慢雾 SlowMist

Overview
In April 2025, the total loss of Web3 security incidents was about 26.4 million US dollars. Among them, according to the SlowMist Blockchain Hacked Archive (https://hacked.slowmist.io), there were 18 hacking incidents, resulting in a loss of about 21.11 million US dollars, and 17.89 million US dollars were frozen or returned. The causes of the incidents involved contract loopholes, social engineering, internal evil and private key leakage. In addition, according to the Web3 anti-fraud platform Scam Sniffer, there were 7,565 victims of phishing incidents this month, with a loss of 5.29 million US dollars.
(https://dune.com/scam-sniffer/april-2025-scam-sniffer-scam-report)

Recently, the Model Context Protocol (MCP) has rapidly become the 'new infrastructure' of the AI ecosystem due to the promotion by organizations like Anthropic and the swift adoption by giants such as OpenAI, Microsoft, and Google. It achieves seamless connection between AI and local tools, databases, and APIs through standardized interfaces, greatly expanding the execution capabilities of agents, and is seen by the industry as the 'USB-C interface of AI'. In the Web3 industry, MCP-related applications have also begun to emerge. However, this protocol is currently in a 'chaotic' phase, facing multiple security risks and new attack surfaces, and can refer to SlowMist's recently released MCP attack surface and security checklist.

Currently, the MCP (Model Context Protocol) system is still in a relatively early stage of development, with a chaotic overall environment where various potential attack methods emerge endlessly. The current protocol and tool design make it difficult to defend. To help the community better understand and enhance the security of MCP, SlowMist has specially open-sourced the MasterMCP tool, hoping to help everyone identify security vulnerabilities in product design through actual attack drills, thereby gradually strengthening their MCP projects.
At the same time, this can be paired with the previous MCP security checklist to better understand the underlying perspectives of various attacks. This time, we will get hands-on practice together, demonstrating common attack methods under the MCP system, such as information poisoning, hiding malicious commands, and other real cases. All scripts used in the demonstrations will be open-sourced to GitHub (link at the end), allowing everyone to fully replicate the entire process in a safe environment, and even develop their own attack test plugins based on these scripts.

Recently, SlowMist, Amber Group, and RigSec were invited to conduct a special training on smart contract analysis and cryptocurrency tracking for the Cyber Security and Technology Crime Bureau (CSTCB) of the Hong Kong Police Force.
This training not only reflects the Hong Kong Police's open mindset and forward-looking layout in facing emerging technologies but also showcases their solid efforts and proactive actions in combating crimes related to virtual assets and protecting the legitimate rights and interests of the public. The Hong Kong Police Force is laying the groundwork for creating a safer virtual asset environment through continuous deepening of professional skills and actively introducing external practical experience.

Author: Lisa
Edited by: Sherry
Background
On-chain messages, as a special means of communication in the blockchain world, have been frequently used in various security incidents in recent years. For example, recently, SlowMist assisted KiloEx in engaging in multiple rounds of communication with attackers through on-chain messages, ultimately successfully facilitating the return of all stolen funds amounting to $8.44 million. In an anonymous environment, on-chain messages can serve as an effective tool for establishing preliminary dialogue, laying the foundation for subsequent fund recovery.
In our previous article (On-chain Messaging in the Theft Emergency Guide), we detailed the messaging method on Ethereum. The Bitcoin network also supports on-chain messaging, but the implementation methods are slightly different. The core tool for on-chain messaging in Bitcoin is the OP_RETURN instruction. It allows users to embed 80 bytes of custom data in the transaction, which will not be used by nodes for transaction validation and will not affect the status of UTXOs, purely for recording information, and will be fully recorded on the blockchain.

On April 15, 2025, the decentralized perpetual contract trading platform KiloEx suffered a hacker attack, resulting in a loss of approximately $8.44 million. After the incident, SlowMist immediately intervened to analyze the situation and issued a security alert. Fortunately, with the project team's proactive response and collaboration with SlowMist and others, all stolen assets were successfully recovered after 3.5 days, and the incident was resolved satisfactorily.
(https://x.com/SlowMist_Team/status/1911991384254402737)
Incident Review
Vulnerability Cause Analysis
According to KiloEx's analysis report, this attack originated from a flaw in the contract authorization verification mechanism. The TrustedForwarder contract inherited OpenZeppelin's MinimalForwarderUpgradeable contract, and the execute method was not overridden in TrustedForwarder, making it an accessible method without authorization.

Author: Liz & Reborn
Editor: Sherry
Background
In the previous issue of the Web3 Security Beginner's Guide, we analyzed the Pi Yao Pan scam; this issue will focus on clipboard security.
In many incidents of cryptocurrency theft, one of the most confusing points for victims is often: 'I never transmitted my private key online; how could it be stolen?' In fact, the leakage of private keys / mnemonic phrases does not necessarily occur through cloud or online transmission; it may also happen during what seems to be 'local, safe' operations. For example, have you ever filled in your private key / mnemonic phrase by copy-pasting? Have you ever saved it in a note or screenshot? These common operations are also the breakthrough points targeted by hackers.

