SlowMist
@SlowMist_Team
SlowMist is a Blockchain security firm established in 2018, providing services such as security audits, security consultants, red teaming, and more.
406 Following 88.6K Followers
🚨 SlowMist TI Alert 🚨
MistEye has detected an active npm supply-chain attack compromising @redhat-cloud-services packages. Reported impact includes 31+ affected packages, about 116,282 weekly downloads, and 300+ GitHub repositories containing stolen credentials. The attack techniques show strong similarities to the previous Shai-Hulud npm campaign, including credential harvesting, malicious repository creation, and automated secret exfiltration. Public GitHub searches for the “Miasma: The Spreading Blight” marker, sorted by recent updates, still show newly appearing suspicious repositories, indicating that users are still being compromised.
Potential attacker actions include GitHub/npm token theft, AWS/GCP/Azure credential theft, SSH key and Kubernetes secret collection, local environment and wallet data exfiltration, malicious GitHub repository creation, persistence, and destructive behavior if stolen tokens are revoked.
Immediately remove or downgrade affected @redhat-cloud-services package versions, audit CI/CD workflows and dependency installs, rotate GitHub, npm, cloud, SSH, and wallet-related secrets, preserve logs, and rebuild exposed developer machines or runners from clean images.
As always, stay vigilant!
Live hunt:
Show more
✍️We have released an in-depth technical analysis report on the #TrapDoor# cross-ecosystem supply chain credential theft campaign.
TrapDoor was first disclosed by the @SocketSecurity on May 24. Subsequently, we conducted continuous threat hunting through our MistEye threat intelligence system and issued an early warning.
The campaign spans npm, PyPI, and involving 34+ malicious packages and 384+ versions targeting developers in crypto, #DeFi#, #Solana#, #Sui#/Move, and #AI#.
🔍In this report, we selected three representative samples for detailed analysis:
🔹PyPI: git-config-sync (disguised as a Git configuration synchronization tool)
🔹npm: token-usage-tracker (disguised as a token usage tracking tool)
🔹 sui-framework-helpers (disguised as a Sui Move development helper library)
For each sample, we fully reconstructed the attack chain — from the entry-point trigger mechanisms (postinstall / / sensitive data collection scope, encryption and encoding methods, to the exfiltration channels and remote control infrastructure ( GitHub Gists,
Special thanks to @SocketSecurity for their outstanding initial research and disclosure of the TrapDoor campaign. Salute! 👏
📖 Full technical analysis :
Show more
🚨 SlowMist TI Alert 🚨
MistEye has detected a cross-registry supply chain attack targeting developers through malicious packages published to npm, PyPI, and The campaign includes 34+ malicious packages and 384+ related versions. Targeted communities include crypto, DeFi, Solana, Sui/Move, and AI developers.
Potential attacker actions include theft of crypto wallets, SSH keys, cloud credentials, GitHub/AWS tokens, browser data, environment variables, and developer secrets. Some payloads also attempt persistence through .cursorrules, CLAUDE.md, Git hooks, shell hooks, cron, systemd, and SSH.
Remove affected packages immediately. Isolate impacted systems, preserve logs, rotate exposed credentials, rebuild CI runners and developer machines from clean images, and review GitHub, cloud, SSH, and wallet activity.
As always, stay vigilant!
Show more
🚨SlowMist TI Alert🚨
💸 Loss: 62.5 BNB & 1,195,918.92 JOE
🔍 Root Cause: Single-function reentrancy in `_removeLiquidityViaContract` – BNB sent via low-level `call` before updating `lpInfo[user].lpAmount`, allowing recursive calls.
📌 Attacker EOA: 0xaa761779945dcc5f26064fc6dcb36ffab6ac7610
📌 Attacker Contract: 0x31f81fcd91025728f24bd6f0e4efb156e345a4cf
📌 Vulnerable Proxy: 0xef0f12d08d66e76e1866e60f30a0daa578e00c04
📌 Vulnerable Implementation: 0xb12ce0a21f67a9fc3c8ad1c7dbc4b017b7e67319
Attackers exploited the delayed state write to repeatedly withdraw liquidity, netting 62.5 BNB and ~1.196M JOE via 25 reentrancy loops.
