evilcos

Some recent soul-searching questions about security, I definitely have answers to all of them, and I've provided the answers as well. But I really don't like nonsense; the comments section of the questions is quite interesting. If you really want to improve your understanding in this area, you can refer to and ponder over it more...

Believe in yourself, if you can make so much from trading coins, security is definitely not a problem! 😊

Is there still anyone who would obediently back up plaintext mnemonics directly in a password manager?

Is there still anyone who takes screenshots of their mnemonic phrases and directly puts them in albums for backup?

An engineer with a monthly salary of $5K manages $10M in assets, and you trust him because he doesn't dare to misuse it, or because he can't misuse it?

If your ladder program has no tricks, but the proxy line you configured is malicious, can it directly perform a man-in-the-middle attack on your Google/X/Binance/OKX? If you were a hacker (the one controlling this proxy line), what would you do?

Looking back, this week, in the incidents of theft where individual players in the cryptocurrency circle sought our help, there were two large amounts exceeding 1 million US dollars, one exceeding 2 million US dollars, and one exceeding 6.5 million US dollars.

I won't say much about the smaller amounts, it's exhausting.

Here’s a takeaway: Security risks are hidden devils lurking in blind spots; you can't see them, but they are definitely there. At some point, in some scenario, this devil will jump out.

No one can be immune, but anyone has the opportunity to greatly enhance their resilience/robustness/reliability…

Stepping into pitfalls is the best education, and I hope you only stepped into a small one.

After the Cetus theft incident was covered by the Sui Foundation, users can currently retrieve most of their funds. Slow Fog also received a personal reward of $20,000 from @JaceHoiX, thank you very much! 🫡

The investigation into the hacker is still ongoing, we will wait and see.

Holding Bitcoin, installing antivirus software, and using a password manager have one thing in common: they all seem simple at first glance, but putting them into practice steadily is still very difficult. Achieving unity of knowledge and action in the virtual world is one of the hardest things...

Stance influences or even determines individual emotions and judgments. For example, after an incident of theft or fraud occurs, our starting point is to help the victim minimize losses and recover damages in a timely manner. We may unite as many resources as possible to respond, even if this approach appears very centralized.

I respect those who defend the spirit of decentralization, provided that if this person is stolen from, they do not have the thought or action to use centralized power.

Evil doers break the rules first, and you still help them think? Do you have to confuse yourself and others with hypocrisy?

What is the correct approach? If you truly want to defend the spirit of decentralization in a system, you cannot just shout 'don't be evil,' but should design it so that it 'can't be evil.' If a security incident really occurs, no one should be able to use centralized power to intervene, or the cost of doing so should be prohibitively high. Therefore, even if there is a thought of using centralized power, it cannot be executed.

As I said, this is a dark forest; learn more about security knowledge to arm yourself, at least to raise the threshold for being hacked.

Exposing some fraudulent gangs of fake security companies:

@JascottRecovery @SHIELDHUNTER_PR @BCRescue_ @ben__ethh

These are criminal gangs that claim to help users solve security issues like wallet theft, only to cause further harm to the users...

However, this kind of exposure is just a temporary fix... I hope everyone stays safe from theft, and if you accidentally get stolen from, please remain calm and don’t easily trust anyone again.

A security suggestion: if your funds are stolen, it's best to make the wallet address public (if you're worried about privacy, you can appropriately obscure some characters in the middle), or at least learn from the player below, who disclosed the hacker's address.

Why is there this suggestion? It's because of another stolen user's case, which had law enforcement involvement. During the investigation, it was found that the hacker's address was linked to this player, and they almost continued the investigation... I ruled out this player's suspicion through various historical data; otherwise, it could have been troublesome.

Some hackers nowadays particularly like to frame others, and you will not only bear the pain of having your funds stolen, but you may also have to cooperate with subsequent law enforcement investigations... Being treated as a suspect is also not pleasant...

Another small group of mnemonics/private keys were leaked and stolen. The cause of the leak is unknown. The hacker address is:
0x9AB593baC174B4B792be8482b760Ce632d16392a

At present, the profit is not much. Nearly 200 wallet addresses were stolen. There are two victims seeking help. As shown in the picture, these ENS and Twitter users are stolen. It's a big holiday, everyone's safety first...

cc @MistTrack_io @SlowMist_Team

Web3/Crypto Security Framework, two diagrams that I started drawing in 2018, this is the latest version. If I were to expand on the content, it would probably be quite extensive. To what extent? Please compare with the ATT&CK framework (attack perspective)...

We @SlowMist_Team focus on overall security, not just daily phishing 😱

We @MistTrack_io are currently testing our own MCP online, and the experience is quite good, but there are some requirements:

1 You need to have a local client that supports MCP, such as Claude/Cursor. Reference: https://t.co/mIGFaQflg2
2 You need a MistTrack API Key, which requires payment: https://t.co/sEN6HkgYT4

Then, you can use natural language to request features from this AI client integrated with MistTrack MCP.

On-chain risk and tracking analysis will become much simpler. This is a small step for us and a big step for the future of Crypto security analysis. 😃

Open source address: https://t.co/rJECN2R5th
https://t.co/IsCCKMNx8c address:

⚠️A screenshot sent by a player, but he trusted Chrome, clicked 'Yes, continue', and then entered a phishing site pretending to be @ChangeNOW_io (note the letter e in the screenshot; I've mentioned Punycode phishing methods in the black manual), and then lost over $20,000 in assets...

This is the pitfall of Chrome, the recommendation mechanism is not well done, and it recommended a phishing site to the user... The user was originally trying to access the real website...😭

Who translated Monero into Chinese?

🔥The use of EIP-7702 is active, these Delegated Addresses need to hold on, if your (phishing and other gangs are exceptions) smart contract code has issues, users will be in trouble...

Recently, fake Zoom meeting software poisoning attacks have had a certain impact on influential projects or individuals in the cryptocurrency space. There are a few details that are quite "intense" and need to be reminded again for everyone’s attention:

1/ The Zoom link looks like a real official domain on Telegram/X, but it is actually deceived and forged through a small trick. Once clicked, it will definitely not be an official domain (remember https://t.co/yC8gGpF4gJ and https://t.co/RxetCoPUh4). This point needs special attention.

2/ Those who lure you to download fake Zoom meeting software are often very articulate, making you feel it is unlikely to be fake. A key point about this type is that the participants you see later, their video display is actually forged using deepfake... Don’t doubt it, in the AI era, video and audio forgery can be very realistic...

3/ After controlling the target computer, various subsequent attacks will extend from there, not limited to the existing permissions and funds on the target computer. If it’s a technician's computer with relevant cloud platform permissions, the situation will be even worse...

If you encounter such threats and need help, you can contact us. This is just using Zoom as an example; other meeting software, with names that are all kinds of strange, just be more vigilant.

😵‍💫Every holiday brings out the tricksters... Yesterday was relatively calm, but today there have already been three theft incidents, two of which are related to scams in Telegram. Familiar accounts were hacked, and the scammers carefully set traps based on chat records and context. The voice messages sent were also simulated (some AI tools now conveniently simulate based on historical voice data)... One cannot rely on a single source; for anything involving funds, it is essential to establish another reliable verification mechanism...