $USDC!
✅ Transparência total — com roadmap claro para restaurar a liquidez e melhorar a segurança do protocolo.
🔥 Mesmo com esse ataque, o protocolo segue forte, gerando receita de mais de US$ 750 MIL por mês! Isso mostra a resiliência da Yala no mercado. 💪
Se você tem YU ou pensa em entrar nesse projeto, fique ligado e acompanhe cada movimento! Esse pode ser o momento de “HODL” ou “sair na hora certa” — o jogo é de nervos!
⚠️ Curta, compartilhe e marque aquele amigo que não pode ficar de fora desse bombástico capítulo do mundo cripto!
#stablecoin #yalatge #Hack #CryptoNews #HODL #FOMO #ToTheMoon
Стейблкоїн Yala YU впав нижче $0,3 після хакерської атаки
Стейблкоїн $YU від протоколу Yala, підтримуваний біткойном і оверколатералізований, зазнав серйозної хакерської атаки, що призвело до різкого падіння його ціни нижче $0,3. 14 вересня 2025 року, близько 5:14 UTC+8, токен втратив прив'язку до долара, обвалившись до мінімуму $0,2046. За даними аналітичної фірми Lookonchain, хакер використав вразливість у протоколі, наклепавши 120 млн YU на мережі Polygon без авторизації. Потім 7,71 млн токенів були переведені на Ethereum і Solana, продані за 7,7 млн USDC, які конвертовано в 1501 ETH і розподілено по гаманцях.
Yala, підтриманий інвестиціями від Polychain, позиціонував YU як стабільний актив, забезпечений біткойном у self-custody або сховищах. Команда негайно відреагувала, відключивши функції Convert і Bridge для запобігання подальшому втратам. Співзасновниця Vicky Fu заявила на X: "Всі кошти в безпеці. Біткойн, депонований у Yala, залишається self-custodial або у сховищах, жоден не втрачено". Розслідування ведеться спільно з фірмами SlowMist і Fuzzland.
Хоча YU частково відновився до $0,917, згодом ціна впала до $0,7869 і не може повернутися до $1. Хакер все ще тримає 22,29 млн YU на ETH/SOL і 90 млн на Polygon, що тисне на ринок. Цей інцидент, що коштував протоколу $7,7 млн, підкреслює ризики кросчейн-експлойтів у зростаючому ринку стейблкоїнів ($300 млрд). Yala запевняє, що інші функції протоколу не порушені, але довіра інвесторів похитнулася. Експерти прогнозують посилений регуляторний нагляд і дискусії про безпеку оверколатералізованих стейблкоїнів. Подія нагадує про вразливості DeFi, де технічні помилки можуть призвести до значних втрат, попри сильне забезпечення.
#Stablecoin #Yala掘金 #YU #Hack #CryptoAttacks #Bitcoin #DeFi
Підписуйтесь на #MiningUpdates , щоб бути в курсі новин про криптовидобуток і блокчейн!
Yala, підтриманий інвестиціями від Polychain, позиціонував YU як стабільний актив, забезпечений біткойном у self-custody або сховищах. Команда негайно відреагувала, відключивши функції Convert і Bridge для запобігання подальшому втратам. Співзасновниця Vicky Fu заявила на X: "Всі кошти в безпеці. Біткойн, депонований у Yala, залишається self-custodial або у сховищах, жоден не втрачено". Розслідування ведеться спільно з фірмами SlowMist і Fuzzland.
Хоча YU частково відновився до $0,917, згодом ціна впала до $0,7869 і не може повернутися до $1. Хакер все ще тримає 22,29 млн YU на ETH/SOL і 90 млн на Polygon, що тисне на ринок. Цей інцидент, що коштував протоколу $7,7 млн, підкреслює ризики кросчейн-експлойтів у зростаючому ринку стейблкоїнів ($300 млрд). Yala запевняє, що інші функції протоколу не порушені, але довіра інвесторів похитнулася. Експерти прогнозують посилений регуляторний нагляд і дискусії про безпеку оверколатералізованих стейблкоїнів. Подія нагадує про вразливості DeFi, де технічні помилки можуть призвести до значних втрат, попри сильне забезпечення.
#Stablecoin #Yala掘金 #YU #Hack #CryptoAttacks #Bitcoin #DeFi
Підписуйтесь на #MiningUpdates , щоб бути в курсі новин про криптовидобуток і блокчейн!