Powered by #SlowMist#.AI
Show more
🚨SlowMist TI Alert🚨
💸 Loss: 8,080.16 USDT + 11,702.08 USDC
🔍 Root Cause: `WUSD._deglove()` uses `GLOVE.creditlessOf(msg.sender)` as the unlock base without verifying the source or epoch of creditless GLOVE. In addition, WUSD’s epoch/vesting logic was driven by cumulative wrap volume, which could be flash-loan amplified and advanced 100+ epochs inside one tx. This converted creditless GLOVE into transferable GLOVE atomically.
📌 Attacker: 0x88329a09428778f62bc0c8baac0997864e5a57f8
📌 Victim: Uniswap V3 liquidity pools (GLO/USDT: 0xa2bd1a142ff49131b8cc70a332bda0125018c324, GLO/USDC: 0xb89f65d6c7d33a35da7c01934e310a6f40e18a1f)
📌 Vulnerable Contract: WUSD (0x068e3563b1c19590f822c0e13445c4fa1b9eefa5)
Attacker exploited a credit accounting flaw in WUSD/GLOVE to mint and unlock transferable GLOVE, then drained USDT/USDC from Uniswap V3 pools.
Powered by #SlowMist#.AI
Show more
🚨 SlowMist TI Alert 🚨
MistEye has detected a cross-registry supply chain attack targeting developers through malicious packages published to npm, PyPI, and The campaign includes 34+ malicious packages and 384+ related versions. Targeted communities include crypto, DeFi, Solana, Sui/Move, and AI developers.
Potential attacker actions include theft of crypto wallets, SSH keys, cloud credentials, GitHub/AWS tokens, browser data, environment variables, and developer secrets. Some payloads also attempt persistence through .cursorrules, CLAUDE.md, Git hooks, shell hooks, cron, systemd, and SSH.
Remove affected packages immediately. Isolate impacted systems, preserve logs, rotate exposed credentials, rebuild CI runners and developer machines from clean images, and review GitHub, cloud, SSH, and wallet activity.
As always, stay vigilant!
Show more
🥳We are thrilled to announce our ecosystem partnership with @www_back_im!
SlowMist Zone brings together top industry security expertise. By partnering with @www_back_im, we aim to deliver more comprehensive crypto asset security solutions and build a safer blockchain ecosystem together. 💪
Show more
🎉 正式宣布!imBack 已成为 @SlowMist_Team 慢雾区生态合作伙伴!
慢雾(
imBack(
感谢慢雾安全团队的认可与支持!
#SlowMist# #区块链安全# #CryptoRecovery# #imBack#
Show more
We combed through the full attack chain behind the Shai-Hulud / Mini Shai-Hulud supply chain attacks since May 2026.
From the collapse of TanStack’s CI/CD trust boundary, to the malicious Nx Console VS Code extension, and later the @antv, PyPI durabletask, and GitHub internal private repository breach incidents, the attackers completed coordinated lateral expansion across npm, PyPI, IDE extensions, and cloud environments within roughly a week.
⚠️This was not a series of isolated incidents, but a mature attack pipeline built around “trusted release channels → credential harvesting → lateral propagation.”
Read the full analysis and incident breakdown 🔎
Show more
We’ve released a detailed technical analysis of the supply chain poisoning activities related to Mini Shai-Hulud.
Within just 22 minutes, the attacker-controlled npm account “atool” published 637 malicious versions across 317 npm packages, including popular dependencies in the AntV ecosystem and echarts-for-react. At the same time, the attackers also poisoned Python packages such as durabletask while impersonating official Microsoft releases.
The malware primarily targets sensitive credentials from cloud environments including AWS, GCP, Azure, Kubernetes, and Vault, as well as npm and GitHub tokens. It also features supply chain self-propagation and persistence mechanisms targeting AI coding assistants such as Claude Code and Codex.
Full technical analysis👇
Show more
🚨 MistEye TI Alert 🚨
Based on recent intelligence, multiple high-frequency npm packages, including AntV and Echarts-for-react, as well as the durabletask Python SDK, have been compromised by Mini Shai-Hulud supply chain attacks. Notably:
1. May 19, 2026: The npm account atool (i@hust.cc) was compromised, allowing attackers to automatically publish 637 malicious versions across 317 packages within 22 minutes.