Author: Liz & Reborn
Editor: Sherry
background
In the previous issue of the Web3 Security Beginner’s Guide to Avoiding Pitfalls, we analyzed the Pixiu Disk scam. This issue will focus on clipboard security.
In many cases of crypto asset theft, the most confusing thing for victims is often: "I didn't transmit my private key online at all, how could it be stolen?" In fact, the leakage of private keys/mnemonics does not necessarily happen through cloud or network uploads. It may also happen in your seemingly "local, safe" operations. For example, have you ever filled in your private key/mnemonics by copying and pasting? Have you ever saved it in a memo or screenshot? These common operations are also the breakthrough points targeted by hackers.

Background
This security checklist is written and maintained by @SlowMist_Team.
SlowMist Technology, as a global leader in blockchain ecosystem threat intelligence, aims to help the blockchain ecosystem integrate with AI ecosystems to enhance security protection capabilities and ensure higher user privacy.
Thanks to FENZ.AI for their strong support.
FENZ.AI is reshaping AI security audits with future technology. From MCP attack detection to AI loyalty assessment, FENZ is building the infrastructure for the AI era - 'Super Intelligence Begins with Super Security'.
Summary
With the rapid development of large models, various new AI tools are constantly emerging, currently represented by

The 2025 Hong Kong Web3 Carnival took place as scheduled, bringing together developers, investors, regulators, and technology pioneers from around the world to discuss cutting-edge topics such as blockchain, DeFi, crypto compliance, and the integration of AI and Web3. This carnival was inspired by the four seasons 'Spring, Summer, Autumn, Winter', where each stage cleverly integrated elements of traditional Chinese culture, symbolizing the resilience and cyclicality of the blockchain industry, while also showcasing the deep connection between the spirit of Web3 and Eastern philosophy, reflecting the beauty of the fusion of technology and humanity.
Hacking Time Review
On the afternoon of April 8, the 'Hacking Time: Web3 Security and Compliance' security-themed forum hosted by SlowMist was held at Venue 3, attracting a large audience interested in Web3 security and compliance topics.

As the 2025 Hong Kong Web3 Carnival (Web3 Festival 2025) approaches, the global blockchain industry's focus once again turns to this international metropolis. As a leading company focused on blockchain security, SlowMist will participate in and host a series of activities from April 2nd to April 9th, sharing our security research in several exciting events. We look forward to in-depth exchanges with global Web3 practitioners to jointly promote the security construction of the industry.
Hong Kong Web3 Carnival
The 2025 Hong Kong Web3 Carnival (https://www.web3festival.org/hongkong2025/) will be grandly held from April 6th to 9th. This event is co-hosted by Wanxiang Blockchain Laboratory and HashKey Group, with W3ME responsible for the execution. The four-day grand event is expected to attract global blockchain industry leaders, technical experts, and representatives from regulatory bodies to gather in Hong Kong and discuss new trends in the development of the Web3 ecosystem.

Authors: 23pds & Thinking
Edited by: Sherry
Background
Yesterday, while I was sorting materials related to the APT attack, Shange (@im23pds) suddenly excitedly came to my workstation: 'Thinking, I found an interesting project that CZ frequently uses, and we might be able to say hi to CZ at zero cost.' So we quickly drafted several potential vulnerability points:
Hijack CZ's account on ReachMe;
Change CZ's settings on ReachMe;

Send messages to CZ without spending money, bypassing the limitation of having to spend 1 BNB to message him.

About 10 minutes later, we discovered a vulnerability that allows low-cost messaging with any user on ReachMe.io, so we immediately contacted the project team and provided details for vulnerability verification. The project team also quickly fixed the vulnerability and contacted us for retesting. Kudos to the ReachMe team for their serious and rigorous approach to security issues!

Author: Kong
Editor: Sherry
Introduction
Ethereum is about to welcome the Pectra upgrade, which is undoubtedly a significant update, with many important Ethereum improvement proposals being introduced at this opportunity. Among them, EIP-7702 has made transformative changes to Ethereum external accounts (EOA). This proposal blurs the boundary between EOA and contract accounts (CA) and is a key step towards native account abstraction following EIP-4337, bringing a new interaction model to the Ethereum ecosystem.
Currently, Pectra has completed deployment on the test network and is expected to go live on the mainnet soon. This article will delve into the implementation mechanism of EIP-7702, exploring the potential opportunities and challenges it may bring, and providing practical operational guidelines for different participants.

We are pleased to announce that the SlowMist (Web3 Project Security Manual) (referred to as the "Red Manual") has officially launched the Japanese version. With the rapid development of the Web3 ecosystem, blockchain technology and cryptocurrency have been deeply integrated into the global financial system, and security issues have become the focus of industry attention. How to establish sound security rules and reduce potential risks has become a topic that Web3 project parties and developers need to solve urgently.
In order to help global Web3 developers improve their security capabilities systematically, we have previously launched the (Web3 Project Security Manual) to provide comprehensive security guidance for various projects in the Web3 ecosystem, and have released bilingual versions in Chinese and English. Today, we officially launched the Japanese version to facilitate more Japanese readers to read and learn and master the best practices of Web3 security. As one of the key markets for the development of Web3, Japan has many blockchain companies, developers and research institutions. This release will help the Japanese Web3 community more efficiently acquire professional security knowledge, improve security prevention capabilities, and promote the healthy and sustainable development of the local Web3 ecosystem.