⚠️ Beware of the new malware RatOn. It targets Android devices, hacks wallets (MetaMask, Trust, Phantom) and banking apps, and can even lock your screen for ransom. Active since July, spreading through fake TikTok apps.
When your whole life is on your phone, device security must come first. Get proper antivirus and run regular checks.
#scam #Android #Hack #tiktok #fake
When your whole life is on your phone, device security must come first. Get proper antivirus and run regular checks.
#scam #Android #Hack #tiktok #fake
⚠️ $2.59M Exploit Hits Nemo Protocol
The Sui-based yield trading protocol Nemo just took a heavy blow, losing ~$2.59M in an exploit tied to unaudited code. ($SUI )
🔍 What Happened
Vulnerability in a slippage-control function (get_sy_amount_in_for_exact_py_out).
Code was deployed without an audit from Asymptotic.
Only a single dev signature was needed → unaudited changes went live.
Exploit went unnoticed despite auditor warnings weeks earlier. 🤡
🤕 Aftermath
Nemo paused core functions.
Flash loan feature removed.
Patch deployed & now under fresh audit.
Compensation plan in the works for affected users.
#AltcoinMarketRecovery #Hack #news
The Sui-based yield trading protocol Nemo just took a heavy blow, losing ~$2.59M in an exploit tied to unaudited code. ($SUI )
🔍 What Happened
Vulnerability in a slippage-control function (get_sy_amount_in_for_exact_py_out).
Code was deployed without an audit from Asymptotic.
Only a single dev signature was needed → unaudited changes went live.
Exploit went unnoticed despite auditor warnings weeks earlier. 🤡
🤕 Aftermath
Nemo paused core functions.
Flash loan feature removed.
Patch deployed & now under fresh audit.
Compensation plan in the works for affected users.
#AltcoinMarketRecovery #Hack #news
🚨 EL MAYOR HACK CRIPTO DEL AÑO 🚨
🔥 ¡Millones en riesgo tras un ataque a la cadena de suministro! 🔥
Un ataque brutal acaba de sacudir al mundo cripto:
💻 18 paquetes de JavaScript usados por miles de proyectos fueron infectados con código malicioso.
🎯 El objetivo: robar criptomonedas directamente de las wallets de los usuarios.
📩 Todo empezó con un simple correo de phishing que engañó a un desarrollador y abrió la puerta a un robo masivo.
⚠️ Con más de 2 BILLONES de descargas semanales, este ataque podría ser el más grande de la historia del ecosistema.
👉 ¿Estamos frente a una nueva ola de hacks que pondrá en jaque la seguridad cripto?
#CryptoNews🔒📰🚫 #HACK #Montes
$BTC
🔥 ¡Millones en riesgo tras un ataque a la cadena de suministro! 🔥
Un ataque brutal acaba de sacudir al mundo cripto:
💻 18 paquetes de JavaScript usados por miles de proyectos fueron infectados con código malicioso.
🎯 El objetivo: robar criptomonedas directamente de las wallets de los usuarios.
📩 Todo empezó con un simple correo de phishing que engañó a un desarrollador y abrió la puerta a un robo masivo.
⚠️ Con más de 2 BILLONES de descargas semanales, este ataque podría ser el más grande de la historia del ecosistema.
👉 ¿Estamos frente a una nueva ola de hacks que pondrá en jaque la seguridad cripto?
#CryptoNews🔒📰🚫 #HACK #Montes
$BTC
Nền tảng DeFi Nemo Protocol bị tấn công, thiệt hại 2,4 triệu USD
Nền tảng tài chính phi tập trung (DeFi) #NemoProtocol trên blockchain Sui đã bị tấn công, gây thiệt hại 2,4 triệu USD. Vụ tấn công xảy ra ngay trước thời điểm bảo trì theo lịch trình của nền tảng và đã khiến Nemo Protocol phải tạm dừng mọi hoạt động của hợp đồng thông minh để điều tra.
Thách thức an ninh dai dẳng
Vụ việc này thêm vào danh sách các vụ tấn công crypto đang ngày càng tăng, với tổng thiệt hại được ghi nhận trong năm 2025 đã vượt 2,17 tỷ USD, cao hơn cả tổng thiệt hại của cả năm trước. Mặc dù các vụ #Hack lớn nhất thường xảy ra trên các dịch vụ tập trung, các giao thức DeFi cũng trở thành mục tiêu ngày càng phổ biến.