2. May 20, 2026 (Beijing Time): Within 35 minutes, attackers consecutively uploaded durabletask versions 1.4.1, 1.4.2, and 1.4.3 at 00:19, 00:49, and 00:54, bypassing normal release controls and impersonating official Microsoft releases.
Additionally, these two events—the large-scale GitHub token leaks (potentially exposing official repositories) and the Grafana Labs targeted ransom attack—are likely related to the Mini Shai-Hulud supply chain compromise:
• GitHub token leaks: Evidence suggests some leaked tokens may have been used to access and potentially sell official GitHub repositories. The leaks were caused by a compromised employee device, which involved a polluted VS Code extension.
• Grafana Labs attack (May 16, 2026): A cybercrime group gained unauthorized access to their GitHub repositories, downloaded the codebase, and issued a ransom demand under threat of data disclosure.
Affected Components / Targets:
• npm packages: AntV, Echarts-for-react, and other high-frequency components in the npm ecosystem.
• Python packages: durabletask 1.4.1, 1.4.2, 1.4.3.
• Developer credentials and secrets: GitHub PATs, npm Tokens, AWS Keys, Kubernetes Secrets, Vault Tokens, SSH keys, and over 90 types of local sensitive files.
• GitHub repositories: internal codebases potentially accessible via leaked tokens.
• Grafana Labs’ repositories (downloaded by attackers; ransom demanded).
Potential Attacker Actions:
• Immediate exfiltration of cloud and local credentials upon package installation or import.
• Unauthorized access to internal repositories and sensitive cloud infrastructure.
• Lateral movement across developer machines, CI/CD pipelines, and cloud workloads.
• Sale and exploitation of leaked GitHub tokens.
• Supply chain compromise affecting dependent projects and production systems.
• Ransom demands and potential data disclosure threats against organizations, including open source platforms.
Detection Methods:
• Audit npm and PyPI dependencies for affected packages:
• npm: npm ls --all
• Python: pip list --outdated or pip show durabletask to confirm versions.
• Inspect lockfiles (package-lock.json, yarn.lock, pnpm-lock.yaml, requirements.txt, pipfile.lock) for malicious versions.
• Review CI/CD pipelines and deployment logs for installation of compromised packages.
• Monitor GitHub and cloud activity for unusual authentication events, including signs of leaked token usage.
Mitigation Measures:
• Immediately rotate all exposed GitHub, npm, PyPI, and cloud credentials.
• Replace affected npm/PyPI packages with verified safe versions or freeze dependency versions.
• Isolate potentially compromised systems and audit for credential theft or lateral movement.
• Apply security patches and review post-compromise artifacts in CI/CD pipelines.
Additional Recommendations:
• Enable real-time monitoring and alerting for suspicious token or key usage.
• Implement stricter dependency review policies and supply chain risk checks.
• Educate teams to verify package authenticity before installation.
• Monitor dark web or underground marketplaces for leaked credentials related to your organization.
SlowMist will continue to track and monitor developments related to this incident, including potential new malicious releases or related exploits.
MistEye has already pushed relevant threat intelligence to clients to help them proactively assess and mitigate risks.
Show more
🚨 MistEye TI Alert 🚨
Based on recent intelligence, multiple high-frequency npm packages, including AntV and Echarts-for-react, as well as the durabletask Python SDK, have been compromised by Mini Shai-Hulud supply chain attacks. Notably:
1. May 19, 2026: The npm account atool (i@hust.cc) was compromised, allowing attackers to automatically publish 637 malicious versions across 317 packages within 22 minutes.
2. May 20, 2026 (Beijing Time): Within 35 minutes, attackers consecutively uploaded durabletask versions 1.4.1, 1.4.2, and 1.4.3 at 00:19, 00:49, and 00:54, bypassing normal release controls and impersonating official Microsoft releases.
Additionally, these two events—the large-scale GitHub token leaks (potentially exposing official repositories) and the Grafana Labs targeted ransom attack—are likely related to the Mini Shai-Hulud supply chain compromise:
• GitHub token leaks: Evidence suggests some leaked tokens may have been used to access and potentially sell official GitHub repositories. The leaks were caused by a compromised employee device, which involved a polluted VS Code extension.
