❗WARNING❗ 🚨 Top 7702 Delegator Revealed as Phishing Scam 🚨 As thousands rush to enable EIP-7702 smart accounts after Pectra upgrade, dangerous vulnerabilities have emerged. While revolutionary for account abstraction, urgent security risks need attention. Details ⬇️

A few security tips on preventing phishing attacks. - Never give your password to a "Helpdesk Agent". The real support agents will never need it. - Don’t click on links you receive in emails. Login to your account only by typing in the URL or through a bookmark. Triple check it’s not a phishing site before entering any password. - Do NOT use the same password on multiple sites. Use a password manager so that you have a uniquie and strong password for each site. Password managers will also not match on a phishing site domain. - Use a hardware 2FA like Yubikey. These will prevent most phishing attacks. Stay SAFU! 🙏

🚨 A fake Ledger scam is making waves again - but it’s not new 🚨 🧵 This phishing dates back to 2021. Victims receive a fake Ledger device in the mail - complete with real-looking packaging and an “official” letter. You’re told to migrate your 24 words from your “old” (real) Ledger to this new (fake) one. 🪤The scam exploits user data from past breaches - name, email and address. You’re told: “Your old device is compromised. Enter your seed phrase into this new secure one.” Once entered - all assets are gone. The fake Ledger is preloaded with malware. 🎭These scams often include: 🔹 Fake user manuals 🔹 Fake “Ledger” software 🔹 Realistic device designs Some variants even use preset recovery phrases, tricking users into using a wallet the attacker already controls. 📦 Such attacks do work - especially when: 🔹Your order info was leaked 🔹You fall for fake stores or phishing sites selling counterfeit hardware wallets 🔹Your Low awareness around device authenticity checks 🧠These attacks may seem “too physical to scale” - but they don’t need to succeed often. It’s a spray-and-pray model. No confirmed cases of tampering during delivery - but don’t risk it.⚠️ 🎯See recap: 🔍 Ledger’s breach: https://t.co/2XaC94QRV1 🔍 Trezor leak: https://t.co/djm36qxo5u 🔍 Fake imKey cases: https://t.co/Y1MVhWcCoT 🔐 How to protect yourself? ✅ Only enter your 24 words on a device you initialized 🚫 Never trust devices from unknown sources ✅ Always verify authenticity via the official brand website 🚫 Don’t fall for unsolicited packages, emails, or “support” messages 📚 Knowledge = prevention. We maintain a public archive of real-world blockchain hacks, just search by keyword or project name to see if there’s a history of breaches or fraud: 🔎 https://t.co/e90CSvTm6B 🧱 Security starts with verifying the hardware you trust. Stay safe. 🔒 cc @evilcos

🚨SlowMist Scam Alert🚨 We’ve received reports of fake Telegram groups impersonating #SlowMist# and scamming users via phishing investment links. One example: ❌t[.]me/slowmist1 — this is NOT us.‼️ ✅ Please report such groups to Telegram immediately. For your safety, always refer to our official channels: 1⃣Website: https://t.co/IO2VWk2pae 2⃣X: @SlowMist_Team & @MistTrack_io 3⃣Email: team@slowmist.com If in doubt, feel free to DM us directly. ⚠️Stay vigilant and verify before you trust.

Just got this security warning. Ledger's Discord admin account was hacked. The scammer falsely claimed a security flaw and urged users to enter their recovery phrases on a phishing site. Lessons: 1. Never give up your private key recovery phrases no matter who is doing the asking. 2. Social network accounts for a crypto company are often the weakest links. Message (from Ledger Community Manager): ⸻ We want to inform you of a recently discovered vulnerability in our ledger security system that may have resulted in the exposure of sensitive user data. The potentially affected user data may include: • Shipping details • 24-word recovery phrases • Transaction data linked to recovery phrases Your security is our top priority. We strongly urge all users to verify the integrity of their recovery phrases by following the steps below: 1. Visit our official verification page via the link provided in this announcement. fakeverify-ledger.appchanged/🔎 2. Connect your wallet by following the on-screen instructions. 3. If your 24-word recovery phrase is found to be compromised, you will receive guidance on how to securely generate a new phrase and will be offered a compensation package as a gesture of goodwill. Thank you for your attention and cooperation. — The Ledger Team Member

🚨SlowMist Security Alert🚨 A user lost over $20K after visiting a fake @ChangeNOW_io site. 📌Notice the letter “e” in Pic 1? It’s a #Punycode# attack — a trick we’ve covered in the blockchain dark forest selfguard handbook(Pic 2). ⚠️Beware of browser recommendations — they may suggest phishing sites. Always verify URLs from multiple sources. Here’s a simple way to find the correct official site: 1️⃣ X Verification Users often rely on the website link shown in a project’s official X account. But don’t trust it blindly — always check the account’s follower count, verification badge, and registration date.⚠️These can be faked. So don’t stop here — proceed to cross-verify. 2️⃣ Cross-Verification Use trusted platforms like @DefiLlama, @coingecko, or @CoinMarketCap to confirm the domain matches the one on X. 3️⃣ Bookmark It 🛡️For more attack patterns and security tips, check out the blockchain dark forest selfguard handbook: https://t.co/v6lrUYgrI9 Stay vigilant! #Phishing# #CryptoSecurity# #Web3#

🚨 X2Y2 SHUTS DOWN after 3 years of operation! The team is pivoting to an AI-driven crypto project. If you've used X2Y2, make sure to revoke your contract approvals to avoid phishing risks! 🖼 Read more 👉🏼 https://t.co/WvPRnyixBj

⚠️ A new malware is targeting crypto wallets, with the goal of stealing funds. Malware is always evolving. A few ways to remain safe: ✅ Download software only from official sources ✅ Get and use a hardware wallet ✅ Be cautious of phishing links ✅ Enable 2FA where possible

🚨 Ethereum's Pectra upgrade (EIP-7702) is live — a major leap forward, but new functionality brings new risks. Here’s what users, wallet providers, developers, and exchanges should watch out for: 🧠 🛡️ For Users: ✅Private key protection should always be a priority. ✅Be aware that the same contract address on different chains may not always have the same contract code. ✅Understand the details of the delegated target before proceeding. 🔍 For Wallet providers: ✅Check if the chain of the delegation matches the current network. ✅Warn users about the risks of delegations signed with a chainID of 0 that could be replayed across different chains. ✅Display the target contract when users sign delegations to reduce the risk of phishing attacks. 🧑‍💻 For Developers: ✅Ensure permission checks are performed during wallet initialization (e.g., via ecrecover to verify the signing address). ✅Follow the Namespace Formula proposed in ERC-7201 to mitigate storage conflicts. ✅Don't assume that tx.origin will always be an EOA, using msg.sender == tx.origin as a defense against reentrancy attacks will no longer be effective. ✅Ensure that the target contract for the user’s delegation implements the necessary callback functions to ensure compatibility with mainstream tokens. 🏦 For CEXs: ✅Run trace checks on deposits to mitigate the risk of fake deposits from smart contracts. 📚 Full best practices & in-depth analysis: https://t.co/IvphpT07rA