Rủi ro và niềm tin của cộng đồng
Vụ tấn công đã gây ra sự thất vọng trong cộng đồng Nemo, đặc biệt khi đội ngũ dự án im lặng sau thông báo ban đầu. Sự thiếu minh bạch này làm gia tăng lo ngại về tính an toàn của các nền tảng DeFi. Mặc dù Nemo khẳng định các tài sản trong Vault vẫn an toàn, sự việc này một lần nữa nhấn mạnh tầm quan trọng của việc nghiên cứu kỹ lưỡng, đặc biệt là về đội ngũ phát triển và tính minh bạch của dự án, trước khi đầu tư vào bất kỳ giao thức DeFi nào. #anhbacong
Nền tảng tài chính phi tập trung (DeFi) #NemoProtocol trên blockchain Sui đã bị tấn công, gây thiệt hại 2,4 triệu USD. Vụ tấn công xảy ra ngay trước thời điểm bảo trì theo lịch trình của nền tảng và đã khiến Nemo Protocol phải tạm dừng mọi hoạt động của hợp đồng thông minh để điều tra.
Thách thức an ninh dai dẳng
Vụ việc này thêm vào danh sách các vụ tấn công crypto đang ngày càng tăng, với tổng thiệt hại được ghi nhận trong năm 2025 đã vượt 2,17 tỷ USD, cao hơn cả tổng thiệt hại của cả năm trước. Mặc dù các vụ #Hack lớn nhất thường xảy ra trên các dịch vụ tập trung, các giao thức DeFi cũng trở thành mục tiêu ngày càng phổ biến.
Rủi ro và niềm tin của cộng đồng
Vụ tấn công đã gây ra sự thất vọng trong cộng đồng Nemo, đặc biệt khi đội ngũ dự án im lặng sau thông báo ban đầu. Sự thiếu minh bạch này làm gia tăng lo ngại về tính an toàn của các nền tảng DeFi. Mặc dù Nemo khẳng định các tài sản trong Vault vẫn an toàn, sự việc này một lần nữa nhấn mạnh tầm quan trọng của việc nghiên cứu kỹ lưỡng, đặc biệt là về đội ngũ phát triển và tính minh bạch của dự án, trước khi đầu tư vào bất kỳ giao thức DeFi nào. #anhbacong
The Largest NPM Attack in Crypto History Stole Less Than $50
Hackers launched a massive supply-chain attack targeting widely used JavaScript libraries downloaded billions of times worldwide. The incident had the potential to compromise thousands of crypto projects and millions of developer workstations. Yet the attackers walked away with a laughably small amount – less than $50 in crypto.
An Attack That Could Have Shaken the Crypto World
According to findings from Security Alliance, hackers gained access to the account of a developer managing NPM packages and inserted malware into popular libraries aimed at crypto wallets, specifically Ethereum and Solana.
NPM serves developers much like an app store – a central repository for small code utilities used in JavaScript projects. The compromised packages included chalk, strip-ansi, and color-convert, utilities deeply embedded in dependency trees. Even developers who never installed them directly could have been exposed.
The Damage: So Far Under $50
Security researchers identified a single malicious Ethereum wallet address, 0xFc4a48. To date, it has collected only about $50 worth of crypto. Just a few hours earlier, the amount was a mere five cents, hinting that the total losses could rise slightly.
“Imagine this: you compromise an NPM developer account with more than two billion weekly downloads. You could gain unlimited access to millions of developer machines. Endless riches await. And you make less than $50,” Security Alliance wrote on X.
Samczsun, a security researcher at SEAL, compared the attack to finding the keys to Fort Knox and using them as a bookmark: “The malware was widespread, but at this point it is almost completely neutralized.”
What Was Stolen?
According to Etherscan, the malicious wallet has received small amounts of:
Ethereum (ETH) – just a few cents initiallyBrett (BRETT)Andy (ANDY)Dork Lord (DORK)Ethervista (VISTA)Gondola (GONDOLA)
Altogether, the value does not exceed $50.
Who Is Safe and Who Isn’t?
The attack deployed a crypto clipper malware designed to silently replace wallet addresses during transactions. This means users had to approve the malicious transaction for the theft to occur.
Fortunately, major crypto wallet providers quickly reassured users:
Ledger and MetaMask confirmed their apps were unaffected, citing multiple security layers.Phantom Wallet said it does not use any vulnerable packages.Uniswap reported no impact on its applications.Other unaffected platforms included Aerodrome, Blast, Blockstream Jade, and Revoke.cash.
According to pseudonymous DefiLlama founder 0xngmi, only projects updated after the malicious package was published could be at risk.