Author: Xiao Bai
Editor: Liz
Background overview
In the Ethereum ecosystem, the deterministic generation mechanism of contract addresses provides convenience for developers, but it also introduces new attack surfaces. In this issue, we will analyze the attack techniques and defense strategies for deploying different contracts to the same address using the CREATE and CREATE2 opcodes at different times. Previous articles on smart contract security auditing can be found in the collection.
Prerequisite knowledge
First, let's understand the two rules for generating Ethereum addresses:
1. CREATE
CREATE is the native opcode for dynamically deploying smart contracts in the Ethereum Virtual Machine (EVM). Since the Ethereum genesis block, all contract deployments rely on this mechanism. Its core feature is that the address generation depends on the deployer's account nonce, making the address non-deterministic (impossible to predict accurately before deployment).

Author: Lyndon & Lisa
Editor: Liz
Background
On February 21, 2025, the cryptocurrency exchange Bybit suffered a massive hacking attack, with a total amount of stolen funds reaching $1.46 billion, becoming one of the most severe attacks on exchanges in history. According to on-chain analysis, the hackers' primary money laundering method was to exchange ETH for BTC through THORChain. It is rumored that within just a few days, the hackers' money laundering activities brought THORChain $2.91 billion in trading volume and $3 million in fee income. Ben Zhou, co-founder and CEO of Bybit, confirmed on March 4 that the hackers exchanged a total of 361,255 ETH (approximately $900 million) through THORChain, accounting for 72% of the stolen funds.

Yesterday, we officially launched the Call for Paper, inviting global security researchers, developers, and compliance experts to submit topics to jointly promote the development of Web3 security and compliance. The curtain has been raised for the 2025 Hong Kong Web3 Carnival. As an important event in the global Web3 field, it not only brings together top industry companies but also provides an important platform for in-depth exchanges on technological innovation and industry compliance.
This year, SlowMist, as a platinum sponsor and Side Event sponsor, will set up a booth and hold the Hacking Time themed forum, discussing key issues around Web3 security and compliance with industry peers to explore challenges and opportunities together. Next, this article will provide you with a detailed introduction to our main event arrangements.

The third Hong Kong Web3 Carnival, jointly hosted by Wanxiang Blockchain Lab and HashKey Group, will be grandly held in Hong Kong from April 6 to 9, 2025.
Since the successful hosting of the first Hong Kong Web3 Carnival in 2023, this grand event has become one of the largest and most influential industry events in the global Web3 field. The topics for the 2025 Hong Kong Web3 Carnival will comprehensively cover Web3 native applications and popular projects, and will conduct in-depth discussions over 4 days across 4 major venues, with the main venue focusing on core topics each day, while the other three venues will simultaneously present diverse theme forums.

Authors: Lisa & Yao
Editor: Liz
Recently, users reported that the well-known proxy switch plugin SwitchyOmega has a risk of stealing private keys.
Analysis reveals that this security issue is not the first occurrence; relevant security alerts have existed since last year. However, some users may not have noticed the warnings and are still using contaminated versions of the plugin, exposing themselves to serious risks such as private key leakage and account hijacking. This article will analyze the situation of the tampered plugin and explore how to prevent plugin tampering and respond to malicious plugins.
Event Review
The earliest disclosure of this incident stemmed from an attack investigation [1]. On December 24, 2024, a Cyberhaven employee fell victim to a phishing email attack, leading to their released browser plugin being injected with malicious code, attempting to steal users' browser cookies and passwords and upload them to the attacker's server. Cyberhaven invited Booz Allen Hamilton to conduct an independent investigation, which pointed out in their threat intelligence report [2] that more than 30 plugins in the Google Plugin Store have suffered the same attack, including Proxy SwitchOmega (V3).

Author: Lisa & Keywolf
Editor: Liz
On March 6, 2025, Tether froze $28 million worth of USDT related to the sanctioned Russian exchange Garantex, once again raising widespread concerns in the market about the risks of stablecoin freezing. This article will explore Garantex's sanction history, platform fund management strategies, and measures to respond to stablecoin freezing, discussing how to avoid on-chain compliance risks and ensure fund safety.
Sanction history
Garantex was established in late 2019 and was initially registered in Estonia, primarily providing fiat-to-crypto exchange services. Due to changes in the regulatory environment, its main business quickly shifted to Moscow, with operation points set up in the Federal Building and St. Petersburg, which are also gathering places for other sanctioned virtual currency exchanges (such as SUEX, CHATEX). Due to Garantex allowing anonymous transactions and having weaker compliance, it gradually became an important channel for hackers, ransomware groups, and illegal funds, ultimately leading to intense scrutiny by regulatory authorities.