• Grafana Labs attack (May 16, 2026): A cybercrime group gained unauthorized access to their GitHub repositories, downloaded the codebase, and issued a ransom demand under threat of data disclosure.
Affected Components / Targets:
• npm packages: AntV, Echarts-for-react, and other high-frequency components in the npm ecosystem.
• Python packages: durabletask 1.4.1, 1.4.2, 1.4.3.
• Developer credentials and secrets: GitHub PATs, npm Tokens, AWS Keys, Kubernetes Secrets, Vault Tokens, SSH keys, and over 90 types of local sensitive files.
• GitHub repositories: internal codebases potentially accessible via leaked tokens.
• Grafana Labs’ repositories (downloaded by attackers; ransom demanded).
Potential Attacker Actions:
• Immediate exfiltration of cloud and local credentials upon package installation or import.
• Unauthorized access to internal repositories and sensitive cloud infrastructure.
• Lateral movement across developer machines, CI/CD pipelines, and cloud workloads.
• Sale and exploitation of leaked GitHub tokens.
• Supply chain compromise affecting dependent projects and production systems.
• Ransom demands and potential data disclosure threats against organizations, including open source platforms.
Detection Methods:
• Audit npm and PyPI dependencies for affected packages:
• npm: npm ls --all
• Python: pip list --outdated or pip show durabletask to confirm versions.
• Inspect lockfiles (package-lock.json, yarn.lock, pnpm-lock.yaml, requirements.txt, pipfile.lock) for malicious versions.
• Review CI/CD pipelines and deployment logs for installation of compromised packages.
• Monitor GitHub and cloud activity for unusual authentication events, including signs of leaked token usage.
Mitigation Measures:
• Immediately rotate all exposed GitHub, npm, PyPI, and cloud credentials.
• Replace affected npm/PyPI packages with verified safe versions or freeze dependency versions.
• Isolate potentially compromised systems and audit for credential theft or lateral movement.
• Apply security patches and review post-compromise artifacts in CI/CD pipelines.
Additional Recommendations:
• Enable real-time monitoring and alerting for suspicious token or key usage.
• Implement stricter dependency review policies and supply chain risk checks.
• Educate teams to verify package authenticity before installation.
• Monitor dark web or underground marketplaces for leaked credentials related to your organization.
SlowMist will continue to track and monitor developments related to this incident, including potential new malicious releases or related exploits.
MistEye has already pushed relevant threat intelligence to clients to help them proactively assess and mitigate risks.
Show more
🚨 SlowMist TI Alert 🚨
The Shai-Hulud malware has resurfaced via the npm account atool(i@hust.cc), with over 600 malicious versions published. Notably, high-download packages such as size-sensor@1.1.4 (4.2M dl/mo), echarts-for-react@3.1.7 (3.8M dl/mo), and @antv/scale@0.6.2 (2.2M dl/mo) are at elevated risk.
The attack carries risks:
1. AI agent hijacking: Claude Code, Codex, and VS Code tasks can trigger a Bun bootstrapper that re-executes the malicious payload.
2. Credential harvesting: The malware collects credentials from cloud services, GitHub, npm, local environments, and CI/CD pipelines.
Using ^ to specify version ranges may cause npm to automatically install versions that have been compromised or contain security risks.
Detection & Mitigation Measures:
• Audit dependencies for any package published by atool (i@hust.cc) and check for suspicious preinstall scripts
• Remove compromised packages and rotate all exposed credentials
• Inspect CI/CD pipelines and local Node.js projects for malicious hooks or workflows
• Revert to safe package versions or known-good dependencies
⚠️ Critical Action:
Treat any system with affected packages as potentially compromised. Apply mitigation steps immediately.
Show more
We recently issued an alert regarding the active supply chain attack targeting the foundational Node.js library node-ipc (malicious versions: 9.1.6, 9.2.3, 12.0.1).
✍️We have now published a detailed technical analysis covering the attack background, payload deobfuscation, credential stealing & DNS tunneling exfiltration, trigger mechanisms, and remediation recommendations.