Advice for Users
Experts, including Ledger CTO Charles Guillemet, urged crypto users to be extra cautious when approving on-chain transactions. Some even suggested avoiding crypto websites temporarily until developers fully remove the compromised packages.
Conclusion
The NPM hack highlighted how vulnerable the software supply chain can be – even for projects that never directly used the compromised code. Ironically, it became one of the least profitable hacks in crypto history. While the potential losses could have been astronomical, the attackers only netted a few dozen dollars.
#CyberSecurity , #Hack , #Cryptoscam , #CyberSecurity , #CryptoNews
Stay one step ahead – follow our profile and stay informed about everything important in the world of cryptocurrencies!
Notice:
,,The information and views presented in this article are intended solely for educational purposes and should not be taken as investment advice in any situation. The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.“
An Attack That Could Have Shaken the Crypto World
According to findings from Security Alliance, hackers gained access to the account of a developer managing NPM packages and inserted malware into popular libraries aimed at crypto wallets, specifically Ethereum and Solana.
NPM serves developers much like an app store – a central repository for small code utilities used in JavaScript projects. The compromised packages included chalk, strip-ansi, and color-convert, utilities deeply embedded in dependency trees. Even developers who never installed them directly could have been exposed.
The Damage: So Far Under $50
Security researchers identified a single malicious Ethereum wallet address, 0xFc4a48. To date, it has collected only about $50 worth of crypto. Just a few hours earlier, the amount was a mere five cents, hinting that the total losses could rise slightly.
“Imagine this: you compromise an NPM developer account with more than two billion weekly downloads. You could gain unlimited access to millions of developer machines. Endless riches await. And you make less than $50,” Security Alliance wrote on X.
Samczsun, a security researcher at SEAL, compared the attack to finding the keys to Fort Knox and using them as a bookmark: “The malware was widespread, but at this point it is almost completely neutralized.”
What Was Stolen?
According to Etherscan, the malicious wallet has received small amounts of:
Ethereum (ETH) – just a few cents initiallyBrett (BRETT)Andy (ANDY)Dork Lord (DORK)Ethervista (VISTA)Gondola (GONDOLA)
Altogether, the value does not exceed $50.
Who Is Safe and Who Isn’t?
The attack deployed a crypto clipper malware designed to silently replace wallet addresses during transactions. This means users had to approve the malicious transaction for the theft to occur.
Fortunately, major crypto wallet providers quickly reassured users:
Ledger and MetaMask confirmed their apps were unaffected, citing multiple security layers.Phantom Wallet said it does not use any vulnerable packages.Uniswap reported no impact on its applications.Other unaffected platforms included Aerodrome, Blast, Blockstream Jade, and Revoke.cash.
According to pseudonymous DefiLlama founder 0xngmi, only projects updated after the malicious package was published could be at risk.
Advice for Users
Experts, including Ledger CTO Charles Guillemet, urged crypto users to be extra cautious when approving on-chain transactions. Some even suggested avoiding crypto websites temporarily until developers fully remove the compromised packages.
Conclusion
The NPM hack highlighted how vulnerable the software supply chain can be – even for projects that never directly used the compromised code. Ironically, it became one of the least profitable hacks in crypto history. While the potential losses could have been astronomical, the attackers only netted a few dozen dollars.
#CyberSecurity , #Hack , #Cryptoscam , #CyberSecurity , #CryptoNews
Stay one step ahead – follow our profile and stay informed about everything important in the world of cryptocurrencies!
Notice:
,,The information and views presented in this article are intended solely for educational purposes and should not be taken as investment advice in any situation. The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.“
🤯😱🤯😱🤯😱🤯
Más de 20 wallets de criptomonedas salen ilesas tras ataque a NPM de JavaScript
El atacante solo ha podido robar alrededor de 500 dólares con su ataque masivo, según muestra Arkham Intelligence.
Muchas wallets de criptomonedas no usan las herramientas afectadas de JavaScript. Ledger, Trezor, Aqua, Cove, Nunchuk y Sparrow están entre las wallets no afectadas.
Las empresas de wallets más populares de Bitcoin y criptomonedas se pronunciaron en cadena sobre el estado del servicio de sus monederos.
Las declaraciones suceden después de que el 8 de septiembre, se propagara públicamente el conocimiento sobre un ataque a la cadena de suministro de software a través de NPM (administrador de paquetes de nodos) de JavaScript.
Un grupo de investigadores de vulnerabilidades informáticas que escriben bajo el nombre de JDSTAERK descubrieron una distribución de código malicioso en herramientas que acumulan más de 47 millones de descargas semanales.
