✍️We have released an in-depth technical analysis report on the #TrapDoor# cross-ecosystem supply chain credential theft campaign. TrapDoor was first disclosed by the @SocketSecurity on May 24. Subsequently, we conducted continuous threat hunting through our MistEye threat intelligence system and issued an early warning. The campaign spans npm, PyPI, and involving 34+ malicious packages and 384+ versions targeting developers in crypto, #DeFi#, #Solana#, #Sui#/Move, and #AI#. 🔍In this report, we selected three representative samples for detailed analysis: 🔹PyPI: git-config-sync (disguised as a Git configuration synchronization tool) 🔹npm: token-usage-tracker (disguised as a token usage tracking tool) 🔹 sui-framework-helpers (disguised as a Sui Move development helper library) For each sample, we fully reconstructed the attack chain — from the entry-point trigger mechanisms (postinstall / / sensitive data collection scope, encryption and encoding methods, to the exfiltration channels and remote control infrastructure ( GitHub Gists, Special thanks to @SocketSecurity for their outstanding initial research and disclosure of the TrapDoor campaign. Salute! 👏 📖 Full technical analysis :

🚨SlowMist TI Alert🚨 💸 Loss: 62.5 BNB & 1,195,918.92 JOE 🔍 Root Cause: Single-function reentrancy in `_removeLiquidityViaContract` – BNB sent via low-level `call` before updating `lpInfo[user].lpAmount`, allowing recursive calls. 📌 Attacker EOA: 0xaa761779945dcc5f26064fc6dcb36ffab6ac7610 📌 Attacker Contract: 0x31f81fcd91025728f24bd6f0e4efb156e345a4cf 📌 Vulnerable Proxy: 0xef0f12d08d66e76e1866e60f30a0daa578e00c04 📌 Vulnerable Implementation: 0xb12ce0a21f67a9fc3c8ad1c7dbc4b017b7e67319 Attackers exploited the delayed state write to repeatedly withdraw liquidity, netting 62.5 BNB and ~1.196M JOE via 25 reentrancy loops. Powered by #SlowMist#.AI

🥳We are thrilled to announce our ecosystem partnership with @www_back_im! SlowMist Zone brings together top industry security expertise. By partnering with @www_back_im, we aim to deliver more comprehensive crypto asset security solutions and build a safer blockchain ecosystem together. 💪

Anyone know if Circle/USDC provide similar services like Tether's recovery ( I wrongly sent some USDC to a self-deployed contract but it seems I cannot withdraw from it. 🥲 @circle

🚨 MistEye Security Gate Officially Released｜Building Frontline Security Detection for AI Agents SlowMist has officially released MistEye Security Gate, a pre-execution security gateway Skill that provides security detection capabilities for dependency installation and domain access for mainstream #AI# coding agents such as @claudeai , @cursor_ai , and @OpenAI GPT. 👉 MistEye Security Gate enables: 🔹 Supply chain package risk detection (npm/pypi/go etc.) 🔹 Real-time scanning of domains/URLs/IPs/emails 🔹 File hash & malicious Skill/MCP identification 🔹 Hard blocking mechanism + daily automated inspections Core Scenarios Covered: - Dependency installation checks (requirements.txt, package.json, etc.) - External link / domain threat validation - Continuous security inspection of installed Skills How to Deploy: 1️⃣ GitHub Repo: 2️⃣ Get free API Key: 3️⃣ Set MISTEYE_API_KEY (env var preferred, or config file with 600 permission) 🛡️ Why It Matters: It cuts off #AIAgent# supply chain and external interaction risks at the source, strengthening the frontline defense. Ready to make your AI Agents run more securely? Welcome to integrate MistEye Security Gate! 🔗 Full article:

🚀SlowMist RWA Smart Contract Security Audit Service Officially Launched！ RWA (Real World Assets) has become a major frontier where #Web3# meets traditional finance. Unlike traditional DeFi projects, #RWA# security involves far greater complexity — including ownership verification, compliance governance, and on-chain/off-chain consistency. Drawing on years of blockchain security expertise, SlowMist has officially launched a specialized RWA smart contract audit service, delivering comprehensive protection across compliance, permission systems, and on/off-chain consistency. Read full announcement👇 RWA project teams and institutions are welcome to contact us for collaboration! 🤗 📮team@slowmist.com

🚨SlowMist TI Alert🚨 💸 Loss: ~1,291.16 ETH + ~1,268,771 USDC + ~206,282 USDT + ~16.94 WBTC @trustedvolumes 🔍 Root Cause: In fillOrder function (selector 0x4112e1c2) of RFQ Implementation, signature validation checks _allowedSigners[msg.sender][signer] using caller (taker) instead of order's maker as key, allowing registration via registerAllowedOrderSigner for attack contract and execution of forged orders for any maker. 📌 Attacker EOA: 0xc3ebddea4f69df717a8f5c89e7cf20c1c0389100 📌 Victim Contract: 0x9ba0cf1588e1dfa905ec948f7fe5104dd40eda31 📌 Vulnerable Contract: 0x88eb28009351fb414a5746f5d8ca91cdc02760d8 Attacker drained assets from custodial contract with unlimited approvals via 4 forged RFQ orders.