📖 Full Analysis:
Show more
🚨 SlowMist TI Alert 🚨
MistEye has received critical threat intelligence regarding an active supply chain attack compromising node-ipc, a foundational Node.js library. The malicious releases have been identified as versions 9.1.6, 9.2.3, and 12.0.1.
Threat actors injected an obfuscated credential-stealing payload into the CommonJS bundle. Once loaded, it silently harvests over 90 categories of developer data—including AWS, Azure, GCP, SSH, K8s tokens, and Terraform states—and exfiltrates it to attacker-controlled infrastructure. We have synchronized this IOC with our clients immediately.
Detection & Remediation:
Please urgently audit your environments for exposure:
• Dependencies: Run npm ls node-ipc --all to identify direct or transitive inclusions.
• Lockfiles: Search package-lock.json, yarn.lock, or pnpm-lock.yaml for the affected version ranges.
• CI/CD: Review pipeline jobs executed after May 14, 2026, that may have pulled loose semver updates (~9.1.x, ^12, etc.).
⚠️ Critical Action: If a compromised version was installed, assume certain compromise. Do not wait for exfiltration confirmation. Downgrade to a known safe version immediately and aggressively rotate all credentials, tokens, and environment secrets present on the affected machine or CI runner.
As always, stay vigilant!
Show more
🚨Analysis of the Supply Chain Poisoning Attack on the Official Mistral AI SDK 🚨
SlowMist’s MistEye threat monitoring system has identified a malicious version of the official Mistral AI Python SDK: mistralai==2.4.6. Unlike typical typosquatting attacks, this was not a fake package. The malicious code was injected directly into the official SDK release pipeline.
🔍 Key Findings
• Malicious code hidden in the SDK import entry point • Silent download of a remote payload disguised as transformers.pyz
• Theft of cloud credentials, SSH keys, CI/CD tokens, password manager data, Kubernetes Secrets, and more
• 1/6 probability of triggering rm -rf /* on systems associated with Israel or Iran
• Strong attribution links to the previously disclosed Shai-Hulud supply chain attack framework through the same 4096-bit RSA public key
Our analysis reconstructs the full attack chain, persistence mechanisms, encrypted exfiltration workflow, and the correlation between the Python and TypeScript attack frameworks.
Full article👇
Show more
🚨 Exploit Analysis | ShapeShift FOX Colony Authorization Trust Chain Flaw
SlowMist analyzed the recent ShapeShift FOX Colony exploit on Arbitrum, where attackers abused a semantic conflict between meta-transactions and DSAuth self-call authorization to hijack the resolver and drain all ERC20 assets via malicious delegatecall.
🔍 Key Takeaways:
• Arbitrary self-call in executeMetaTransaction()
• DSAuth auto-trust for address(this)
• Resolver hijacking through meta-tx
• Full asset drain via delegatecall
🌟This incident shows how individually “reasonable” designs can combine into a complete privilege bypass chain.
Developers should strictly restrict sensitive selectors in meta-transaction systems and avoid unconditional self-call authorization patterns.
Full analysis👇
Show more
🚨 SlowMist TI Alert 🚨
MistEye has received critical threat intelligence regarding an active supply chain attack compromising node-ipc, a foundational Node.js library. The malicious releases have been identified as versions 9.1.6, 9.2.3, and 12.0.1.
Threat actors injected an obfuscated credential-stealing payload into the CommonJS bundle. Once loaded, it silently harvests over 90 categories of developer data—including AWS, Azure, GCP, SSH, K8s tokens, and Terraform states—and exfiltrates it to attacker-controlled infrastructure. We have synchronized this IOC with our clients immediately.
Detection & Remediation:
Please urgently audit your environments for exposure:
• Dependencies: Run npm ls node-ipc --all to identify direct or transitive inclusions.
• Lockfiles: Search package-lock.json, yarn.lock, or pnpm-lock.yaml for the affected version ranges.
• CI/CD: Review pipeline jobs executed after May 14, 2026, that may have pulled loose semver updates (~9.1.x, ^12, etc.).
⚠️ Critical Action: If a compromised version was installed, assume certain compromise. Do not wait for exfiltration confirmation. Downgrade to a known safe version immediately and aggressively rotate all credentials, tokens, and environment secrets present on the affected machine or CI runner.