#Hack
#FOMO
$BNB
$ETH
$BTC
Más de 20 wallets de criptomonedas salen ilesas tras ataque a NPM de JavaScript
El atacante solo ha podido robar alrededor de 500 dólares con su ataque masivo, según muestra Arkham Intelligence.
Muchas wallets de criptomonedas no usan las herramientas afectadas de JavaScript. Ledger, Trezor, Aqua, Cove, Nunchuk y Sparrow están entre las wallets no afectadas.
Las empresas de wallets más populares de Bitcoin y criptomonedas se pronunciaron en cadena sobre el estado del servicio de sus monederos.
Las declaraciones suceden después de que el 8 de septiembre, se propagara públicamente el conocimiento sobre un ataque a la cadena de suministro de software a través de NPM (administrador de paquetes de nodos) de JavaScript.
Un grupo de investigadores de vulnerabilidades informáticas que escriben bajo el nombre de JDSTAERK descubrieron una distribución de código malicioso en herramientas que acumulan más de 47 millones de descargas semanales.
#Hack
#FOMO
$BNB
$ETH
$BTC
🚨 URGENT WARNING from Ledger!
The #CTO of Ledger has announced:
⚠ A major Supply Chain Attack is underway, posing a threat to all crypto users!
🔒 If you use a hardware wallet (Ledger, Trezor, etc.):
✅ Double-check every transaction you sign — do not sign anything you don’t fully understand!
💻 If you use a software wallet (Metamask, Trustwallet, etc.):
⛔ Avoid making swaps, trades, or changes on-chain for now.
📌 If your funds are on an exchange/platform:
✅ Use UID Transfer if it’s available.
❌ Do not use a regular wallet address.
🛡 Protect your funds — this attack could affect a large number of people!
If you aren't still follow us you are too late join us for more alerts!
#Follow #scam #Hack
The #CTO of Ledger has announced:
⚠ A major Supply Chain Attack is underway, posing a threat to all crypto users!
🔒 If you use a hardware wallet (Ledger, Trezor, etc.):
✅ Double-check every transaction you sign — do not sign anything you don’t fully understand!
💻 If you use a software wallet (Metamask, Trustwallet, etc.):
⛔ Avoid making swaps, trades, or changes on-chain for now.
📌 If your funds are on an exchange/platform:
✅ Use UID Transfer if it’s available.
❌ Do not use a regular wallet address.
🛡 Protect your funds — this attack could affect a large number of people!
If you aren't still follow us you are too late join us for more alerts!
#Follow #scam #Hack
🚨 #عاجل | اختراق جديد يهز سوق الكريبتو!
مشروع Nemo Protocol تعرّض لهجوم سيبراني خسر بسببه مبلغ 2.4 مليون دولار 💸.
الاختراقات الأخيرة تؤكد من جديد أهمية الحذر وتأمين المحافظ الرقمية 🔐.
هل تعتقدوا إن هالنوع من المشاريع تقدر ترجع الثقة بعد الخسائر الكبيرة؟ 🤔
#CryptoNewss #defi #Hack #blockchain #Bitcoin
مشروع Nemo Protocol تعرّض لهجوم سيبراني خسر بسببه مبلغ 2.4 مليون دولار 💸.
الاختراقات الأخيرة تؤكد من جديد أهمية الحذر وتأمين المحافظ الرقمية 🔐.
هل تعتقدوا إن هالنوع من المشاريع تقدر ترجع الثقة بعد الخسائر الكبيرة؟ 🤔
#CryptoNewss #defi #Hack #blockchain #Bitcoin
Hack en protocolo DeFi causa pérdidas de $12M
Robo vía phishing relacionado con una actualización de Ethereum
En agosto de 2025, las pérdidas por phishing en el mundo cripto aumentaron en un alarmante 72 % intermensual, alcanzando más de USD 12 millones afectados por esta modalidad de estafa. El número de víctimas también creció, sumando 15,230 personas, el máximo registrado en 2025 hasta ahora.
#Hack
¿Cómo operaron los atacantes?
1. Explotaron EIP-7702, una mejora de Ethereum que permite que cuentas externas (EOAs) actúen como wallets inteligentes. Esto permitió que estafadores manipularan firmas para crear transacciones maliciosas a través de plataformas como Uniswap.
2. Bots automatizados — conocidos como "sweeper bots" — vaciaron fondos en al menos tres ataques importantes, drenando unos USD 5.6 millones en tiempo récord.
3. Un caso destacó por su magnitud: un solo usuario perdió USD 3.08 millones en una sola transacción de aEthUSDT. Tres víctimas acumularon el 46 % del total de pérdidas.
4. Las tácticas incluyeron address poisoning y anuncios falsos en buscadores como Google/Bing, que redirigían a usuarios a sitios fraudulentos que imitaban interfaces de DeFi legítimas.
#Hacked
Recomendaciones clave de seguridad
Activa autenticación de dos factores (2FA) siempre que sea posible.
Verifica URLs cuidadosamente antes de realizar cualquier operación—mejor, usa enlaces guardados o marcadores fiables.
Evita hacer clic en enlaces desde búsquedas o mensajes sospechosos.
Aplica herramientas de protección —como filtros DNS o VPNs— y revisa los detalles gramaticales de mensajes inesperados.
#defi
Reflexión general
Este ataque no fue un hack técnico complicado, sino un elaboradísimo phishing que aprovechó una actualización buena en teoría (EIP-7702), combinada con ingeniería social para hacerse pasar por interfaces legítimas. Demuestra que, incluso con nuevas características útiles, el elemento humano sigue siendo la principal vulnerabilidad en cripto.
En agosto de 2025, las pérdidas por phishing en el mundo cripto aumentaron en un alarmante 72 % intermensual, alcanzando más de USD 12 millones afectados por esta modalidad de estafa. El número de víctimas también creció, sumando 15,230 personas, el máximo registrado en 2025 hasta ahora.
#Hack
¿Cómo operaron los atacantes?
1. Explotaron EIP-7702, una mejora de Ethereum que permite que cuentas externas (EOAs) actúen como wallets inteligentes. Esto permitió que estafadores manipularan firmas para crear transacciones maliciosas a través de plataformas como Uniswap.
2. Bots automatizados — conocidos como "sweeper bots" — vaciaron fondos en al menos tres ataques importantes, drenando unos USD 5.6 millones en tiempo récord.
3. Un caso destacó por su magnitud: un solo usuario perdió USD 3.08 millones en una sola transacción de aEthUSDT. Tres víctimas acumularon el 46 % del total de pérdidas.
4. Las tácticas incluyeron address poisoning y anuncios falsos en buscadores como Google/Bing, que redirigían a usuarios a sitios fraudulentos que imitaban interfaces de DeFi legítimas.
#Hacked
Recomendaciones clave de seguridad
Activa autenticación de dos factores (2FA) siempre que sea posible.
Verifica URLs cuidadosamente antes de realizar cualquier operación—mejor, usa enlaces guardados o marcadores fiables.
Evita hacer clic en enlaces desde búsquedas o mensajes sospechosos.
Aplica herramientas de protección —como filtros DNS o VPNs— y revisa los detalles gramaticales de mensajes inesperados.
#defi
Reflexión general
Este ataque no fue un hack técnico complicado, sino un elaboradísimo phishing que aprovechó una actualización buena en teoría (EIP-7702), combinada con ingeniería social para hacerse pasar por interfaces legítimas. Demuestra que, incluso con nuevas características útiles, el elemento humano sigue siendo la principal vulnerabilidad en cripto.
Gala Games CEO Attributes $23M Exploit to Internal Control Failures
Gala Games CEO Eric Schiermeyer has confirmed that a "security incident" led to the unauthorized sale of 600 million GALA tokens, worth approximately $23 million. The breach, which Schiermeyer attributed to "messed up" internal controls, has raised significant concerns within the blockchain gaming community.
Incident Overview
On May 20, at 7:32 pm UTC, blockchain observers reported the minting of 5 billion GALA tokens, valued at around $200 million at the time. The compromised wallet was selling the tokens in batches, leading to a sharp drop in GALA's price. The token hit a 24-hour low of $0.038, a 20% decrease from its daily high, before recovering slightly to $0.041, according to CoinGecko.
“We had an incident that resulted in the unauthorized sale of 600 million GALA tokens and the effective burn of 4.4 billion tokens,” Schiermeyer wrote in a May 20 post on X (formerly Twitter). He admitted, “We messed up our internal controls. This shouldn’t have happened, and we are taking steps to ensure it doesn’t happen again.”
Response and Mitigation
Gala Games quickly identified the compromise and revoked unauthorized access to the GALA contract. Schiermeyer assured users that the Ethereum contract was secure and had not been compromised. The company believes it has identified the person responsible and is collaborating with the FBI, the U.S. Justice Department, and international authorities to address the incident.