As always, stay vigilant!
Show more
🚨SlowMist TI Alert🚨
💸 @Aurellion_Labs Loss: 455,003 USDC (~$455,003)
🔍 Root Cause: Unprotected initialize(address varg0) in SafeOwnable Facet. Diamond set owner via non-initialize path without updating _initialized version slot (bytes 0-7 of 0xf0c57e...) from 0, allowing re-init by attacker to overwrite owner, call diamondCut to inject malicious facet with pullERC20, and drain approved USDC.
📌 Victim Contract: 0x0adc63e71b035d5c7fdb1b4593999fa1f296f1b2
📌 Vulnerable Facet: 0x3ca79c1cf29b8d19f7c643bb6e6bc9c49762e70f
📌 Attacker EOA: 0x9f49591a3bf95b49cd8d9477b4481ce9da68d5ca
Attacker seized Diamond ownership and drained USDC from approved victims including 0x2e933518..., 0xa90714a1..., 0xeced2d37....
Powered by #SlowMist#.AI
Show more
🚨 MistEye TI Alert 🚨
MistEye has detected a highly sophisticated npm worm, "Mini Shai-Hulud," spreading through trusted developer projects like TanStack, UiPath, and DraftLab. The attackers hijacked GitHub credentials to publish malicious, yet seemingly legitimate, package updates.
The malware injects a heavily disguised hidden script (router_init.js) that runs silently in the background of CI/CD environments (like GitHub Actions). It is specifically designed to harvest highly sensitive data, including CI/CD secrets, cloud infrastructure keys, and cryptocurrency wallets. The stolen data is then stealthily smuggled out using GitHub's own infrastructure. We have synchronized these critical IOCs with our clients.
If your projects utilize the affected packages, immediate action is required: please audit your CI/CD pipelines for the presence of the router_init.js file, rotate all exposed GitHub, cloud, and crypto credentials, and closely monitor your development environments for any unauthorized background activity.
As always, stay vigilant!
Show more
🥳Excited to share that our Hong Kong Community Lead Tony Tan will be joining @0xCregis MicUp Vol 13 tomorrow!
📅 May 13 | 5:00 PM GMT+8 | Live X Space
Looking forward to an insightful discussion!
Show more
🎙️ Cregis MicUp Vol 13: When Agents Take the Wheel — What Does the New Era of Crypto Infrastructure Look Like?
🗓️ May 13, 2026 | 5:00 PM GMT+8 | Live X Space
🔗 Set your reminder:
AI Agents are rapidly moving from concept to execution.
Across crypto, finance, payments, and security, the industry is racing to integrate AI into workflows, operations, and infrastructure with the promise of greater efficiency, automation, and intelligence.
But what can Agents actually do today?
Where are the real limitations?
And what risks emerge when autonomous systems begin interacting with financial infrastructure at scale?
Join Cregis for a forward-looking discussion on how AI Agents are reshaping crypto infrastructure and what the next era of Web3 may look like.
🎤 Meet Our Expert Panel:
Tony Tan — HK Community Lead at @SlowMist_Team
Constance Zhou — Marketing Manager at @InterlaceMoney
@xsser_w — CEO at Tanwei Dujian Technology
Mike — Chief Researcher at @NeoSoulAI
🎙️ Moderated by Bovey
📋 What We’ll Explore:
🔸 Why Is Everyone Betting on AI?
Why is the industry moving so aggressively toward AI adoption? What real strategic value does AI bring to crypto infrastructure and financial systems?
🔸 What Can Agents Actually Do?
Beyond the hype, what are the real capability boundaries of AI Agents today across security, payments, operations, and research?
🔸 The Enterprise Reality — Risk, Cost & AI Deployment:
What challenges are companies underestimating when integrating AI? From security and permissions to operational cost and team readiness, what lessons have emerged in practice?
🔸 Living Alongside AI — Opportunities, Risks & the Future:
If AI becomes deeply embedded into finance, payments, and everyday decision-making over the next decade, what could that world realistically look like for ordinary people?
Why This Matters:
AI is no longer just a tool — it is becoming part of the infrastructure layer itself.