In a follow-up post on X, Gala Games announced that the security breach had been contained and the affected wallet frozen. However, details about the perpetrator and the method of access to the GALA contract remain undisclosed.
Ongoing Legal Disputes
This security incident occurs amid ongoing legal battles between Schiermeyer and Gala Games co-founder Wright Thurston. Both have filed lawsuits against each other, with Thurston accusing Schiermeyer of squandering millions in company assets, while Schiermeyer alleges that Thurston stole $130 million worth of GALA tokens.
Gala Games did not respond to requests for additional comments.
The incident underscores the critical need for robust internal controls and security measures in the cryptocurrency and blockchain industries, as companies continue to navigate complex technological and legal landscapes.
$GALA #GALA #GalaGames #hack
Notice:
,,The information and views presented in this article are intended solely for educational purposes and should not be taken as investment advice in any situation. The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.“
Incident Overview
On May 20, at 7:32 pm UTC, blockchain observers reported the minting of 5 billion GALA tokens, valued at around $200 million at the time. The compromised wallet was selling the tokens in batches, leading to a sharp drop in GALA's price. The token hit a 24-hour low of $0.038, a 20% decrease from its daily high, before recovering slightly to $0.041, according to CoinGecko.
“We had an incident that resulted in the unauthorized sale of 600 million GALA tokens and the effective burn of 4.4 billion tokens,” Schiermeyer wrote in a May 20 post on X (formerly Twitter). He admitted, “We messed up our internal controls. This shouldn’t have happened, and we are taking steps to ensure it doesn’t happen again.”
Response and Mitigation
Gala Games quickly identified the compromise and revoked unauthorized access to the GALA contract. Schiermeyer assured users that the Ethereum contract was secure and had not been compromised. The company believes it has identified the person responsible and is collaborating with the FBI, the U.S. Justice Department, and international authorities to address the incident.
In a follow-up post on X, Gala Games announced that the security breach had been contained and the affected wallet frozen. However, details about the perpetrator and the method of access to the GALA contract remain undisclosed.
Ongoing Legal Disputes
This security incident occurs amid ongoing legal battles between Schiermeyer and Gala Games co-founder Wright Thurston. Both have filed lawsuits against each other, with Thurston accusing Schiermeyer of squandering millions in company assets, while Schiermeyer alleges that Thurston stole $130 million worth of GALA tokens.
Gala Games did not respond to requests for additional comments.
The incident underscores the critical need for robust internal controls and security measures in the cryptocurrency and blockchain industries, as companies continue to navigate complex technological and legal landscapes.
$GALA #GALA #GalaGames #hack
Notice:
,,The information and views presented in this article are intended solely for educational purposes and should not be taken as investment advice in any situation. The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.“
🚨Alart🚨 $1.5B Bybit Hack Linked to North Korean Hacker Park Jin Hyok 🎭💻
The recent $1.5 billion cyberattack on Bybit has been traced back to Park Jin Hyok, a notorious North Korean hacker 🎯, and his links to the infamous Lazarus Group 💀. Investigators, including ZachXBT 🕵️♂️ and Arkham Intelligence 🏴☠️, discovered that this massive crypto heist shares connections with a $70M hack on Phemex earlier this year 💰🔗.
🎭 Who is Park Jin Hyok?
Park is a state-sponsored hacker 🇰🇵, known for orchestrating some of the most sophisticated cyberattacks in history, including the WannaCry ransomware 💾, the Sony Pictures hack 🎬, and the infamous $600M Ronin Bridge exploit 🔥. His involvement in Lazarus Group has made him a key figure in North Korea’s cyber warfare strategy 🕹️.
💥 How Did the Bybit Hack Happen?
Hackers infiltrated Bybit’s security systems 🏦, draining $1.5 billion worth of digital assets 💸. Traces of their movements were found leading to wallets associated with Lazarus Group, confirming their involvement. Blockchain sleuths 🧩 like ZachXBT and Arkham Intelligence followed the stolen funds, noticing familiar laundering patterns seen in previous Lazarus-led hacks 🚨.
🔗 Link to the $70M Phemex Hack
Earlier this year, Phemex suffered a $70 million exploit ⚠️, and now, investigators believe it was a test run for the larger Bybit attack 📊. The modus operandi—phishing scams 🎣, security breaches, and rapid fund transfers—bears striking similarities 🏴☠️.
🚀 What’s Next?