As autonomous systems gain more responsibility across crypto and finance, understanding both their potential and their risks becomes critical for builders, enterprises, and users alike.
This session brings together voices from security, payments, AI research, and infrastructure to explore what happens when Agents begin taking the wheel.
📌 Join us 5 minutes early to secure your spot!
#AI# #AIAgents# #CryptoInfrastructure# #DigitalAssets# #CyberSecurity# #Payments# #CregisMicUp#
Show more
🚨 MistEye Security Gate Officially Released|Building Frontline Security Detection for AI Agents
SlowMist has officially released MistEye Security Gate, a pre-execution security gateway Skill that provides security detection capabilities for dependency installation and domain access for mainstream #AI# coding agents such as @claudeai , @cursor_ai , and @OpenAI GPT.
👉
MistEye Security Gate enables:
🔹 Supply chain package risk detection (npm/pypi/go etc.)
🔹 Real-time scanning of domains/URLs/IPs/emails
🔹 File hash & malicious Skill/MCP identification
🔹 Hard blocking mechanism + daily automated inspections
Core Scenarios Covered:
- Dependency installation checks (requirements.txt, package.json, etc.)
- External link / domain threat validation
- Continuous security inspection of installed Skills
How to Deploy:
1️⃣ GitHub Repo:
2️⃣ Get free API Key:
3️⃣ Set MISTEYE_API_KEY (env var preferred, or config file with 600 permission)
🛡️ Why It Matters: It cuts off #AIAgent# supply chain and external interaction risks at the source, strengthening the frontline defense.
Ready to make your AI Agents run more securely? Welcome to integrate MistEye Security Gate!
🔗 Full article:
Show more
🚨SlowMist TI Alert🚨
💸 Loss: 140,180 USDT (140,180,175,562 tokens)
🔍 Root Cause: Missing access control in addUsers (0x4777ff62) function of PayrollDistribution. Anyone can register users for existing drop and set arbitrary totalAmount.
📌 Attacker: 0x90b147592191388e955401af43842e19faa87ee2
📌 Victim: 0xa184af4b1c01815a4b57422a3419e4fb78a96ee4
📌 Vulnerable Contract: 0xef2c77f3b9b8aaa067239bc6b4588bae26433494
Attacker registered exploit contract via addUsers in constructor, flash loaned USDT deposit, claimed oversized payroll from drop #3#.
Powered by #SlowMist#.AI
Show more
🚨 Threat Intelligence | Analysis of a Fake TronLink Chrome Extension Phishing Campaign 🚨
SlowMist’s MistEye threat monitoring system recently detected a high-risk phishing campaign targeting #TRON# wallet users. Attackers created a fake Chrome MV3 extension impersonating @TronLinkWallet, using Unicode bidirectional control characters and Cyrillic homoglyphs to spoof the brand name. Once installed, it loads a full phishing page via remote iframe — forming a “shell-core separation” credential theft chain.
🔍 Key Findings:
🔹 The extension name uses homoglyphs for disguise. Its Chrome Web Store page inherits the real extension’s high user count and positive reviews, significantly lowering review barriers.
🔹 Local code is extremely minimal — it only loads a remote page, making static analysis almost useless for detecting malice.
🔹 The remote phishing page perfectly replicates the official TronLink Web wallet UI, stealing mnemonic phrases, private keys, Keystore files, and passwords, then exfiltrating them in real time via Telegram Bot.
🔹 Built-in anti-analysis features (disables right-click, DevTools, drag-and-drop, printing) and geo/language-based redirection for Russian users to evade detection.
⚠️ This is not a simple fake extension — it employs advanced techniques like remote dynamic loading and anti-forensics, making it extremely difficult for traditional static scanners to catch.
🛡️ Immediate Actions :
• Uninstall any suspicious extension (Malicious ID: ekjidonhjmneoompmjbjofpjmhklpjdd)
• Official TronLink extension ID: ibnejdfjmmkpcnlpebklmnkoeoihofec
• Clear localStorage and check for abnormal traffic
• If credentials were entered, create a new wallet immediately and transfer assets
📖 Full technical analysis + IOCs + self-check guide here 👇
Show more