With the Lazarus Group’s continued attacks on the crypto industry, exchanges are reinforcing their security walls 🛡️. Authorities are tracking stolen assets through blockchain analytics 🔍, hoping to freeze the funds before they vanish into the dark web 🌑.
Stay vigilant, crypto traders! The world of DeFi and CeFi is still a battlefield ⚔️, and cyber threats are evolving faster than ever.
#Hack #LitecoinETF
$ETH
The recent $1.5 billion cyberattack on Bybit has been traced back to Park Jin Hyok, a notorious North Korean hacker 🎯, and his links to the infamous Lazarus Group 💀. Investigators, including ZachXBT 🕵️♂️ and Arkham Intelligence 🏴☠️, discovered that this massive crypto heist shares connections with a $70M hack on Phemex earlier this year 💰🔗.
🎭 Who is Park Jin Hyok?
Park is a state-sponsored hacker 🇰🇵, known for orchestrating some of the most sophisticated cyberattacks in history, including the WannaCry ransomware 💾, the Sony Pictures hack 🎬, and the infamous $600M Ronin Bridge exploit 🔥. His involvement in Lazarus Group has made him a key figure in North Korea’s cyber warfare strategy 🕹️.
💥 How Did the Bybit Hack Happen?
Hackers infiltrated Bybit’s security systems 🏦, draining $1.5 billion worth of digital assets 💸. Traces of their movements were found leading to wallets associated with Lazarus Group, confirming their involvement. Blockchain sleuths 🧩 like ZachXBT and Arkham Intelligence followed the stolen funds, noticing familiar laundering patterns seen in previous Lazarus-led hacks 🚨.
🔗 Link to the $70M Phemex Hack
Earlier this year, Phemex suffered a $70 million exploit ⚠️, and now, investigators believe it was a test run for the larger Bybit attack 📊. The modus operandi—phishing scams 🎣, security breaches, and rapid fund transfers—bears striking similarities 🏴☠️.
🚀 What’s Next?
With the Lazarus Group’s continued attacks on the crypto industry, exchanges are reinforcing their security walls 🛡️. Authorities are tracking stolen assets through blockchain analytics 🔍, hoping to freeze the funds before they vanish into the dark web 🌑.
Stay vigilant, crypto traders! The world of DeFi and CeFi is still a battlefield ⚔️, and cyber threats are evolving faster than ever.
#Hack #LitecoinETF
$ETH
🚨 The Most Dangerous Hacker You've Never Heard Of: Park Jin Hyok 🚨
A silent mastermind lurking in the shadows, Park Jin Hyok has left a trail of destruction across the digital world. A core member of North Korea’s Lazarus Group, his cyber heists have reshaped financial security forever.
🎭 Sony Pictures Hack (2014) – A brutal breach that exposed secrets and sent shockwaves through Hollywood.
💰 Bangladesh Central Bank (2016) – $81 million vanished in an instant, stolen through a sophisticated SWIFT attack.
🦠 WannaCry Ransomware (2017) – Chaos unleashed worldwide, hospitals and businesses crippled, over $140K in ransom collected.
💸 Bybit Hack (2025) – A jaw-dropping $1.46 billion drained from the exchange, setting a new record in crypto crime.
Every move is precise. Every attack is devastating. The world’s financial systems tremble at the mere mention of his name. And yet, he remains a ghost—unseen, untouchable.
#BybitSecurityBreach #Hack #BinanceAlphaAlert #Vote-PIOnBinanceYesOrNo $BNB $ETH $BTC
A silent mastermind lurking in the shadows, Park Jin Hyok has left a trail of destruction across the digital world. A core member of North Korea’s Lazarus Group, his cyber heists have reshaped financial security forever.
🎭 Sony Pictures Hack (2014) – A brutal breach that exposed secrets and sent shockwaves through Hollywood.
💰 Bangladesh Central Bank (2016) – $81 million vanished in an instant, stolen through a sophisticated SWIFT attack.
🦠 WannaCry Ransomware (2017) – Chaos unleashed worldwide, hospitals and businesses crippled, over $140K in ransom collected.
💸 Bybit Hack (2025) – A jaw-dropping $1.46 billion drained from the exchange, setting a new record in crypto crime.
Every move is precise. Every attack is devastating. The world’s financial systems tremble at the mere mention of his name. And yet, he remains a ghost—unseen, untouchable.
#BybitSecurityBreach #Hack #BinanceAlphaAlert #Vote-PIOnBinanceYesOrNo $BNB $ETH $BTC
Connectez-vous pour découvrir d’autres contenus